Industrial Control Systems

ICS Advisories. CISA publishes ICS advisories to help organizations address ICS vulnerabilities. These advisories cover ICS cybersecurity topics and focus on mitigations that ICS vendors have published for vulnerabilities in their products. These advisories aim to reduce risks associated with exploitation of vulnerabilities affecting ICS, which can lead to data corruption, exfiltration, or significant physical consequences. CISA also publishes Medical Device Advisories that focus on on mitigations that ICS medical vendors have published for vulnerabilities in their products.

Cybersecurity Advisories (CSAs). CISA publishes CSAs to provide detection methods for exploitation and indicators of compromise in response to cyber operational events and incidents. CISA often jointly produces CSAs with relevant private and public sector partners as well as international counterparts. These advisories provide collaborative research on cyber threats and encourage critical infrastructure asset owners and cyber defenders to apply the recommended mitigations.

Internet Exposure Reduction Guidance. CISA published this guidance to help organizations proactively identify and mitigate exposures, reducing their online footprint and strengthening cybersecurity.

Cybersecurity Performance Goals (CPGs). CISA's CPGs provide a baseline set of cybersecurity practices broadly applicable across all businesses with known risk-reduction value. Note: The Cyber Security Evaluation Tool (CSET) provides a guided walk-through of the CPG evaluation.

Secure by Demand (SbD) for OT. CISA's SbD guidance warns operational technology (OT) asset owners of cyber threat actors targeting vulnerabilities in products rather than specific organizations, and exploiting weak authentication, insecure settings, and outdated protocols. To address this, the guidance recommends OT asset owners procure products designed with SbD principles that include secure configurations, robust logging, open standards, data protection, and strong authentication. By selecting SbD products, organizations can reduce their attack surface, enhance system resilience, and mitigate the high costs associated with defending compromised OT assets.

Known Exploited Vulnerabilities (KEV) Catalog. CISA's KEV catalog is the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

Cyber Hygiene (CyHy) Services. CISA offers vulnerability scanning and testing services to help organizations reduce their exposure to threats by taking a proactive approach to mitigating attack vectors. To sign up, email vulnerability@cisa.dhs.gov with the subject line “Requesting Cyber Hygiene Services.” Individual services include:

• Vulnerability Scanning (VS) – The CyHy VS program scans external-facing systems and does not require administrative rights. The program generates regular reports for the organization that detail any potential vulnerabilities or other issues that should be addressed.
• Web Application Scanning (WAS) – CISA’s CyHy Web Application Scanning is “internet scanning-as-a-service.” This service, which requires your organization also be enrolled in the VS program, assesses the “health” of your publicly accessible web applications by checking for known vulnerabilities and weak configurations. Additionally, CISA can recommend ways to enhance security in accordance with industry and government best practices and standards.

Report a Cybersecurity Incident. CISA provides a list of resources for reporting cyber incidents, phishing attempts, malware, and vulnerabilities at your organization.

Report a Vulnerability. The Vulnerability Information and Coordination Environment (VINCE) platform allows anyone to submit a product or vendor related vulnerability for review by a cyber critical emergency response team (CERT). The process allows multiple stakeholders to analyze, vet, investigate and disclose information to the public to mitigate or fix each vulnerability.

CISA Cyber Security Evaluation Tool (CSET). CSET is a desktop tool that provides a step-by-step evaluation of your organization’s information technology (IT) and industrial control system (ICS) network security practices.

Logging Made Easy (LME). LME guides users through the setup of basic event logging across their domain. LME supports many systems including Windows, Linux, and macOS.

Secure Cloud Business Applications (SCuBA) Project. SCuBA provides tailored cloud solutions guidance and secure configuration baselines (SCBs) for Microsoft 365 (M365) and Google Workspace (GWS) applications. SCuBA’s guidance aims to protect information that organizations create, access, share, or store in cloud environments. Note: Although its primary goal is to help secure federal civilian executive branch (FCEB) information in cloud environments, all organizations can use SCuBA to strengthen their cybersecurity posture.

ICS Training. CISA offers ICS training online and in-person in partnership with Idaho National Laboratories (INL). Topics include introduction to industrial control systems, determining the impacts of a cybersecurity incident, and mapping IT defense-in-depth security solutions to ICS. 

Controls Environment Laboratory Resource (CELR). The Controls Laboratory is an environment for government and private industry partners to experience the possible effects of kinetic cyber-physical attacks. This lab allows users to perform security research on industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems.