2019 11th International Conference on Cyber Conflict: Permission to make digital or hard copies of this publication for internal use within NATO and for personal or educational use when for non-profit or Silent Battle non-commercial purposes is granted providing that copies bear this notice T. Minárik, S. Alatalu, S. Biondi, and a full citation on the first page. Any other reproduction or transmission M. Signoretti, I. Tolga, G. Visky (Eds.) requires prior written permission by NATO CCD COE. 2019 © NATO CCD COE Publications, Tallinn Call to Action: Mobilizing Community Discussion to Improve Information-Sharing About Vulnerabilities in Industrial Control Systems and Critical Infrastructure Daniel Kapellmann Rhyner Washburn Cyber-Physical Threat Intelligence National Consortium for the Study of Senior Analyst Terrorism and Responses to Terrorism FireEye (START) Reston, VA, USA Research Affiliate
[email protected] University of Maryland College Park, MD, USA
[email protected] Abstract: Vulnerability management remains a significantchallenge for organizations that handle critical infrastructure worldwide. Hallmark cyber-physical incidents with disruptive and destructive capabilities like Stuxnet (2010) and Triton (2017) have exploited known vulnerabilities in information technology (IT) and operational technology (OT) assets throughout the attack lifecycle. However, the global critical infrastructure security community is still nascent in the field of industrial control systems (ICS) vulnerability management, especially