Ics Security Offerings Fact Sheet S508C
Ics Security Offerings Fact Sheet S508C
SECURITY OFFERINGS
Broadly, the ICS community includes all entities—government at all levels, the private sector, international partners,
academia, and others—with equities in ICS security. CISA’s focus on ICS security and commitment to collaborating with
the ICS community is a vital part of its mission.
OFFERINGS
To support the ICS community's cyber risk management efforts, CISA offers a wide range of products, services, and
capabilities. Click on any icon below to learn more.
See the Resources section at the end of this document to visit CISA webpages for each offering.
ASSESSMENTS
CISA offers a range of voluntary cybersecurity assessment services focused on Operational Technologies (OT) that
evaluate an organization’s:
• Operational resilience
• Cybersecurity practices
• Management of external dependencies
• Additional elements that are key to a robust cybersecurity framework
Stakeholders receive recommendations and mitigation plans for all assessments. Information shared with CISA by the
requestor is confidential and may be protected as Protected Critical Infrastructure Information (PCII)
(https://www.cisa.gov/pcii-program).
CYBER HUNT
CISA’s hunt capabilities are specifically focused on identifying sophisticated threats and adversary presence in OT and IT
environments, often beyond the capacity and capability of traditional cybersecurity tools and techniques.
EXERCISES
CISA provides cyber exercise planning to support ICS and critical infrastructure partners by delivering a full spectrum of
cyber exercise planning workshops and seminars. These range from small discussion-based exercises that last two hours
to full-scale, internationally scoped, operations-based exercises that span multiple days. CISA designs these events to
assist organizations at all levels in the development and testing of cybersecurity prevention, protection, mitigation, and
response capabilities.
CISA designed the CISA Tabletop Exercise Package (CTEP) to assist partner organizations in developing their own tabletop
exercises to meet the specific needs of their facilities and stakeholders. The CTEP allows users to leverage pre-built
exercise templates and vetted scenarios to build tabletop exercises to assess, develop, and update information sharing
processes, emergency plans, programs, policies, and procedures.
To request more information about the CISA exercise program, visit https://www.cisa.gov/critical-infrastructure-exercises
or email [email protected]. Visit https://www.cisa.gov/publication/cisa-tabletop-exercise-package to access the CTEP
document and guides.
INFORMATION EXCHANGE
CISA regularly publishes ICS-specific alerts, advisories, and guidance documents for the public. Alerts provide timely
notification to critical infrastructure owners and operators concerning control systems threats. Advisories provide timely
information about current security issues, vulnerabilities, and exploits.
To view CISA’s latest alerts and advisories and ICS best practice guidance documents, visit https://www.cisa.gov/ics and
click on resources tab.
AIS is a part of CISA’s effort to create an ecosystem where as soon as a company or federal agency observes an
attempted compromise, the indicator will be shared in real time with all of our partners, protecting them from that
particular threat. AIS is free to all ICS partners. Want to learn more? Visit https://www.cisa.gov/automated-indicator-
sharing-ais or call 888-282-0870.
• In-person meetings
• Webinars
• Newsletters
ICSJWG membership is voluntary and free to all ICS stakeholders. Members receive all outgoing communication to the
ICSJWG community, including newsletters (with content submitted by ICSJWG membership), face-to-face meeting
invitations, announcements, training information, and calls for comments. For the latest ICSJWG event information, or to
learn more about becoming an ICSJWG member, visit https://www.cisa.gov/icsjwg.
To request additional information on CELR, CyberSentry, or Malcom, call 888-282-0870 or email [email protected].
RESPONSE CAPABILITIES
When cyber events impact physical processes, CISA can help asset owners by coordinating risk mitigation efforts across
the ICS community and sharing indicators of compromise and tactics to secure the Nation’s infrastructure. CISA brings
expertise and advanced tooling to aid ICS cyber victims in identifying artifacts, determining affected components, and
building recovery plans specific to lower-level OT devices. To report an ICS incident, visit https://us-cert.cisa.gov/report or
call 888-282-0870.
To learn more about NRMC’s key initiatives and to access resources, please visit https://www.cisa.gov/national-risk-
management. To explore information about the NCFs, visit https://www.cisa.gov/national-critical-functions.
TECHNICAL ANALYSIS
CISA has the ability to conduct analysis on malware, digital media, and ICS hardware. CISA ICS analysts focus on digital
artifacts from devices specific to industrial control systems, such as PLCs and remote terminal units. CISA’s ICS advanced
malware laboratory specializes in malware threats to ICS environments and is able to provide owners with support. To
report malware, please visit https://us-cert.cisa.gov/report.
TRAINING
CISA’s ICS training courses and workshops provide the ICS community no-cost, in-person and virtual training. Visit
https://www.cisa.gov/cybersecurity-training-exercises to explore training options.
VULNERABILITY COORDINATION
CISA’s Coordinated Vulnerability Disclosure (CVD) program coordinates the remediation and public disclosure of newly
identified cybersecurity vulnerabilities in products and services with the affected vendor(s). This includes new
vulnerabilities in ICS, Internet of Things (IoT), medical devices, as well as traditional IT vulnerabilities.
The goal of the CVD program is to ensure CISA, the affected vendor(s) and/or service provider(s), and the
vulnerability reporter all disclose simultaneously. This ensures users and administrators receive clear, consistent,
and actionable information in a timely manner.
RESOURCES
Offering/Capability Website
• https://www.cisa.gov/cyber-resource-hub
Assessments
• PCII Program: https://www.cisa.gov/pcii-program
• https://www.cisa.gov/critical-infrastructure-exercises
Exercises • CTEP documents: https://www.cisa.gov/publication/cisa-tabletop-
exercise-package
• https://www.cisa.gov/ics > click on resources tab
Information Exchange
• AIS Program: https://www.cisa.gov/automated-indicator-sharing-ais
• https://www.cisa.gov/ics > click on resources tab
Partnerships and Engagement
• https://www.cisa.gov/icsjwg
• CSET tool: https://github.com/cisagov/cset/wiki
Products and Tools
• Email [email protected] for other products and tools
Response Capabilities • To report an ICS incident, visit https://us-cert.cisa.gov/report
• NRMC link: https://www.cisa.gov/national-risk-management
Strategic Risk Analysis • National Critical Functions (NCF): https://www.cisa.gov/national-critical-
functions
Technical Analysis • To report malware, visit https://us-cert.cisa.gov/report
Training • https://www.cisa.gov/cybersecurity-training-exercises
• https://www.cisa.gov/coordinated-vulnerability-disclosure-process
Vulnerability Coordination • To report an ICS vulnerability, call 888-282-0870, or visit https://us-
cert.cisa.gov/report