Inside ICS-CERT's War Room

A tour of ICS-CERT facilities at Idaho National Labs. Meet the people who will get the call when the next Stuxnet worm strikes.

SLIDEFEATURED PRODUCTS
cert-war-room_1a-100343540-orig.jpg

The U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team operates a classified watch floor in this building in Iowa Falls, Iowa. DHS and Idaho National Labs opened their doors for a rare press event.

Quiz: Separate Cyber Security Fact From Fiction

cert-war-room_2-100343541-orig.jpg

With three signs on the door, ICS-CERT makes it really clear that you can't bring a cell phone into its classified watch floor. They made an exception and allowed photographers there Thursday, but still no cell phones...or Blackberries.

cert-war-room_3-100343542-orig.jpg

Greg Schaffer, Acting Deputy Under Secretary, DHS National Protection and Programs Directorate talks at the ICS-CERT Watch floor. This is one of two ops centers that handle security response for industrial control systems. The second is at the National Cybersecurity and Communications Integration Center in Washington DC. The DC center operates 24x7. Not so here at the Idaho Falls facility.

cert-war-room_4-100343543-orig.jpg

A look at the ICS-CERT Watch Floor dashboard, showing what's happening at the moment. If you're a hacker and you've found a bug in, say, a Honeywell system. This Watch Floor is where you call to responsibly disclose the issue.

cert-war-room_5-100343544-orig.jpg

Computers at the ICS-CERT Malware Lab in Idaho Falls, Idaho. This is where ICS-CERT did its initial Stuxnet analysis. The computers here are able to network with industrial control systems located at the facility.

The Future of Malware

cert-war-room_6-100343545-orig.jpg

The ICS-CERT Malware Laboratory. When the Watch Floor gets a new malware sample, they send it to these guys for analysis.

The Future of Malware

cert-war-room_7-100343546-orig.jpg

In urgent situations, ICS-CERT deploys away teams, who go into infected facilities and figure out what's going on. This is the type of gear they take with them.

cert-war-room_8-100343547-orig.jpg

The DHS and vendors pay INL to conduct security assessments of their products at the INL engineering facilities. But the testing is done pretty much in secret.It's often never publicly known who gets tested and what vulnerabilities are discovered.

cert-war-room_9-100343548-orig.jpg

DHS and INL do more than incident response at their Iowa Falls facilities. Here ICS-CERT instructor Mark Fabro walks the press through a typical training session. Check out the chemical and electrical programmable logic controllers behind him. A few minutes later he showed how it was possible to take control of an electrical substation and then hide what he was doing via a man-in-the middle attack.

cert-war-room_10-100343549-orig.jpg

There's plenty of stuff to hack here at INL. Here is equipment used to simulate a pipeline. The room also included Honeywell controllers.

cert-war-room_11a-100343550-orig.jpg

Marty Edwards, director of ICS-CERT and of the DHS Control Systems Security Proram, at one of the INL Control Systems Research Bays. This one is set up to simulate a chemical plant.

cert-war-room_12-100343551-orig.jpg

There's a lot of Windows XP running at Idaho National Labs.

The Future of Malware

10 Scariest Hacks

The Data Breach Quiz

Copyright © 2011 IDG Communications, Inc.

Related Slideshows