On This Page
Department of Homeland Security
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) works to reduce risks within and across all critical infrastructure sectors by partnering with law enforcement agencies and the intelligence community and coordinating efforts among Federal, state, local, and tribal governments and control systems owners, operators, and vendors. Additionally, ICS-CERT collaborates with international and private sector Computer Emergency Response Teams (CERTs) to share control systems-related security incidents and mitigation measures.
Control Systems Advisories and Reports
Alerts provide timely notification to critical infrastructure owners and operators concerning threats to critical infrastructure networks.
Advisories provide timely information about current security issues, vulnerabilities, and exploits.
We provide this newsletter as a service to personnel actively engaged in the protection of critical infrastructure assets.
|Joint Security Awareness Reports (JSARs)|
ICS-CERT coordinates with US-CERT and other partners to develop Joint Security Awareness Reports (JSARs) to provide situational awareness for the public on cybersecurity issues.
Technical Information Papers (TIPs), Annual Reports (Year in Review), and other products that ICS-CERT believes are of interest to persons engaged in protecting industrial control systems.
The Economist published a special cyber-security report on July 12, 2014. http://www.economist.com/sites/default/files/20140712_cyber-security.pdfTuesday, July 15, 2014 - 10:53
http://threatpost.com/new-oil-and-natural-gas-isac-launches/106902Wednesday, July 2, 2014 - 12:07
http://www.symantec.com/connect/blogs/dragonfly-western-energy-companies-under-sabotage-threatMonday, June 30, 2014 - 12:42
The Department of Homeland Security’s (DHS) Office of Cybersecurity & Communications (CS&C) conducts complimentary and voluntary assessments to evaluate operational resilience and cybersecurity capabilities within critical infrastructure sectors, as well as state, local, tribal, and territorial governments.Friday, May 30, 2014 - 12:35
Thursday, May 1, 2014 - 11:05
OleumTech WIO Family Vulnerabilities
This advisory provides vulnerability details in OleumTech’s WIO family including the sensors and the DH2 data collector.07/21/2014 - 16:45
Siemens OpenSSL Vulnerabilities
This advisory provides mitigation details for vulnerabilities in the Siemens OpenSSL cryptographic software library affecting several Siemens industrial products.07/17/2014 - 17:26
Advantech WebAccess Vulnerabilities
This advisory provides mitigation details for vulnerabilities affecting the Advantech WebAccess application.07/17/2014 - 17:22
Cogent DataHub Code Injection Vulnerability
This advisory provides mitigation details for a code injection vulnerability affecting the Cogent DataHub application.07/17/2014 - 17:20
Yokogawa Centum Buffer Overflow Vulnerability
Researcher group Rapid7 has identified a buffer overflow vulnerability in Yokogawa CENTUM products. Yokogawa has produced a patch that mitigates this vulnerability. This vulnerability could be exploited remotely.07/08/2014 - 16:07
ABB Relion 650 Series OpenSSL Vulnerability (Update A)
This updated advisory is a follow-up to the original advisory titled ICSA-14-126-01 ABB RELION 650 Series OpenSSL Vulnerability, that was published May 06, 2014, on the NCCIC/ICS-CERT web site.07/08/2014 - 14:59
ICS Focused Malware
This advisory is a follow-up to the updated alert titled ICS-ALERT-14-176-02A that was published June 27, 2014, on the NCCIC/ICS-CERT web site. This advisory provides additional details regarding ICS Focused Malware Havex.06/30/2014 - 17:41
ICS Focused Malware (Update A)
This updated alert is a follow-up to the alert titled ICS-ALERT-14-176-02 that was published June 25, 2014, on the NCCIC/ICS-CERT web site. This alert provides additional details regarding ICS Focused Malware Havex.06/27/2014 - 19:29
OpenSSL Releases Security Advisory
This advisory provides mitigation details for several additional vulnerabilities that were discovered since the last OpenSSL vulnerability.06/05/2014 - 19:22
Daktronics Vanguard Default Credentials (Update A)
This alert update is a follow-up to the original NCCIC/ICS-CERT alert titled ICS-ALERT-14-155-01 Daktronics Vanguard Hardcoded Credentials that was published June 4, 2014, on the ICS-CERT web page. This update clarifies that the Daktronics Vanguard highway notification sign configuration software does not contain a hardcoded password vulnerability that could allow unauthorized access to the highway sign.06/05/2014 - 18:12