Control Systems Security Program (CSSP)
The goal of the DHS National Cyber Security Division's CSSP is to reduce industrial control system risks within and across all critical infrastructure and key resource sectors by coordinating efforts among federal, state, local, and tribal governments, as well as industrial control systems owners, operators and vendors. The CSSP coordinates activities to reduce the likelihood of success and severity of impact of a cyber attack against critical infrastructure control systems through risk-mitigation activities.
To obtain additional information or request involvement or assistance, contact cssp@hq.dhs.gov.
The Department of Homeland Security (DHS) Control Systems Security Program (CSSP) has released Version 4.1 of the Cyber Security Evaluation Tool (CSET™). This new version of the tool can be downloaded from the CSSP website.
CSET™ Version 4.1 provides users with the option of creating or modifying their network diagram in Microsoft Visio®. This new functionality supplies a Visio® stencil with network shapes recognized by CSET™. CSET™ imports the Visio® diagram, assigns questions to the included components, and looks for general network vulnerabilities as if the diagram had been created within CSET™ itself. In addition, a diagram export function from CSET™ to Visio® is also provided.
ICS-CERT has released an Advisory titled "ICSA-12-258-01 - IOServer OPC Server Multiple Vulnerabilities" that details vulnerabilities that allow an attacker to download any file on the file system without authentication.
ICS-CERT has released an Advisory titled "ICSA-12-256-01 - Siemens WinCC WebNavigator Multiple Vulnerabilities" that details vulnerabilities that affect the WebNavigator component version WinCC 7.0 SP3 and earlier of WinCC.
ICS-CERT has released the Newsletter titled "ICS-CERT Monthly Monitor August 2012" for August 2012, a summary of ICS-CERT activities for the previous month.
ICS-CERT has released an Advisory titled "ICSA-12-150-01 - Honeywell HMIWEB Browser Buffer Overflow" that details a buffer overflow vulnerability in all products using the Honeywell HMIWeb browser.
ICS-CERT has released an Advisory titled "ICSA-12-251-01 - RealWinDemo DLL Hijack" that details an uncontrolled search path element vulnerability, commonly referred to as a DLL hijack, in the RealFlex RealWinDemo application.
ICS-CERT has released an Advisory titled "ICSA-12-249-03 - InduSoft ISSymbol ActiveX Control Buffer Overflow" that details a vulnerability from Indusoft and the Zero Day Initiative (ZDI) concerning a heap-based buffer overflow vulnerability affecting the InduSoft ISSymbol ActiveX control.
ICS-CERT has released an Advisory titled "ICSA-12-249-02 - WAGO IO 758 Default Linux Credentials" that details a vulnerability that causes improper authentication found in a third-party component used in multiple WAGO products.
ICS-CERT has released an Advisory titled "ICSA-12-249-01 - Arbiter Systems Power Sentinel Denial of Service Vulnerability" that details a vulnerability that causes a denial of service (DoS) and has been identified in Arbiter Systems Power Sentinel Phasor Measurement Unit.
ICS-CERT has released an ALERT titled "ICS-ALERT-12-234-01A - (UPDATE) Key Management Errors in RuggedCom's Rugged Operating System" that warns of a vulnerability that can be used to decrypt SSL traffic between an end user and a RuggedCom network device.
ICS-CERT/US-CERT has released a JSAR titled "JSAR-12-241-01 - Shamoon/DistTrack Malware" that details "Shamoon," an information-stealing malware that also includes a destructive module.
Fall is around the corner and ICSJWG is preparing for its next Biannual Face-to-Face Meeting! The Industrial Control Systems Joint Working Group (ICSJWG) 2012 Fall Meeting dates have been finalized as October 15 – 18, 2012. This meeting will be held at the Grand Hyatt Denver in Denver, Colorado, USA. This no-cost event provides an opportunity for asset owners and operators, government professionals, vendors, systems integrators, R&D, and academic professionals to discuss the latest initiatives impacting security of industrial control systems and interact with colleagues and peers who may be addressing the risk of threats and vulnerabilities to their systems.
There is no cost to attend the ICSJWG 2012 Fall Meeting and additional schedule of events. Please register for any and all events online or onsite.
Top 10 most accessed control systems documents and web pages
- ICS-CERT
- Strategy for Securing Control Systems
- Catalog of Control Systems Security: Recommendations for Standards Developers
- Cyber Security Procurement Language for Control Systems
- Recommended Practices
- Personnel Security Guidelines
- Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies
- Developing an Industrial Control Systems Cybersecurity Incident Response Capability
- Cyber Security Evaluation Tool
- Secure Architecture Design
CSSP and ICS-CERT encourage you to report suspicious cyber activity, incidents and vulnerabilities affecting critical infrastructure control systems. You can also submit reports to ICS-CERT via one of the following methods:
- ICS related cyber activity: ics-cert@dhs.gov
- ICS-CERT Watch Floor: 1-877-776-7585
When sending sensitive information to ICS-CERT via email, we encourage you to encrypt your messages.
Download the public key.