ICS Incident Reporting

The DHS-CERT Control Systems Security Program (CCPS) web page recently had a major change in the reporting procedures that they have for industrial control systems (ICS) incidents. In addition to providing reporting mechanisms they offer additional investigative and resolution assistance for such incidents. New Information In addition to the on-line reporting form that also appeared on the old page, the new page provides some new contact information, including:

ICS-CERT Watch Floor: 1-877-776-7585 ICS related cyber activity: ics-cert@dhs.gov General cyber activity: soc@us-cert.gov Phone: 1-888-282-0870

On the ICS-CERT web page they provide a valuable piece of additional advice for on-line reporting (in my opinion it should be located on the reporting page as well, but no one is perfect). To protect sensitive business or systems information ICS-CERT recommends that that type of information should be encrypted and provides a public-key to accomplish that encryption. Old Information The old version of the CSSP page had some additional information that would still be of value. Fortunately the links from that old page are still active so I will provide the links here. First is the reporting of Phishing attacks. While these are not uniquely an ICS issue, I found that the Phishing reporting procedure can be very helpful. The second set of links provides a method of reporting vulnerability issues for industrial control systems. Reporting newly identified vulnerabilities is an important part of improving the overall security of control systems across the industry. ICS-CERT Assistance The CSSP page provides the information below about the assistance available from ICS-CERT. Unfortunately there is no specific information about how to request that assistance. I can only suggest that such requests should be included when contacting CERT with the information about the incident.

“The ICS-CERT encourages organizations to report vulnerabilities, suspicious activity, and cyber incidents that could have an impact on critical infrastructure control systems. The ICS-CERT will analyze the information and provide mitigation strategies as needed. In addition, the ICS-CERT is able to provide onsite assistance, free of charge, to organizations that require immediate investigation and resolve in responding to a cyber attack.”

When an ICS incident, deliberate attack or miscellaneous system upset, occurs any additional assistance that can be had to help alleviate the situation means that the facility can get their critical systems up and working just that much faster.