Control Systems

• Home

• Calendar

• ICS-CERT

• ICSJWG

• Information Products

• Training

• Recommended Practices

• Secure Architecture Design

• Assessments

• Standards & References

• Related Sites

• FAQ

More Information about the Industrial Control Systems Cyber Emergency Response Team

The DHS Control Systems Security Program (CSSP) manages and operates the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in coordination with US-CERT. As a functional component of the National Cybersecurity and Communications Integration Center (NCCIC), the ICS-CERT provides focused operational capabilities for defense of control system environments against emerging cyber threats.

The ICS-CERT provides efficient coordination of control-systems-related security incidents and information sharing with federal, state, and local agencies and organizations, the Intelligence Community, private sector constituents including vendors, owners, and operators, and international and private sector computer security incident response teams (CSIRTs). The focus on control systems cybersecurity provides a direct path for coordination of activities for all members of the stakeholder community.

Download the ICS-CERT Fact Sheet

Download the ICS-CERT Incident Handling Brochure

Onsite Incident Response

The ICS-CERT provides onsite incident response, free of charge, to organizations that require immediate investigation and resolve in responding to a cyber attack.  Upon notification of a cyber incident, ICS-CERT will perform a preliminary diagnosis to determine the extent of the compromise.   At the customer's request, ICS-CERT can deploy a fly-away team to meet with the affected organization to review network topology, identify infected systems, image drives for analysis, and collect other data as needed to perform thorough follow-on analysis.  ICS-CERT is able to provide mitigation strategies and assist asset owners/operators in restoring service and provide recommendations for improving overall network and control systems security.

Malware Lab

The ICS-CERT operates a malware lab to perform digital media and malware analysis of infected systems.  The lab also hosts a representative sample of vendor equipment onsite to give analysts testing capabilities of malware in control system environments. The availability of onsite equipment and software allows ICS-CERT to assess the possible effects of malicious software and consequences a vulnerability may have on critical infrastructure.

Partnerships

The ICS-CERT is a component of the National Cybersecurity and Communications Integration Center (NCCIC), bringing industrial control systems security technical and response capabilities to the partnership. The work is performed in conjunction with the NCCIC and furthers their overall mission to coordinate defense against and response to cyber attacks across the nation.

The CSSP and ICS-CERT work to reduce risks within and across all critical infrastructure sectors by coordinating efforts among federal, state, local and tribal governments, as well as control systems owners, operators, and vendors. In addition, the ICS-CERT collaborates with international and private sector CERTs to share control systems related security incidents and mitigation measures.

The ICS-CERT participates with many working groups including the Industrial Control Systems Joint Working Group and the Federal Control Systems Security Working Group. These trusted relationships are leveraged to increase and improve information sharing with the CIKR asset owner/operators and vendor community.

Contact Information

The CSSP and ICS-CERT encourage you to report suspicious cyber activity, incidents, and vulnerabilities affecting critical infrastructure control systems.

ICS-CERT Watch Floor: 1-877-776-7585

ICS related cyber activity: ics-cert@dhs.gov