This past August, the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) received notice that a remote attacker had used a zero-day exploit against the maritime transportation sector. The attacker exploited an SQL injection vulnerability in a web-based application used by multiple U.S. ports that provides real-time access to operational logistics information, resulting in a loss of valuable data.
Once notified of this cyber attack, the NCCIC’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) notified potentially-affected U.S. ports about the threat through an alert which details the specific vulnerability and provides preliminary mitigation measures. ICS-CERT also contacted the vendor of the application that had been exploited to learn additional details about the vulnerability and the status of an available patch. ICS-CERT successfully notified all U.S. ports that used the software and confirmed that they acquired and installed the necessary patch. ICS-CERT also shared the alert with relevant international partners and encouraged them to install the patch. Thanks to these efforts, the maritime transportation sector is more secure, resilient, and better prepared to respond to the next cyber attack.
Although this particular incident involved an application used only by the maritime transportation sector, we often learn of vulnerabilities in products that are utilized by multiple critical infrastructure sectors. We issue alerts on these vulnerabilities to our stakeholders through ICS-CERT’s secure portal. Every company that builds or runs something should read these alerts, because you probably employ some type of control system whether you realize it or not: control systems are present in manufacturing and a host of other areas, not just power plants. To receive alerts through ICS-CERT’s secure portal, send an email requesting access to ICS-CERT@dhs.gov. Once you start receiving our alerts, talk to your CEO or Board about them to ensure your control systems are protected.
Vulnerability alerts are just one example of how ICS-CERT provides assistance to our critical infrastructure partners. ICS-CERT provides an array of industrial control system assessments to critical infrastructure owners and operators, including self-assessments using our Cybersecurity Evaluation Tool, onsite field assessments, network design architecture reviews, and network traffic analysis and verification. These products and services provide industrial control system owners with the context necessary to build effective defense-in-depth processes for enhancing the cybersecurity of their systems. More information on ICS-CERT assessments can be found here.
ICS-CERT is just one element of our NCCIC, a 24x7 cyber situational awareness, incident response and management center that brings together our three customers: the federal government; state, local, tribal and territorial governments; and industry and non-profits. The NCCIC shares information among our public and private sector partners to build awareness of vulnerabilities, incidents, and mitigations. During cyber incidents, the NCCIC serves as the national response center for asset response, bringing the full capabilities of the federal government to bear in a coordinated manner with state, local, and private sector partners.
The cybersecurity of your control systems is just as important as the cybersecurity of your IT systems. By working with us, we can help you protect both. To report a cyber incident, call the NCCIC at 1-888-282-0870 or email NCCIC@hq.dhs.gov.
This article is published as part of the IDG Contributor Network. Want to Join?