• United States



DHS helps you make your control systems more secure

Nov 28, 20163 mins

After a zero-day exploit to the maritime transportation sector, DHS's National Cybersecurity and Communications Integration Center notified potentially affected U.S. ports about the threat. They described the apparent vulnerability and provided preliminary mitigation measures.

Credit: Thinkstock

This past August, the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) received notice that a remote attacker had used a zero-day exploit against the maritime transportation sector. The attacker exploited an SQL injection vulnerability in a web-based application used by multiple U.S. ports that provides real-time access to operational logistics information, resulting in a loss of valuable data.

Once notified of this cyber attack, the NCCIC’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) notified potentially-affected U.S. ports about the threat through an alert which details the specific vulnerability and provides preliminary mitigation measures. ICS-CERT also contacted the vendor of the application that had been exploited to learn additional details about the vulnerability and the status of an available patch. ICS-CERT successfully notified all U.S. ports that used the software and confirmed that they acquired and installed the necessary patch. ICS-CERT also shared the alert with relevant international partners and encouraged them to install the patch. Thanks to these efforts, the maritime transportation sector is more secure, resilient, and better prepared to respond to the next cyber attack.

Although this particular incident involved an application used only by the maritime transportation sector, we often learn of vulnerabilities in products that are utilized by multiple critical infrastructure sectors. We issue alerts on these vulnerabilities to our stakeholders through ICS-CERT’s secure portal. Every company that builds or runs something should read these alerts, because you probably employ some type of control system whether you realize it or not: control systems are present in manufacturing and a host of other areas, not just power plants. To receive alerts through ICS-CERT’s secure portal, send an email requesting access to Once you start receiving our alerts, talk to your CEO or Board about them to ensure your control systems are protected.

Vulnerability alerts are just one example of how ICS-CERT provides assistance to our critical infrastructure partners. ICS-CERT provides an array of industrial control system assessments to critical infrastructure owners and operators, including self-assessments using our Cybersecurity Evaluation Tool, onsite field assessments, network design architecture reviews, and network traffic analysis and verification. These products and services provide industrial control system owners with the context necessary to build effective defense-in-depth processes for enhancing the cybersecurity of their systems. More information on ICS-CERT assessments can be found here.

ICS-CERT is just one element of our NCCIC, a 24×7 cyber situational awareness, incident response and management center that brings together our three customers: the federal government; state, local, tribal and territorial governments; and industry and non-profits. The NCCIC shares information among our public and private sector partners to build awareness of vulnerabilities, incidents, and mitigations. During cyber incidents, the NCCIC serves as the national response center for asset response, bringing the full capabilities of the federal government to bear in a coordinated manner with state, local, and private sector partners.

The cybersecurity of your control systems is just as important as the cybersecurity of your IT systems. By working with us, we can help you protect both. To report a cyber incident, call the NCCIC at 1-888-282-0870 or email

Dr. Andy Ozment has worked in cybersecurity for almost twenty years as an operator, programmer, policymaker and executive. He is currently the Assistant Secretary for Cybersecurity and Communications at the Department of Homeland Security (DHS). In this role, Dr. Ozment is charged with protecting the government against cyber attacks and helping the private sector protect itself.

Dr. Ozment’s office helps its private sector and government customers by responding to incidents, sharing information, developing and promulgating best practices, and increasing our nation’s cybersecurity capacity. In leading this office, Dr. Ozment oversees a budget of more than $1 billion and leads a workforce of over 600 federal employees and several thousand support personnel.

At DHS, Dr. Ozment has led the U.S. government’s response to dozens of incidents in the government and private sector. During his tenure, his teams have been called in to find and remove the intruders at OPM and separately to travel to Ukraine to better understand and share information about the cyber attack that turned off power to over 200,000 customers. His team built and operates a classified, government-wide intrusion prevention system and is working with federal agencies to deploy endpoint monitoring solutions across millions of government computers. By establishing policy with clear metrics and holding agencies accountable, Dr. Ozment has driven a measurable decrease in the cyber risk faced by government agencies.

Prior to joining DHS, Dr. Ozment served at the White House as the President’s Senior Director for Cybersecurity where he led a team that developed national policy and coordinated federal cybersecurity efforts. He was responsible for the development and implementation of the President’s Executive Order 13636 on Improving Critical Infrastructure Cybersecurity. He then oversaw the resulting development of the NIST Cybersecurity Framework. Dr. Ozment also led the development of the National Strategy for Trusted Identities in Cyberspace, a signature initiative by the Administration to improve online authentication.

Before joining the White House, Dr. Ozment led an operational security group at DHS that oversaw compliance, metrics and security authorization for the Department’s Chief Information Security Officer. Previously, Dr. Ozment served in cybersecurity or technical roles with the Office of the Secretary of Defense, National Security Agency, Merrill Lynch and Nortel Networks.

Dr. Ozment earned a Bachelor of Science degree in Computer Science from Georgia Tech. While studying in the United Kingdom on a Marshall Scholarship, he earned a Master of Science degree in International Relations from the London School of Economics, and a Ph.D. in Computer Science from the University of Cambridge.

The opinions expressed in this blog are those of Dr. Andy Ozment and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author