Search US-CERT: Go button customize

Control Systems

• CSSP Home
• Calendar
• ICS-CERT
• ICSJWG
• Information Products
• Training
• Recommended Practices
• Self-Assessment Tool
• Standards & References
• Related Sites
• FAQ

 

DHS Threat Advisory

 

Control Systems Security Program (CSSP)

Industrial Control Systems Cyber Emergency Response Team

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) provides a control system security focus in collaboration with US-CERT to:

• Respond to and analyze control systems related incidents
• Conduct vulnerability and malware analysis
• Provide onsite support for incident response and forensic analysis
• Provide situational awareness in the form of actionable intelligence
• Coordinate the responsible disclosure of vulnerabilities/mitigations
• Share and coordinate vulnerability information and threat analysis through information products and alerts

The ICS-CERT serves as a key component of the Strategy for Securing Control Systems, which outlines a long-term, common vision where effective risk management of control systems security can be realized through successful coordination efforts.

Learn more

Vulnerability Resources Notable Control Systems Related Vulnerabilities Rockwell Automation Allen-Bradley MicroLogix PLC authentication and authorization vulnerabilities January 2010 AREVA e-terrahabitat SCADA systems vulnerabilities February 2009 GE Fanuc Proficy HMI/SCADA iFIX uses insecure authentication techniques February 2009 GoAhead Webserver Information Disclosure Vulnerability February 2009 Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge URL Redirection Vulnerability February 2009 Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Cross-site Scripting Vulnerability February 2009 More Other Resources Cyber Threat Source Descriptions Overview of Cyber Vulnerabilities Report an Incident CSSP and ICS-CERT encourage you to report suspicious cyber activity, incidents and vulnerabilities affecting critical infrastructure control systems. Report online You can also submit reports via one of the following methods: ICS-CERT Watch Floor: 1-877-776-7585 ICS related cyber activity: ics-cert@dhs.gov General cyber activity: soc@us-cert.gov Phone: 1-888-282-0870 When sending sensitive information to ICS-CERT via email, we encourage you to encrypt your messages. Download the public key.

Notable Critical Infrastructure News