Control Systems Security Program (CSSP)
Industrial Control Systems Cyber Emergency Response Team
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) provides a control system security focus in collaboration with US-CERT to:
- Respond to and analyze control systems related incidents
- Conduct vulnerability and malware analysis
- Provide onsite support for incident response and forensic analysis
- Provide situational awareness in the form of actionable intelligence
- Coordinate the responsible disclosure of vulnerabilities/mitigations
- Share and coordinate vulnerability information and threat analysis through information products and alerts
The ICS-CERT serves as a key component of the Strategy for Securing Control Systems, which outlines a long-term, common vision where effective risk management of control systems security can be realized through successful coordination efforts.
Control Systems Advisories and Reports
- ICS-CERT ALERT "ICS-ALERT-12-020-01 - S4 Disclosure of Multiple PLC Vulnerabilities in Major ICS Vendors"
- This ALERT warns of multiple vulnerabilities identified by the 2012 S4 Project Basecamp team.
- ICS-CERT Advisory Update “ICSA-12-012-01A - Open Automation Software OPC Systems.NET"
- ICS-CERT has released an Advisory Update titled "ICSA-12-012-01A - Open Automation Software OPC Systems.NET" (PDF).
- ICS-CERT Advisory "ICSA-12-024-02 - Microsys, SPOL. S R.O. Promotic Multiple Vulnerabilities"
- This Advisory details three vulnerabilities in the Microsys spol. s r.o. PROMOTIC application.
- ICS-CERT Advisory "ICSA-12-024-01- Ocean Data Systems Dream Reports XSS and Write Access Violation Vulnerabilities"
- This Advisory identified cross-site scripting and write access violation vulnerabilities in the Ocean Data Systems Dream Report application.
- ICS-CERT ALERT "ICS-ALERT-12-020-07 - WAGO - IO 750 Multiple Vulnerabilities"
- This ALERT warns of multiple vulnerabilities affecting theWAGO I/O System 750.
- ICS-CERT ALERT "ICS-ALERT-12-020-06 - Wellintech KingSCADA Insecure Password Encryption"
- This ALERT warns of multiple vulnerabilities affecting WellingTech KingSCADA 3.0.
Other Resources
- ICS-CERT Incident Handling Brochure
- ICS-CERT vulnerability disclosure policy
- US-CERT Vulnerability Notes
- Cyber Threat Source Descriptions
- Overview of Cyber Vulnerabilities
Reporting
CSSP and ICS-CERT encourage you to report suspicious cyber activity, incidents and vulnerabilities affecting critical infrastructure control systems.
You can also submit reports via one of the following methods:
- ICS-CERT Watch Floor: 1-877-776-7585
- ICS related cyber activity: ics-cert@dhs.gov
- General cyber activity: soc@us-cert.gov
- Phone: 1-888-282-0870
When sending sensitive information to ICS-CERT via email, we encourage you to encrypt your messages.
Download the public key.
ICS-CERT Monthly Monitor Newsletters
- ICS-CERT Newsletter, the "ICS-CERT Monthly Monitor," December 2011
- ICS-CERT Newsletter, the "ICS-CERT Monthly Monitor," November 2011
- ICS-CERT Newsletter, the "Monthly Monitor," October 2011
Notable Critical Infrastructure News Feed: 