Control Systems Security Program (CSSP)
Industrial Control Systems Cyber Emergency Response Team
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) provides a control system security focus in collaboration with US-CERT to
- respond to and analyze control systems related incidents,
- conduct vulnerability and malware analysis,
- provide onsite support for incident response and forensic analysis,
- provide situational awareness in the form of actionable intelligence,
- coordinate the responsible disclosure of vulnerabilities/mitigations, and
- share and coordinate vulnerability information and threat analysis through information products and alerts.
The ICS-CERT serves as a key component of the Strategy for Securing Control Systems, which outlines a long-term, common vision where effective risk management of control systems security can be realized through successful coordination efforts.
ICS-CERT Monthly Monitor Newsletters
- ICS-CERT Newsletter, the "ICS-CERT Monthly Monitor," April 2012
- ICS-CERT Newsletter, the "ICS-CERT Monthly Monitor," March 2012
- ICS-CERT Newsletter, the "ICS-CERT Monthly Monitor," February 2012
Control Systems Advisories and Reports
-
"ICS-ALERT-12-046-01 - Increasing Threat to Industrial Control
Systems"
(February 15, 2012) This ALERT informs critical infrastructure and key resource (CIKR) asset owners and operators of recent and ongoing activity concerning increased risk to CIKR assets, particularly Internet accessible control systems. - ICS-CERT / US-CERT JSAR-12-151-01 – sKyWIper Flame Malware
(May 30, 2012) This JSAR warns of a new sophisticated information-stealing malware identified as sKyWIper. - ICS-CERT
Advisory "ICSA-12-138-01 - Emerson DeltaV Multiple Vulnerabilities"
(May 30, 2012) This Advisory identifies multiple vulnerabilities in the Emerson DeltaV application. This web release follows the earlier secure portal release. - ICS-CERT
Advisory "ICSA-12-146-01 - RuggedCom Weak Cryptography for
Password Vulnerability"
(May 25, 2012) This Advisory details a default backdoor user account with a weak password encryption. This web release follows the earlier secure portal release. - ICS-CERT
Technical Information Paper (TIP) "ICS-TIP-12-146-01 Cyber
Intrusion Mitigation Strategies"
(May 25, 2012) ICS-CERT developed this guidance to provide basic recommendations for owners and operators of critical infrastructure to enhance their network security posture. - ICS-CERT
Advisory "ICSA-12-145-01 - Measuresoft ScadaPRO dll Hijack
Corruption"
(May 24, 2012) This Advisory identifies a remotely exploitable, uncontrolled search path element vulnerability (DLL Hijack) in the ScadaPro application. - ICS-CERT
Advisory "ICSA-12-145-02 - xArrow Multiple Vulnerabilities
"
(May 24, 2012) This Advisory identifies four security vulnerabilities in the xArrow application. - ICS-CERT
Advisory "ICS-CERT Advisory ICSA-12-137-02 - Advantech Studio ISSymbol ActiveX Buffer Overflow"
(May 16, 2012) This Advisory identifies multiple buffer overflow vulnerabilities in the Advantech Studio product. This web release follows the earlier secure portal release. - ICS-ALERT-12-137-01 - Pro-face Pro-Server EX Multiple Vulnerabilities
(May 16, 2012) This ALERT warns of multiple vulnerabilities affecting Pro-face Pro-Server, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. - ICS-CERT
ALERT "ICS-ALERT-12-136-01 - Wonderware SuiteLink Unallocated
Unicode String"
(May 15, 2012) This ALERT identifies an unallocated Unicode string vulnerability.
ICS-CERT Advisories and Reports Archive
Other Resources
- ICS-CERT Incident Handling Brochure
- ICS-CERT Vulnerability Disclosure Policy
- US-CERT Vulnerability Notes
- Cyber Threat Source Descriptions
- Overview of Cyber Vulnerabilities
Reporting
CSSP and ICS-CERT encourage you to report suspicious cyber activity, incidents and vulnerabilities affecting critical infrastructure control systems.
You can also submit reports via one of the following methods:
- ICS-CERT Watch Floor: 1-877-776-7585
- ICS related cyber activity: ics-cert@dhs.gov
- General cyber activity: soc@us-cert.gov
- Phone: 1-888-282-0870
When sending sensitive information to ICS-CERT via email, we encourage you to encrypt your messages.
Download the public key.
