Today the CISA NCCIC-ICS published an up date for a control
system security advisory for products from Sierra Wireless. I also take a brief
look at CISA cyber issue reporting processes.
Sierra Wireless Update
This update
provides additional information on an advisory that was originally
published on May 2nd, 2019 and most
recently updated on August 20, 2019. The new information includes updated
version data and mitigation measures for LS300, GX400, GX440, and ES440
products.
Reporting Cyber Issues
Today CISA added a new “Report Cyber Issue” button on the
Chemical Facility Anti-Terrorism Standards (CFATS) landing
page. That button takes you to the CISA “Report Incidents, Phishing, Malware, or
Vulnerabilities” page. This is a nice concise page with reporting criteria
and links for reporting a variety of cyber issues. The URL for the page is a “us-cert.gov”
URL which probably means that the site has been around for a while. Of course,
since this is a CISA web site, there is no date for the last change to the
page.
The next to last paragraph has a link that takes you to the “CISA
Coordinated Vulnerability Disclosure (CVD) Process” web
site. Low and behold, it does have an ‘originally created’ date of December
3rd, 2019. For IOT, ICS or medical device vulnerability reporting it
provides an email address (NCCICCUSTOMERSERVICE@hq.dhs.gov), a link to the CISA ICS public
key, and a telephone number (1-888-282-0870). For reporting IT security
issues, it provides a link to the
Carnegie Mellon University CERT Coordination Center.
Posts
No comments:
Post a Comment