Control Systems Security Program (CSSP)
Industrial Control Systems Cyber Emergency Response Team
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) provides a control system security focus in collaboration with US-CERT to
- respond to and analyze control systems related incidents,
- conduct vulnerability and malware analysis,
- provide onsite support for incident response and forensic analysis,
- provide situational awareness in the form of actionable intelligence,
- coordinate the responsible disclosure of vulnerabilities/mitigations, and
- share and coordinate vulnerability information and threat analysis through information products and alerts.
The ICS-CERT serves as a key component of the Strategy for Securing Control Systems, which outlines a long-term, common vision where effective risk management of control systems security can be realized through successful coordination efforts.
ICS-CERT Monthly Monitor Newsletters
- ICS-CERT Newsletter, the "ICS-CERT Monthly Monitor," August 2012
- ICS-CERT Newsletter, the "ICS-CERT Monthly Monitor," June-July 2012
- ICS-CERT Newsletter, the "ICS-CERT Monthly Monitor," May 2012
Control Systems Advisories and Reports
Most Downloaded
ICS-CERT Advisory "ICS-CERT Incident Summary Report"
This Report summarizes ICS-CERT incident response activities from 2009 - 2011.
(June 28, 2012)
ICS-CERT ALERT "ICS-ALERT-12-046-01 - Increasing Threat to Industrial Control
Systems"
This ALERT informs critical infrastructure and key resource (CIKR)
asset owners and operators of recent and ongoing activity concerning
increased risk to CIKR assets, particularly Internet accessible
control systems.
Cyber Intrusion Mitigation Strategies (UPDATE) "ICS-TIP-12-146-01A"
ICS-CERT developed this guidance to provide basic recommendations for
owners and operators of critical infrastructure to enhance their
network security posture.
(July 19, 2012)
ICS-CERT ALERT "ICS-ALERT-12-277-01 Sielco Sistemi WinLog Lite SEH Overwrite Vulnerability"
This ALERT warns of Structured Exception Handler (SEH) overwrite vulnerability with proof-of-concept (PoC) exploit code affecting Sielco Sistemi WinLog Lite SCADA HMI, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. (October 3, 2012)
ICS-CERT Advisory "ICSA-12-265-01 - Emerson DeltaV Buffer Overflow"
This Advisory identifies a buffer-overflow vulnerability in the Emerson DeltaV application.
(September 28, 2012)
ICS-CERT JSAR "JSAR-12-241-01A - Shamoon-DistTrack Malware"
This JSAR identifies W32.DistTrack, also known as "Shamoon," is an information-stealing malware that also includes a destructive module.
(September 27, 2012)
ICS-CERT Advisory "ICSA-12-271-02 - Optimalog Optima PLC Multiple Vulnerabilities"
This Advisory identifies a NULL Pointer Dereference and an Infinite Loop and released proof-of-concept (exploit) code for Optimalog's Optima PLC application.
(September 27, 2012)
ICS-CERT Advisory "ICSA-12-263-02 - ORing Industrial Networking IDS-5042 Hard-Coded Credentials Vulnerability"
This Advisory identifies a hard-coded credentials vulnerability in the ORing Industrial series DIN-Rail Device Server 5042/5042+ Operating System. ICS-CERT is unaware of any resolution by the vendor at this time. (September 19, 2012)
ICS-CERT Advisory "ICSA-12-263-01 - Siemens S7-1200 Insecure Storage of HTTPS CA Certificate"
This Advisory details an insecure HTTPS certificate storage vulnerability in Siemens' S7-1200 v2.x.
(September 19, 2012)
ICS-CERT Advisory "ICSA-12-262-01 - Fultek WinTr Directory Traversal"
This Advisory identified a directory traversal vulnerability in Fultek's WinTr Scada application.
(September 18, 2012)
ICS-CERT Advisory "ICSA-12-258-01 - IOServer OPC Server Multiple Vulnerabilities"
This Advisory details vulnerabilities that allow an attacker to download any file on the file system without authentication. (September 14, 2012)
ICS-CERT Advisory "ICSA-12-256-01 - Siemens WinCC WebNavigator Multiple Vulnerabilities"
This Advisory details vulnerabilities that affect the WebNavigator component version WinCC 7.0 SP3 and earlier of WinCC.
(September 12, 2012)
ICS-CERT Advisory "ICSA-12-150-01 - Honeywell HMIWEB Browser Buffer Overflow"
This Advisory details a buffer overflow vulnerability in all products using the Honeywell HMIWeb browser.
(September 07, 2012)
ICS-CERT Advisories and Reports Archive
Other Resources
- ICS-CERT Incident Handling Brochure
- ICS-CERT Vulnerability Disclosure Policy
- US-CERT Vulnerability Notes
- Cyber Threat Source Descriptions
- Overview of Cyber Vulnerabilities
Reporting
CSSP and ICS-CERT encourage you to report suspicious cyber activity, incidents and vulnerabilities affecting critical infrastructure control systems.
You can also submit reports via one of the following methods:
- ICS-CERT Watch Floor: 1-877-776-7585
- ICS related cyber activity: ics-cert@dhs.gov
- General cyber activity: soc@us-cert.gov
- Phone: 1-888-282-0870
When sending sensitive information to ICS-CERT via email, we encourage you to encrypt your messages.
Download the public key.
