Control Systems Security Program (CSSP)
Industrial Control Systems Cyber Emergency Response Team
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) provides a control system security focus in collaboration with US-CERT to:
- Respond to and analyze control systems related incidents
- Conduct vulnerability and malware analysis
- Provide onsite support for incident response and forensic analysis
- Provide situational awareness in the form of actionable intelligence
- Coordinate the responsible disclosure of vulnerabilities/mitigations
- Share and coordinate vulnerability information and threat analysis through information products and alerts
The ICS-CERT serves as a key component of the Strategy for Securing Control Systems, which outlines a long-term, common vision where effective risk management of control systems security can be realized through successful coordination efforts.
Control Systems Advisories and Reports
- ICS-CERT ALERT "ICS-ALERT-12-039-01 - Advantech BroadWin RPC Server
Vulnerability"
- This ALERT warns of an RPC server vulnerabililty affecting the Advantech BroadWin WebAccess software.
- ICS-CERT ALERT "ICS-ALERT-12-034-01 - SSH Scanning Activity Targets Control Systems"
- This ALERT informs CIKR asset owners and operators of ongoing, large scale, active scanning of Internet facing control systems involving SSH.
- ICS-CERT Advisory "ICSA-12-039-01- Invensys Wonderware HMI Reports XSS and Write Access Violation"
- This Advisory details two vulnerabilities in the Invensys Wonderware HMI reports product.
- ICS-CERT Advisory "ICSA-12-013-01 - ING. Punzenberger COPA-DATA GMBH DoS Vulnerabilities"
- This Advisory details a denial of service (DoS) vulnerability in the Ing. Punzenberger COPA-DATA GmbH zenon human-machine interface (HMI) system.
- ICS-CERT ALERT "ICS-ALERT-12-020-01 - S4 Disclosure of Multiple PLC Vulnerabilities in Major ICS Vendors"
- This ALERT warns of multiple vulnerabilities identified by the 2012 S4 Project Basecamp team.
Other Resources
- ICS-CERT Incident Handling Brochure
- ICS-CERT vulnerability disclosure policy
- US-CERT Vulnerability Notes
- Cyber Threat Source Descriptions
- Overview of Cyber Vulnerabilities
Reporting
CSSP and ICS-CERT encourage you to report suspicious cyber activity, incidents and vulnerabilities affecting critical infrastructure control systems.
You can also submit reports via one of the following methods:
- ICS-CERT Watch Floor: 1-877-776-7585
- ICS related cyber activity: ics-cert@dhs.gov
- General cyber activity: soc@us-cert.gov
- Phone: 1-888-282-0870
When sending sensitive information to ICS-CERT via email, we encourage you to encrypt your messages.
Download the public key.
ICS-CERT Monthly Monitor Newsletters
- ICS-CERT Newsletter, the "ICS-CERT Monthly Monitor," January 2012
- ICS-CERT Newsletter, the "ICS-CERT Monthly Monitor," December 2011
- ICS-CERT Newsletter, the "ICS-CERT Monthly Monitor," November 2011
Notable Critical Infrastructure News Feed: 