Control Systems Security Program (CSSP)
Industrial Control Systems Cyber Emergency Response Team
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) provides a control system security focus in collaboration with US-CERT to
- respond to and analyze control systems related incidents,
- conduct vulnerability and malware analysis,
- provide onsite support for incident response and forensic analysis,
- provide situational awareness in the form of actionable intelligence,
- coordinate the responsible disclosure of vulnerabilities/mitigations, and
- share and coordinate vulnerability information and threat analysis through information products and alerts.
The ICS-CERT serves as a key component of the Strategy for Securing Control Systems, which outlines a long-term, common vision where effective risk management of control systems security can be realized through successful coordination efforts.
ICS-CERT Monthly Monitor Newsletters
- ICS-CERT Newsletter, the "ICS-CERT Monthly Monitor," August 2012
- ICS-CERT Newsletter, the "ICS-CERT Monthly Monitor," June-July 2012
- ICS-CERT Newsletter, the "ICS-CERT Monthly Monitor," May 2012
Control Systems Advisories and Reports
Most Downloaded
ICS-CERT Advisory "ICS-CERT Incident Summary Report"
This Report summarizes ICS-CERT incident response activities from 2009 - 2011.
(June 28, 2012)
ICS-CERT ALERT "ICS-ALERT-12-046-01 - Increasing Threat to Industrial Control
Systems"
This ALERT informs critical infrastructure and key resource (CIKR)
asset owners and operators of recent and ongoing activity concerning
increased risk to CIKR assets, particularly Internet accessible
control systems.
Cyber Intrusion Mitigation Strategies (UPDATE) "ICS-TIP-12-146-01A"
ICS-CERT developed this guidance to provide basic recommendations for
owners and operators of critical infrastructure to enhance their
network security posture.
(July 19, 2012)
ICS-CERT Advisory "ICSA-12-258-01 - IOServer OPC Server Multiple Vulnerabilities"
This Advisory details vulnerabilities that allow an attacker to download any file on the file system without authentication.
(September 14, 2012)
ICS-CERT Advisory "ICSA-12-256-01 - Siemens WinCC WebNavigator Multiple Vulnerabilities"
This Advisory details vulnerabilities that affect the WebNavigator component version WinCC 7.0 SP3 and earlier of WinCC.
(September 12, 2012)
ICS-CERT Advisory "ICSA-12-150-01 - Honeywell HMIWEB Browser Buffer Overflow"
This Advisory details a buffer overflow vulnerability in all products using the Honeywell HMIWeb browser.
(September 07, 2012)
ICS-CERT Advisory "ICSA-12-251-01 - RealWinDemo DLL Hijack"
This Advisory details an uncontrolled search path element vulnerability, commonly referred to as a DLL hijack, in the RealFlex RealWinDemo application.
(September 07, 2012)
ICS-CERT Advisory "ICSA-12-249-03 - InduSoft ISSymbol ActiveX Control Buffer Overflow"
This Advisory details a vulnerability from Indusoft and the Zero Day Initiative (ZDI) concerning a heap-based buffer overflow vulnerability affecting the InduSoft ISSymbol ActiveX control.
(September 05, 2012)
ICS-CERT Advisory "ICSA-12-249-02 - WAGO IO 758 Default Linux Credentials"
This Advisory details a vulnerability that causes improper authentication found in a third-party component used in multiple WAGO products.
(September 05, 2012)
ICS-CERT Advisory "ICSA-12-249-01 - Arbiter Systems Power Sentinel Denial of Service Vulnerability"
This Advisory details a vulnerability that causes a denial of service (DoS) and has been identified in Arbiter Systems Power Sentinel Phasor Measurement Unit.
(September 05, 2012)
ICS-CERT ALERT "ICS-ALERT-12-234-01A - (UPDATE) Key Management Errors
in RuggedCom's Rugged Operating System"
This ALERT warns of a vulnerability that can be used to decrypt SSL
traffic between an end user and a RuggedCom network device.
(August 31, 2012)
ICS-CERT Advisory "ICSA-12-243-01 - GarrettCom - Use of
Hard-Coded Password"
This Advisory details a privilege-escalation vulnerability in the
GarrettCom Magnum MNS-6K Management Software application via the use
of a hard-coded password.
(August 30, 2012)
JSAR-12-241-01 - Shamoon/DistTrack Malware
This JSAR details "Shamoon," an information-stealing malware
that also includes a destructive module.
(August 29, 2012)
ICS-CERT Advisories and Reports Archive
Other Resources
- ICS-CERT Incident Handling Brochure
- ICS-CERT Vulnerability Disclosure Policy
- US-CERT Vulnerability Notes
- Cyber Threat Source Descriptions
- Overview of Cyber Vulnerabilities
Reporting
CSSP and ICS-CERT encourage you to report suspicious cyber activity, incidents and vulnerabilities affecting critical infrastructure control systems.
You can also submit reports via one of the following methods:
- ICS-CERT Watch Floor: 1-877-776-7585
- ICS related cyber activity: ics-cert@dhs.gov
- General cyber activity: soc@us-cert.gov
- Phone: 1-888-282-0870
When sending sensitive information to ICS-CERT via email, we encourage you to encrypt your messages.
Download the public key.
