Control Systems Security Program (CSSP)

The goal of the DHS National Cyber Security Division's CSSP is to reduce industrial control system risks within and across all critical infrastructure and key resource sectors by coordinating efforts among federal, state, local, and tribal governments, as well as industrial control systems owners, operators and vendors. The CSSP coordinates activities to reduce the likelihood of success and severity of impact of a cyber attack against critical infrastructure control systems through risk-mitigation activities.

To obtain additional information or request involvement or assistance, contact

Spring 2011

The Department of Homeland Security (DHS) Control Systems Security Program (CSSP) has released Version 4.1 of the Cyber Security Evaluation Tool (CSET®). This new version of the tool can be downloaded from the CSSP website.

CSET Version 4.1 provides users with the option of creating or modifying their network diagram in Microsoft Visio®. This new functionality supplies a Visio stencil with network shapes recognized by CSET. CSET imports the Visio diagram, assigns questions to the included components, and looks for general network vulnerabilities as if the diagram had been created within CSET itself. In addition, a diagram export function from CSET to Visio is also provided.

DocumentICS-CERT has released the Newsletter titled "ICS-CERT Monthly Monitor" for September 2012, a summary of ICS-CERT activities for the previous month.


DocumentICS-CERT has released an ALERT titled "ICS-ALERT-12-284-01 - Sinapsi eSolar Light Multiple Vulnerabilities" that warns of multiple vulnerabilities with proof-of-concept (PoC) exploit code affecting the Sinapsi eSolar Light Photovoltaic System Monitor, a supervisory control and data acquisition (SCADA) monitoring product.


DocumentICS-CERT has released an Advisory titled "ICSA-12-283-02 - WellinTech KingView User Credentials Not Securely Hashed" that identifies a default credential vulnerability in WellinTech KingView application.


DocumentICS-CERT has released an Advisory titled "ICSA-12-283-01 - Siemens S7-1200 Web Application Cross Site Scripting" that identifies a cross-site scripting (XSS) vulnerability in Siemens's S7-1200 Programmable Logic Controllers (PLCs).


DocumentICS-CERT has released an ALERT titled "ICS-ALERT-12-277-01 Sielco Sistemi WinLog Lite SEH Overwrite Vulnerability" that warns of Structured Exception Handler (SEH) overwrite vulnerability with proof-of-concept (PoC) exploit code affecting Sielco Sistemi WinLog Lite SCADA HMI, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product.


DocumentICS-CERT has released an Advisory titled "ICSA-12-265-01 - Emerson DeltaV Buffer Overflow" that identifies a buffer-overflow vulnerability in the Emerson DeltaV application.


DocumentICS-CERT has released a JSAR titled "JSAR-12-241-01A - Shamoon-DistTrack Malware" that identifies W32.DistTrack, also known as "Shamoon," is an information-stealing malware that also includes a destructive module.


DocumentICS-CERT has released an Advisory titled "ICSA-12-271-02 - Optimalog Optima PLC Multiple Vulnerabilities" that identifies a NULL Pointer Dereference and an Infinite Loop and released proof-of-concept (exploit) code for Optimalog's Optima PLC application.


DocumentICS-CERT has released an Advisory titled "ICSA-12-263-02 - ORing Industrial Networking IDS-5042 Hard-Coded Credentials Vulnerability" that identifies a hard-coded credentials vulnerability in the ORing Industrial series DIN-Rail Device Server 5042/5042+ Operating System. ICS-CERT is unaware of any resolution by the vendor at this time.


DocumentCSSP/ICS-CERT have released a document titled "Roadmap to Secure Control Systems in the Transportation Sector" that describes a plan for voluntarily improving industrial control systems (ICSs) cybersecurity across all transportation modes.


ICSJWG 2012 Fall Meeting

Fall is around the corner and ICSJWG is preparing for its next Biannual Face-to-Face Meeting! The Industrial Control Systems Joint Working Group (ICSJWG) 2012 Fall Meeting dates have been finalized as October 15 – 18, 2012. This meeting will be held at the Grand Hyatt Denver in Denver, Colorado, USA. This no-cost event provides an opportunity for asset owners and operators, government professionals, vendors, systems integrators, R&D, and academic professionals to discuss the latest initiatives impacting security of industrial control systems and interact with colleagues and peers who may be addressing the risk of threats and vulnerabilities to their systems.

There is no cost to attend the ICSJWG 2012 Fall Meeting and additional schedule of events. Please register for any and all events online or onsite.

Report archive

CSSP and ICS-CERT encourage you to report suspicious cyber activity, incidents and vulnerabilities affecting critical infrastructure control systems.  You can also submit reports to ICS-CERT via one of the following methods:

  • ICS related cyber activity:
  • ICS-CERT Watch Floor: 1-877-776-7585

When sending sensitive information to ICS-CERT via email, we encourage you to encrypt your messages.
Download the public key

Notable Critical Infrastructure News Feed Notable Critical Infrastructure News RSS link