Control Systems Security Program (CSSP)

Industrial Control Systems Cyber Emergency Response Team

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) provides a control system security focus in collaboration with US-CERT to

  • respond to and analyze control systems related incidents,
  • conduct vulnerability and malware analysis,
  • provide onsite support for incident response and forensic analysis,
  • provide situational awareness in the form of actionable intelligence,
  • coordinate the responsible disclosure of vulnerabilities/mitigations, and
  • share and coordinate vulnerability information and threat analysis through information products and alerts.

The ICS-CERT serves as a key component of the Strategy for Securing Control Systems, which outlines a long-term, common vision where effective risk management of control systems security can be realized through successful coordination efforts.

Learn more

ICS-CERT Monthly Monitor Newsletters

Monthly Monitor Archive

Control Systems Advisories and Reports

Most Downloaded

ICS-CERT Advisory "ICS-CERT Incident Summary Report"
This Report summarizes ICS-CERT incident response activities from 2009 - 2011. (June 28, 2012)

ICS-CERT ALERT "ICS-ALERT-12-046-01 - Increasing Threat to Industrial Control Systems"
This ALERT informs critical infrastructure and key resource (CIKR) asset owners and operators of recent and ongoing activity concerning increased risk to CIKR assets, particularly Internet accessible control systems. (February 15, 2012)

Cyber Intrusion Mitigation Strategies (UPDATE) "ICS-TIP-12-146-01A"
ICS-CERT developed this guidance to provide basic recommendations for owners and operators of critical infrastructure to enhance their network security posture. (July 19, 2012)

new release ICS-CERT ALERT "ICS-ALERT-12-284-01 - Sinapsi eSolar Light Multiple Vulnerabilities"
This ALERT warns of multiple vulnerabilities with proof-of-concept (PoC) exploit code affecting the Sinapsi eSolar Light Photovoltaic System Monitor, a supervisory control and data acquisition (SCADA) monitoring product.
(October 10, 2012)

new release ICS-CERT Advisory "ICSA-12-283-02 - WellinTech KingView User Credentials Not Securely Hashed"
This Advisory identifies a default credential vulnerability in WellinTech KingView application.
(October 09, 2012)

new release ICS-CERT Advisory "ICSA-12-283-01 - Siemens S7-1200 Web Application Cross Site Scripting"
This Advisory identifies a cross-site scripting (XSS) vulnerability in Siemens's S7-1200 Programmable Logic Controllers (PLCs).
(October 09, 2012)

ICS-CERT ALERT "ICS-ALERT-12-277-01 Sielco Sistemi WinLog Lite SEH Overwrite Vulnerability"
This ALERT warns of Structured Exception Handler (SEH) overwrite vulnerability with proof-of-concept (PoC) exploit code affecting Sielco Sistemi WinLog Lite SCADA HMI, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. (October 3, 2012)

ICS-CERT Advisory "ICSA-12-265-01 - Emerson DeltaV Buffer Overflow"
This Advisory identifies a buffer-overflow vulnerability in the Emerson DeltaV application.
(September 28, 2012)

ICS-CERT JSAR "JSAR-12-241-01A - Shamoon-DistTrack Malware"
This JSAR identifies W32.DistTrack, also known as "Shamoon," is an information-stealing malware that also includes a destructive module.
(September 27, 2012)

ICS-CERT Advisory "ICSA-12-271-02 - Optimalog Optima PLC Multiple Vulnerabilities"
This Advisory identifies a NULL Pointer Dereference and an Infinite Loop and released proof-of-concept (exploit) code for Optimalog's Optima PLC application.
(September 27, 2012)

ICS-CERT Advisory "ICSA-12-263-02 - ORing Industrial Networking IDS-5042 Hard-Coded Credentials Vulnerability"
This Advisory identifies a hard-coded credentials vulnerability in the ORing Industrial series DIN-Rail Device Server 5042/5042+ Operating System. ICS-CERT is unaware of any resolution by the vendor at this time. (September 19, 2012)

ICS-CERT Advisory "ICSA-12-263-01 - Siemens S7-1200 Insecure Storage of HTTPS CA Certificate"
This Advisory details an insecure HTTPS certificate storage vulnerability in Siemens' S7-1200 v2.x.
(September 19, 2012)

ICS-CERT Advisory "ICSA-12-262-01 - Fultek WinTr Directory Traversal"
This Advisory identified a directory traversal vulnerability in Fultek's WinTr Scada application.
(September 18, 2012)

ICS-CERT Advisories and Reports Archive

Other Resources


CSSP and ICS-CERT encourage you to report suspicious cyber activity, incidents and vulnerabilities affecting critical infrastructure control systems.

Report online

You can also submit reports via one of the following methods:

When sending sensitive information to ICS-CERT via email, we encourage you to encrypt your messages.
Download the public key

Notable Critical Infrastructure News Feed: Notable Critical Infrastructure News RSS link