Control Systems Security Program (CSSP)
The goal of the DHS National Cyber Security Division's CSSP is to reduce industrial control system risks within and across all critical infrastructure and key resource sectors by coordinating efforts among federal, state, local, and tribal governments, as well as industrial control systems owners, operators and vendors. The CSSP coordinates activities to reduce the likelihood of success and severity of impact of a cyber attack against critical infrastructure control systems through risk-mitigation activities.
To obtain additional information or request involvement or assistance, contact cssp@hq.dhs.gov.
ICS-CERT has released advisory ICSA-10-272-01—Primary Stuxnet Indicators. ICS-CERT has been actively investigating and reporting on the Stuxnet vulnerability. To date, ICS-CERT has released ICSA-10-201-01-Malware Targeting Siemens Control Softwarea (including Updates B & C) and ICSA-10-238-01-Stuxnet Mitigationsb (including Update B).
ICS-CERT has released advisory ICSA-10-264-01, “SCADA Engine BACnet OPC Client Buffer Overflow Vulnerability.” A buffer overflow vulnerability has been reported in SCADA Engine’s BACnet OPC Client. Using a specially crafted malicious file, this vulnerability could allow an attacker to crash the application and execute arbitrary code. A software update is available that resolves this vulnerability.
ICS-CERT has released Update B of advisory, "ICSA-10-238-01B- Stuxnet Mitigations" to describe the mitigations available for Stuxnet malware. This document provides guidance that asset owners and operators can use to reduce their risk of infection and/or identify and remove the Stuxnet malware.
ICS-CERT is aware of reports describing a method to load attacker-supplied DLLs in vulnerable Microsoft Windows applications. ICS-CERT has created this Alert to warn the ICS community of the issue, provide links to resources and mitigations, and summarize the implications for ICS environments.
ICS-CERT has released advisory “ICSA-10-228-01- Non-Authorized Admin Accounts” to warn of administrative accounts that support organizations may create to assist in performing their duties. All control systems maintained by vendors, integrators, or other contractors can potentially be impacted by the practice of adding “back door” administrative accounts for future access to perform maintenance, updates, or training. This advisory highlights existing practices that may adversely impact the cybersecurity of industrial control systems (ICS) environments relative to malicious actors.
The ICS-CERT released an updated advisory, ICSA-10-201-01C which identifies malware that uses a zero-day vulnerability in Microsoft Windows processing of shortcut files and exploits systems after users open a USB drive with a file manager capable of displaying icons (like Windows Explorer). The malware installs a trojan that interacts with installed SIMATIC® WinCC or SIMATIC® Siemens STEP 7 software and then makes queries to any discovered SIMATIC® databases.
The DHS Control Systems Security Program (CSSP) has released a new June 2010 version of the "Catalog of Control Systems Security: Recommendations for Standards Developers". This new release includes updates based on new versions of industry standards, including revision 3 of NIST SP800-53. This document also includes revised entries in the "Cross Reference of Standards" table.
The Industrial Control Systems Cyber Emergency Response Team has released new guidance for critical infrastructure asset owners regarding cyber incident handling.
The ICS-CERT released advisory "ICSA-10-147-01 _ Cisco Network Building Mediator" detailing multiple vulnerabilities in Cisco’s Network Building Mediator’s Products. These vulnerabilities involve default credentials, privilege escalation, unauthorized information interception, and unauthorized information access that could result in an attacker taking complete control over an affected device.
SAVE THE DATE!
The 2010 Fall Conference for the Industrial Control Systems Joint Working Group (ICSJWG) has been scheduled for October 25-28, 2010. The Conference will be held at the Marriott Renaissance Seattle Hotel and will include Subgroup meetings, presentations on current cybersecurity topics, and control systems cybersecurity training.
Top 10 most accessed control systems documents and web pages
- ICS-CERT
- Strategy for Securing Control Systems (pdf)
- Catalog of Control Systems Security: Recommendations for Standards Developers (pdf)
- Cyber Security Procurement Language for Control Systems (pdf)
- Recommended Practices
- Personnel Security Guidelines (pdf)
- Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies (pdf)
- Developing an Industrial Control Systems Cybersecurity Incident Response Capability (pdf)
- Cyber Security Evaluation Tool
- Secure Architecture Design
CSSP and ICS-CERT encourage you to report suspicious cyber activity, incidents and vulnerabilities affecting critical infrastructure control systems. You can also submit reports to ICS-CERT via one of the following methods:
- ICS related cyber activity: ics-cert@dhs.gov
- ICS-CERT Watch Floor: 1-877-776-7585
When sending sensitive information to ICS-CERT via email, we encourage you to encrypt your messages.
Download the public key.
Notable Critical Infrastructure News: 