DHS officials at the training exercise defended their handling of Stuxnet, but the man in charge of ICS-CERT said there's room for improvement. "I think there's always going to be an evaluation of how much information do we release, when do we release it and how do we release it," said Marty Edwards, the ICS-CERT's director. "So as we continuously evaluate those, and Stuxnet was a very good case study of how we performed, we'll continue to fine-tune the processes to give industry the tools they need to defend these systems."
DHS intentionally released fewer details about the problem than vendors like Symantec, Edwards explained. "We still haven't released broadly the [Stuxnet] technical details, because I still believe that they're sensitive," he said. "You're not going to see us post those kind of details to a completely open, public website because we don't want to encourage the script kiddy or the copycat types."
Just a few blocks from the training facility that was home to Friday's exercise, INL operates a "watch floor" for industrial systems. This is the classified building where phones will start ringing should the next Stuxnet show up, and home to staffers who specialize in IT and industrial systems. It's small -- there were just four analysts there on Thursday -- but it looks like the security operations centers you see big companies such as Cisco and Symantec: people sitting in front of computers, with a big screen showing a real time feed of any situations that need to be handled. When Stuxnet first appeared in July 2010, this is where the U.S. response was mustered. The worm was quickly handed over to a special malware analysis lab, also run by INL in Idaho Falls, where it was dissected by security experts and industrial engineers.
Edwards' boss, Greg Schaffer, says the group "had an appropriate response to what was a complex and new set of circumstances that we had to deal with." And while he believes that the siphoning off of intellectual property is the largest cyber issue facing the U.S. right now, the doomsday possibilities of a well crafted attack on power plants or nuclear facilities makes the kind of work that goes on at Idaho National Labs important.
"This is an issue that is evolving and that could have significant impacts to us," he said. "This program is designed to get us in front of those problems."