Official website of the Department of Homeland Security
The National Cybersecurity and Communications Integration Center (NCCIC) is the Nation’s flagship cyber defense, incident response, and operational integration center. Our mission is to reduce the Nation’s risk of systemic cybersecurity and communications challenges.
Security alerts, tips, and other updates
Contact Us
(888) 282-0870
Send us email
Download PGP/GPG keysIncidents, Indicators, Phishing, Malware, or Vulnerabilities
On This Page
Department of Homeland Security
Related Resources
National Cybersecurity and Communications Integration Center (NCCIC) Industrial Control Systems
NCCIC ICS works to reduce risks within and across all critical infrastructure sectors by partnering with law enforcement agencies and the intelligence community and coordinating efforts among Federal, state, local, and tribal governments and control systems owners, operators, and vendors. Additionally, NCCIC collaborates with international and private sector Computer Emergency Response Teams (CERTs) to share control systems-related security incidents and mitigation measures.
Learn More about NCCIC ICS
Control Systems Advisories and Reports
 | Alerts Alerts provide timely notification to critical infrastructure owners and operators concerning threats to critical infrastructure networks. |
| Advisories Advisories provide timely information about current security issues, vulnerabilities, and exploits. |
| ICS-CERT Monitor We provide this newsletter as a service to personnel actively engaged in the protection of critical infrastructure assets. |
| Other Reports ICS-CERT Technical Information Papers (TIPs), Annual Reports (Year in Review), and 3rd-party products that ICS-CERT believes are of interest to persons engaged in protecting industrial control systems. |
General Announcements
-
DHS is committed to assisting manufacturers with security of their products through a steady stream of vulnerability information. https://www.dhs.gov/blog/2018/09/18/patch-factory-global-infrastructure-managing-cybersecurity-vulnerabilitiesTuesday, September 18, 2018 - 13:03
-
NCCIC has released the Recommended Practice: Updating Antivirus in an Industrial Control System document.Thursday, August 2, 2018 - 10:16
-
NIST is releasing a publication that will help organizations prepare better against potentially destructive attacks to the collection of hardware and firmware components of a computer system, also called the platform. Special Publication 800-193, Platform Firmware Resiliency Guidelines provides technical guidelines and recommendations supporting resiliency of platform firmware and data against such attacks.Friday, May 4, 2018 - 14:36
-
This updated malware analysis report is a follow-up to the original malware analysis report titled MAR-17-352-01 HatMan - Safety System Targeted Malware that was published December 18, 2017, on the NCCIC/ICS-CERT website.Tuesday, April 17, 2018 - 18:48
-
This paper is intended to provide an understanding of the possible effects of the April 6, 2019 GPS Week Number Rollover on Coordinated Universal Time derived from GPS devices.Tuesday, April 10, 2018 - 10:21
NCCIC Monthly Monitor
- ICS-MM201712 : November-December 2017
- ICS-MM201710 : September-October 2017
- ICS-MM201708 : July-August 2017
Most Downloaded
- ICS-ALERT-14-281-01E : Ongoing Sophisticated Malware Campaign Compromising ICS (Update E)
- IR-ALERT-H-16-056-01 : Cyber-Attack Against Ukrainian Critical Infrastructure
- ICS-ALERT-14-176-02A : ICS Focused Malware (Update A)
Recently Published
-
ICSA-18-333-01 :
INVT Electric VT-Designer
This advisory includes mitigations for deserialization of untrusted data and heap-based buffer overflow vulnerabilities in INVT Electric's VT-Designer.11/29/2018 - 12:00
-
ICSA-18-331-01 :
AVEVA Vijeo Citect and Citect SCADA
This advisory includes mitigations for an uncontrolled search path element vulnerability in Schneider Electric's Software Update utility affecting AVEVA's Vijeo Citect and Citect SCADA products.11/27/2018 - 10:00
-
ICSA-18-324-01 :
Teledyne DALSA Sherlock
This advisory includes mitigations for a stack-based buffer overflow vulnerability in Teledyne DALSA's Sherlock machine vision software interface.11/20/2018 - 10:05
-
ICSA-18-324-02 :
Schneider Electric Modicon M221
This advisory includes mitigations for an insufficient verification of data authenticity vulnerability in the Schneider Electric Modicon M221 product.11/20/2018 - 10:00
-
ICSA-18-317-01 :
Siemens IEC 61850 System Configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC
This advisory includes mitigations for an improper access control vulnerability in the Siemens IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC products.11/13/2018 - 10:35
-
ICSA-18-317-02 :
Siemens S7-400 CPUs
This advisory includes mitigations for improper input validation vulnerabilities in the Siemens S7-400 CPUs.11/13/2018 - 10:30
-
ICSA-18-317-03 :
Siemens SIMATIC Panels and SIMATIC WinCC (TIA Portal)
This advisory includes mitigations for a code injection vulnerability in the Siemens SIMATIC Panels software and SIMATIC WinCC (TIA Portal).11/13/2018 - 10:25
-
ICSA-18-317-04 :
Siemens SCALANCE S
This advisory includes mitigations for a cross-site scripting vulnerability in Siemens' SCALANCE S security appliance.11/13/2018 - 10:20
-
ICSA-18-317-05 :
Siemens SIMATIC S7
This advisory includes mitigations for a resource exhaustion vulnerability in Siemens' Simatic S7 controllers.11/13/2018 - 10:15
-
ICSA-18-317-06 :
Siemens SIMATIC STEP 7 (TIA Portal)
This advisory includes mitigations for an unprotected storage of credentials vulnerability in Siemens' SIMATIC STEP 7 engineering software.11/13/2018 - 10:10
Other Resources
- NCCIC Preparing for Cyber Incident Analysis
- NCCIC Vulnerability Disclosure Policy
- US-CERT Vulnerability Notes
- Cyber Threat Source Descriptions
- Overview of Cyber Vulnerabilities
- Cyber Security Evaluation Tool (CSET)
- ICS Private Sector Critical Infrastructure Assessments
- ICS Cybersecurity for the C-Level
- NCCIC ICS Acronyms List
- Common Cyber Language