Comprehensive cybersecurity is an unfortunate necessity in the connected age, as malwares like Duqu, Flame, and Stuxnet have proven to be effective embedded pc instruments of espionage and physical sabotage rather than vehicles of petty cybercrime. In an effort to mitigate the impact of such threats on United States Critical Infrastructure (CI), the Department of Homeland Security (DHS) developed the Enhanced Cybersecurity Services (ECS) program, a voluntary embedded system framework designed to augment the existing cyber defenses of CI entities. The following provides an overview of the ECS program architecture, technology, and entry qualifications as described in an "on background" interview with DHS embedded pc officials.
At some point in 2007, an operator at the Natanz uranium enrichment facility in Iran inserted a USB memory device infected with the Stuxnet malware into an Industrial Control System (ICS) running a Windows Operating System. Over the next three years, the embedded system would propagate over the Natanz facility's internal network by exploiting zero-day vulnerabilities in a variety of Windows OSs, eventually gaining access to the Programmable Logic Controllers on a number of Indutrial Control Systems (PCSs) for the facility's gas centrifuges. Stuxnet then injected malicious code to make the centrifuges spin at their maximum degradation point of 1410 Hz. One thousand of the 9,000 centrifuges at the Natanz facility were damaged beyond repair.
In February 2013, Executive Order (EO) 13,636 and Presidential Policy Directive (PPD)-21 ordered the DHS to develop a public-private partnership model to protect United States CI entities from cyber threats like Stuxnet. The result was an expansion of the Enhanced Cybersecurity Services (ECS) program from the Defense Industrial Base (DIB) to 16 critical industrial pc.
refer to:http://industrial-embedded.com/articles/enhanced-protecting-critical-infrastructure/
