{"id":183110,"date":"2026-01-30T07:00:00","date_gmt":"2026-01-30T12:00:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/30\/standardizing-the-bas-cs-of-critical-infrastructure-cybersecurity-alerts\/"},"modified":"2026-01-30T16:20:17","modified_gmt":"2026-01-30T21:20:17","slug":"standardizing-the-bas-cs-of-critical-infrastructure-cybersecurity-alerts","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/30\/standardizing-the-bas-cs-of-critical-infrastructure-cybersecurity-alerts\/","title":{"rendered":"Standardizing the BAS\/CS of Critical Infrastructure Cybersecurity Alerts"},"content":{"rendered":"<p><a href=\"https:\/\/www.afcea.org\/signal-media\/cyber-edge\/standardizing-bas\/cs-critical-infrastructure-cybersecurity-alerts\">Standardizing the BAS\/CS of Critical Infrastructure Cybersecurity Alerts<\/a><\/p>\n<p><a href=\"https:\/\/www.afcea.org\/signal-media\/cyber-edge\/standardizing-bas\/cs-critical-infrastructure-cybersecurity-alerts\">https:\/\/www.afcea.org\/signal-media\/cyber-edge\/standardizing-bas\/cs-critical-infrastructure-cybersecurity-alerts<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-30 07:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.afcea.org\">www.afcea.org<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. Researchers at the Johns Hopkins Applied Physics Laboratory (APL) seek wider adoption of a cybersecurity framework designed to standardize alerts across industrial control systems (ICS) essential to the nation\u2019s critical infrastructure, which includes the defense industrial base, nuclear reactors, communications and food and agriculture, among other sectors.<\/p>\n<p>Control systems for essential service, including electricity, water and natural gas, remain high-priority hacking targets, according to an APL article. Defending these systems is complicated by the sheer variety of technologies, protocols and available cybersecurity solutions in use, which makes it challenging to share information and identify threats. Control systems use dozens of different formats for an array of sensor data, and dozens of vendors that each have different detection systems and analytic tools. For example, two sensors can look at the same raw network data but interpret that data in different ways, researchers explain in the article. Different sensors can tag the same attack with different names and descriptions.<\/p>\n<p>To resolve the challenge, APL researchers developed BAS\/CS (Behavioral Alerting Sets for Control Systems), which is designed to address the variability problem on multiple levels, the APL article explains. First, every event flagged by a sensor, such as an attempt to remotely log into a system or a new protocol seen on the network, is tagged with a common identification number that works across different sensors and vendor offerings.<\/p>\n<p>The system then evaluates these tagged sensor events using correlation rules for generating alerts. Correlations that meet certain conditions within a defined period of time trigger an alert for control system operators. A remote login attempt followed by the suspicious use of a system process, for example, would raise an alert. Like the sensor event identifications, the correlation detection rules and the language of the alerts are standardized across systems.<\/p>\n<p>\u201cOne of the big benefits is having a common language that everyone can talk about\u2014from the operators and control system environments to the more traditional cyber defenders\u2014and being able to understand what\u2019s actually happening in these systems,\u201d Alex Beall, an APL control system cybersecurity researcher, told SIGNAL Media during a recent Zoom interview.\u00a0<\/p>\n<p>During the same Zoom interview, Harley Parkes, an APL cyber defense expert who led the creation and development of BAS\/CS, touted its vendor-agnostic nature. If you\u2019re able to standardize the way you do alerting and tagging of data, then you can replace sensors. You can replace some of the feeds that generate alerts so that you can actually go with best-of-breed technologies and continue to operate and alert on the threat over time.\u201d<\/p>\n<p>Beall added that the vendor agnosticism includes both data and rules. \u201cWe viewed BAS\/CS as the way\u2014at the alert level\u2014to try to make it so that not only are we vendor agnostic from these sensors that are providing data, but we\u2019re also vendor agnostic for what\u2019s running these rules. There\u2019s no special bit of code or technology that is required to be able to use the BAS\/CS rules.\u201d<\/p>\n<p>BAS\/CS is the solution to a challenge unveiled during development of MOSAICS\u2014More Situational Awareness for Industrial Control Systems\u2014the first-ever comprehensive, integrated and automated solution for ICS security. The APL is developing MOSAICS in partnership with Sandia National Laboratories, Pacific Northwest National Laboratory and Idaho National Laboratory. The MOSAICS team has worked extensively with the U.S. Navy, Air Force and others.<\/p>\n<p>\u00a0<br \/>\n\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Standardizing the BAS\/CS of Critical Infrastructure Cybersecurity Alerts https:\/\/www.afcea.org\/signal-media\/cyber-edge\/standardizing-bas\/cs-critical-infrastructure-cybersecurity-alerts Publish Date: 2026-01-30 07:00:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":183111,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.afcea.org\/sites\/default\/files\/styles\/medium\/public\/2026-01\/GIS-F2-BAS-CS-FEB2026.jpeg?itok=h69Uazpe","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-183110","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/183110"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=183110"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/183110\/revisions"}],"predecessor-version":[{"id":183112,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/183110\/revisions\/183112"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/183111"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=183110"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=183110"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=183110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}