Thursday, April 23, 2020

1 Update Published – 4-23-20

Today the CISA NCCIC-ICS published an up date for a control system security advisory for products from Sierra Wireless. I also take a brief look at CISA cyber issue reporting processes. 

Sierra Wireless Update

This update provides additional information on an advisory that was originally published on May 2nd, 2019 and most recently updated on August 20, 2019. The new information includes updated version data and mitigation measures for LS300, GX400, GX440, and ES440 products.

Reporting Cyber Issues

Today CISA added a new “Report Cyber Issue” button on the Chemical Facility Anti-Terrorism Standards (CFATS) landing page. That button takes you to the CISA “Report Incidents, Phishing, Malware, or Vulnerabilities” page. This is a nice concise page with reporting criteria and links for reporting a variety of cyber issues. The URL for the page is a “” URL which probably means that the site has been around for a while. Of course, since this is a CISA web site, there is no date for the last change to the page.

The next to last paragraph has a link that takes you to the “CISA Coordinated Vulnerability Disclosure (CVD) Process” web site. Low and behold, it does have an ‘originally created’ date of December 3rd, 2019. For IOT, ICS or medical device vulnerability reporting it provides an email address (, a link to the CISA ICS public key, and a telephone number (1-888-282-0870). For reporting IT security issues, it provides a link to the Carnegie Mellon University CERT Coordination Center.

No comments:

/* Use this with templates/template-twocol.html */