ICS-CERT

I just don’t get back to check the DHS CERT Control Systems Security Program (CSSP) web page often enough. I checked it today and found that last week they announced the official launch of the Industrial Control System Cyber Emergency Response Team (ICS-CERT) coordination center in Idaho Falls, ID. Now the ICS-CERT have been operational since early this year, but their coordination center is now up and running. The brief article on the ICS-CERT contains a link to a two-page brochure about the ICS-CERT. It describes their mission and genearl capabilities. Probably the most valuable item in the brochure, however, is the ICS-CERT contact information. I’ll reproduce that whole section here.

“CSSP and ICS-CERT encourage you to report suspicious cyber activity, incidents and vulnerabilities affecting critical infrastructure control systems. Online reporting forms are available at https://forms.us-cert.gov/report/. You can also submit reports via one of the following methods: “ICS-CERT Watch Floor: 1-877-776-7585 “ICS related cyber activity: ics-cert@dhs.gov “General cyber activity: soc@us-cert.gov “Phone: 1-888-282-0870”

I certainly recommend that anyone that has an ICS cyber incident to immediately contact ICS-CERT. Even if the result of that particular incident seems relatively innocuous, it should still be reported. The intelligence and counter-intelligence portion of the ICS-CERT mission is very important and requires these inputs to be effective. Near-miss or ‘cyber-scouting’ incident reporting can be important in preventing serious incidents.