I am hearing rumors that ICS-CERT has recently published an
advisory on the US-CERT Secure Portal regarding a vulnerability in some sort of
building management system software.
As I have mentioned on occasion, ICS-CERT uses this limited
distribution system to allow critical infrastructure owners a chance to be
notified of a vulnerability before they make the advisory available to the
general public. This allows such owners to mitigate the vulnerability before it
is made generally known. I suspect that the vulnerabilities released in this
manner are so simple to exploit that the mere mention of the vulnerability type
would allow most hackers to figure out how to exploit the vulnerability.
If you are a critical facility owner (or a control system
integrator or ICS cybersecurity consultant) and do not already have access to
the ICS-CERT site on the US-CERT Secure Portal you probably should contact
ICS-CERT to see about getting that access. It will allow you a little bit more
lead time on these types of disclosures.
Posts
No comments:
Post a Comment