CISA DEFEND TODAY - PDF document

1 CISA | DEFEND TODAY, SECURE TOMORROW
CISA | DEFEND TODAY, SECURE TOMORROW Facebook.com/CISA @CISAgov|@cyber|@uscert_gov | @ICSCERT C entral @cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov CISA NDUSTRIAL TROL STEMS CURITY OFFERINGSCAPAILITIES Cybersecurity anInfrastructurSecurity Agency (CISA CISA INDUSTRIAL CONTROL SYSTEMS SECURITY OFFERINGS AssessmentsOperational resilience evaluations Cyber HuntAid ICS partners with adversary presence search in absence of known threat ExercisesTesting and readiness for ICS incidents Information ExchangeSharing of threat and best practice guidance with partners Partnerships and EngagementCollaborate and coordinate with ICS partners Products and ToolsAccess to on tools for the ICS community ResponseProvide expertise tooling to aid ICS cyber victims Strategic Risk AnalysisProvide ICS risk information pertaining to National Critical Functions (NCFs Technical AnalysisICS malware analysis support TrainingTechnical and nontechnical ICS instruction for all skill levels Vulnerability CoordinationCoordinated, public disclosure of ICS vulnerabilities + mitigation recommendations 2 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov ASSESSMENTS CISA offers a range of voluntary cybersecurity assessment services focused on Operational Technologies (OT) that evaluate an organization’s:Operational resilienceCybersecurity practicesManagement of external dependenciesAdditional elements that are key to a robust cybersecurity framework Stakeholders receivrecommendationandmitigationplansforallassessments.InformationsharedwithCISAtherequestorconfidentiProtectedCriticInformation(PCII) cisa.gov/pciisithttps://www.cisa.gov/cyberesourceorfor more information on how to request CISA’s hunt capabilities are specificallyfocused on identifying sophisticated threats and adversary presence in OT and IT environments, often beyond the capacity and capability of traditional cybersecurity tools and techniques. EXERCISES CISA provides cyber exercisplanning to support ICS ancritical infrastructurpartners by deliverina full spectrucyber exercisplanninworkshops and seminars. These range frosmall discussionbasedexercisesthatlasttwohourstofullscale,internationallscoped,operationsbasedexercisesthatspanmultipledays.CISAdesignstheseeventstoassistorganizationsalllevelsinthedevelopmentandtestingofcybersecuritprevention,protection,mitigation,andresponsecapabilitiesCISAdesigned tCISA Tabletop ExercisPacka(CTEPtoassistpartnerorganizationsindevelopingheirowntabletopexercises to meet thspecific needs of their facilities anstakeholders. ThCTEP allows users to leveraprebuiltexercisetemplatesandvettedscenariostobuildtabletopexercisestoassess,develop,andupdateinformationsharingprocesses, emergency plans, policies, and procedures. To request more information about the CISA exercise program, visit or emailCentral@cisa.dhs.govVisittps://www.cisa.gov/publication/cisadocument and guides.INFORMATION EXCHANGE CISAregularlpublishesICSspecific alerts, advisories, anguidancdocuments forthepublic.Alertsprovidetimely notificationtocriticinfrastructureownersandoperatorsconcerningcontrosystemsthreats.Advisoriesprovidetimely informationaboutsecuritissues,exploitslatestadvisoriesguidancevisithttps://www.cisa.gov/icsclickonresourcestab. 3 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov Automated IndicatorharingrogramCISA’s freAutomatIndicator Sharin(AIcapability enables thexchangof cyber threat indicators between the Federal Government anthprivatsector at machinspeed. Threat indicators arpieces of information like malicious IP addresses or thsender address of a phishinemail (although they can also be much morcomplicated). AIis a part of CISA’s effort to create an ecosystwheras soon as a company or federal agency observes an attempted compromise, the indicatowillinrealourpartners,protectingthemfromfreelearnVisithttps://www.cisa.gov/automatedndicatorsharingisorPARTNERSHIPS AND ENGAGEMENTThe Industrial Control Systems Joint Working Group (ICSJWG) supports information sharing and reduced risk to the Nation’s ICS through enhanced collaboration between the Federal Government and private owners and operators of ICSacross all sectors. ICSJWG facilitates partnerships between Federal, state, and local governments; asset owners and operators; vendors; system integrators; international partners; and academic professionals in all 16 CI sectors. The ICSJWG encourages closer collaboration between government and industry through the ICSJWG Steering Team (IST). ICSJWG activities and products include:Inperson meetingsWebinarsNewslettersICSJWG membership is voluntary and free to all ICS stakeholders. Members receive all outgoing communication to thICSJWG community, including newsletters (with content submitted by ICSJWG membership), facetoface meeting invitations, announcements, training information, and calls for comments.For the latest ICSJWG event information, or to learn more about becomingan ICSJWG member, visit https://www.cisa.gov/icsjwg . PRODUCTS AND TOOLSCISA providesthe ICS community the opportunityto access the followingtools to help strengthen their cybersecurity posture. TheSecurityEvaluationTool(CSET®)systematic,disciplined,repeatablevaluatingsecuritdesktopguidesownersoperators through a step-btepprocesssecuritpractices.Usersevaluateown cybersecurity stance using many recognized government and industry standards andtoohttps://github.com/cisagov/cset/wikiThe Control Environment Laboratory Resource (CELR)a test range environment for government and privateindustry partners to experience the possieffectskineticphysicallowsperform security research on supervisorcontrolacquisitionsystems.ispilotprogramleveragesbestinbreedelf technologies,intrusionidentifmaliciousactivitinICS and corporate networks. CyberSentryvisibilitintoprovidesdetecton CI networks derive cross-sMalcolmiseasdeployablenetworkanalysissuitethe user topacketfiles)environments. Malcom provides uniqueinsightinto specificinenvironments. Because openource itnot require users to obtain paid licenses. 4 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov To request additionalinformation on CELR, CyberSentry, or Malcom, call 888-282-0870 or emailcentral@cisa.dhs.gov . RESPONSE CAPABILITIES When cyber events impact physical processes, CISA can help asset owners by coordinating risk mitigation efforts across the ICS community and sharing indicators of compromise and tactics to secure the Nation’s infrastructure. CISA brings expertise and advanced tooling to aid ICS cyber victims in identifying artifacts, determining affected components, and building recovery plans specific to lowerlevel OT devices. To report an ICS incident, visit https://us-cert.cisa.gov/report or call 888-282-0870. STRATEGIC RISK ANALYSIS CISAprovidesICSpartnerswithresourcesandcapabilitiestomanageICSriskthroughCISA’sNationalRiskManagementCenter(NRMC).NRMCplanning,analysis,andcollaborationcenterfocusedonaddressingtheNation’shighestprioritCIrisksoriginatingfromcyberthreatsndphysicalhazards. ThCenter also focuses on integratipreviously siloedrisks.Atthestrategiclevel,NRMCservestheend-toendintegratorofriskmanagementactivitiesfortheNationalCriticalFunctions(NCFs)andleveragesthatriskexpertisetosupportoveralexecutionoftheCISAmission.learnmoreaboutNRMC’skey initiativesandtoaccessresources,pleasevisithttps://www.cisa.gov/nationalriskmanagementexplorenformationabouttheNCFs,visithttps://www.cisa.gov/national-criticalfunctionsTECHNICAL ANALYSIS CISAhastheabilittoconductanalysismalware,digitmedia,andICShardware.CISAICSanalystsfocusondigitalartifactsfromdevicesspecifictoindustrialcontrolsystemssuch as PLCs anremotterminal units.CISA’sICSadvancedlaboratorspecializesinenvironmentsiswithvisit-cert.cisa.gov/report. TRAINING CISA’s ICtraining courses anworkshops provithICcommunity nocostinpersonandvirtutraining.Visithttps://www.cisa.gov/cybersecuritytraining-exercisesexploretrainingoptions.Topics covereinclude: ntroduction to ICS securityDefense strategiesInformation on cyber threatsHow to coordinate response with DHSMitigations for vulnerabilitiesVULNERABILITY COORDINATION CISA’s Coordinated Vulnerability Disclosure (CVD) program coordinates the remediation and public disclosure of newly identified cybersecurity vulnerabilities in products and services with the affected vendor(s). This includes new vulnerabilities in ICS, Internet of Things (IoT), medical devices, as well as traditional IT vulnerabilities. 5 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov The goal of the CVD program is to ensure CISA, the affected vendor(s) and/or service provider(s), and the eportersimultaneously.Thisensureusersreceiveconsistent, actionableinformationintimelmanner. vulnerability,or visit ert.cisa.gov/report Offe ring/Capability Website Assessments https㨯⽷睷.cisa⹧潶⽣yber-r敳ourc攭h畢 偃II 偲ogr慭 : https㨯⽷睷.cisa⹧潶⽰捩i pro杲am Ex敲cis敳 https㨯⽷睷.cisa⹧潶⽣riti捡l楮fr慳tructure-數ercis敳 CTEP documents: https://www.cisa.gov/publication/cisatabletop exercise - package Information Exchange https㨯⽷睷.cisa⹧潶⽩捳 > click on resources t慢 AI匠Pro杲am: https://www.c楳愮gov/慵tom慴ed 楮d楣慴or sh慲楮g Partn敲ships an搠En条来ment https㨯⽷睷.cisa⹧潶⽩捳 > click on resources t慢 https㨯⽷睷.cisa⹧潶⽩捳j睧 偲oducts 慮d Tools CSET too氺 https://g楴hub.com/c楳慧ov/cset/wiki Em慩l centr慬䁣is愮gov for oth敲 pro摵cts an搠tools 剥sponse⁃慰慢ilitiesTo report an ICS incident, visit https://us-cert.cisa.gov/report Strategic Risk Analysis N前C link: https㨯⽷w眮捩sa⹧潶/nati潮alri獫-浡na来m敮t National Critical Functions (NCF): https://www.cisa.gov/nationalcritical functio ns Technical AnalysisTo report malware, visit https://us-cert.cisa.gov/report Traininghttps://www.cisa.gov/cybersecuritytraining-exercises Vulnerability Coordination https㨯⽷睷.cisa⹧潶⽣o潲dinated vu汮erability di獣lo獵re proc敳s To report an ICS vulnerability, call 8882820870, or visit https://us cert.cisa.gov/report CISA | DEFEND TODAY, SECURE TOMORROW Facebook.com/CISA @CISAgov|@cyber|@uscert_gov | @ICSCERT C entral @cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov CISA NDUSTRIAL TROL STEMS CURITY OFFERINGSCAPAILITIES Cybersecurity anInfrastructurSecurity Agency (CISAis thNation's risk advisor, working with partners to defend againsttoday'sthreatsandcollaboratingwithindustrtobuildmoresecureandresilientinfrastructureforthefuture.CISA partnerwiththeindustrialontrosystemcommunittohelpunderstand,detect,andprotectagainstICSrisk,d,whennecessary,helpscriticalfrastructure(CI)ownersandoperatorsrespondtosignificantcybersecuritincidents.CISA’S ROLE CURITY CISA plays a unique role as the lead federal civilian agency responsible for helping CI partners manage ICS risk. Fulfilling this role requires both operational and strategic partnerships across the ICS community. Such collaborative partnerships ten succeed in resolving intractable issues where unilateral efforts of government or private industry cannot. Broadly,theICScommunitincludestitiesgovernmentlevels,theprivatesector,internationpartners,academia, anotherswithequitiesinICSsecurity.CISA’sfocusonICSsecuritandcommitmenttocollaboratingwiththeICScommunitvitpartofitsmission.OFFERINGSTo support the ICS community's cyber risk management efforts, CISA offers a wide range of products, services,capabilitiesoniconbelowlearnendto visit CISA webpages for each offering. CISA INDUSTRIAL CONTROL SYSTEMS SECURITY OFFERINGS AssessmentsOperational resilience evaluations Cyber HuntAid ICS partners with adversary presence search in absence of known threat ExercisesTesting and readiness for ICS incidents Information ExchangeSharing of threat and best practice guidance with partners Partnerships and EngagementCollaborate and coordinate with ICS partners Products and ToolsAccess to on tools for the ICS community ResponseProvide expertise tooling to aid ICS cyber victims Strategic Risk AnalysisProvide ICS risk information pertaining to National Critical Functions (NCFs Technical AnalysisICS malware analysis support TrainingTechnical and nontechnical ICS instruction for all skill levels Vulnerability CoordinationCoordinated, public disclosure of ICS vulnerabilities + mitigation recommendations CISA | DEFEND TODAY, SECURE TOMORROW Facebook.com/CISA @CISAgov|@cyber|@uscert_gov | @ICSCERT C entral @cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov CISA NDUSTRIAL TROL STEMS CURITY OFFERINGSCAPABILITIES ybersecurity anInfrastructurSecurity Agency (CISAis thNation's risk advisor, working with partners to defend againsttoday'sthreatsandcollaboratingwithindustrtobuildmoresecureandresilientinfrastructureorthefuture.CISA partnerwiththeindustrialontrosystemcommunittohelpunderstand,detect,andprotectagainstICSrisk,andwhennecessary,helpscriticalnfrastructure(CI)ownersandoperatorsrespondtosignificantcybersecuritncidents.CISA’S ROLE CURITY ISA plays a unique role as the lead federal civilian agency responsible for helping CI partners manage ICS risk. Fulfilling this role requires both operational and strategic partnerships across the ICS community. Such collaborative partnerships ten succeed in resolving intractable issues where unilateral efforts of government or private industry cannot. Broadly,theICScommunitincludestitiesvernmentlevels,theprivatesector,internationpartners,academia, anotherswithequitiesinICSsecurity.CISA’sfocusonICSsecuritandcommitmenttocollaboratingiththeICScommunitvitpartofitsmission.FERINGSTo support the ICS community's cyber risk management efforts, CISA offers a wide range of products, services,capabilitiesoniconbelowlearn endto visit CISA webpages for each offering. CISA INDUSTRIAL CONTROL SYSTEMS SECURITY OFFERINGS AssessmentsOperational resilience evaluations Cyber HuntAid ICS partners with adversary presence search in absence of known threat ExercisesTesting and readiness for ICS incidents Information ExchangeSharing of threat and best practice guidance with partners Partnerships and EngagementCollaborate and coordinate with ICS partners Products and ToolsAccess to on tools for the ICS community ResponseProvide expertise tooling to aid ICS cyber victims Strategic Risk AnalysisProvide ICS risk information pertaining to National Critical Functions (NCFs Technical AnalysisICS malware analysis support TrainingTechnical and nontechnical ICS instruction for all skill levels Vulnerability CoordinationCoordinated, public disclosure of ICS vulnerabilities + mitigation recommendations CISA | DEFEND TODAY, SECURE TOMORROW Facebook.com/CISA @CISAgov|@cyber|@uscert_gov | @ICSCERT C entral @cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov CISA NDUSTRIAL TROL STEMS CURITY OFFERINGSCAPABILITIES bersecurity anInfrastructurSecurity Agency (CISAis thNation's risk advisor, working with partners to defend againsttoday'sthreatsandcollaboratingwithindustrtobuildmoresecureandresilientinfrastructurefothefuture.CISA partnerwiththeindustrialontrosystemcommunittohelpunderstand,detect,andprotectagainstICSrisk,and,whennecessary,helpscriticalnfrastructure(CI)ownersandoperatorsrespondtosignificantcybersecuritincidents.CISA’S ROLE CURITY CISA plays a unique role as the lead federal civilian agency responsible for helping CI partners manage ICS risk. Fulfilling this role requires both operational and strategic partnerships across the ICS community. Such collaborative partnerships ten succeed in resolving intractable issues where unilateral efforts of government or private industry cannot. Broadly,theICScommunitincludestitiesgovernmentlevels,theprivatesector,internationartners,academia, anotherswithequitiesnICSsecurity.CISA’sfocusonICSsecuritcommitmenttocollaboratingwiththeICScommunitvitpartofitsmission.ERINGSTo support the ICS community's cyber risk management efforts, CISA offers a wide range of products, services,litiesoniconbelowlearnendto visit CISA webpages for each offering. CISA INDUSTRIAL CONTROL SYSTEMS SECURITY OFFERINGS AssessmentsOperational resilience evaluations Cyber HuntAid ICS partners with adversary presence search in absence of known threat ExercisesTesting and readiness for ICS incidents Information ExchangeSharing of threat and best practice guidance with partners Partnerships and EngagementCollaborate and coordinate with ICS partners Products and ToolsAccess to on tools for the ICS community ResponseProvide expertis

2 e tooling to aid ICS cyber victims Strat
e tooling to aid ICS cyber victims Strategic Risk AnalysisProvide ICS risk information pertaining to National Critical Functions (NCFs Technical AnalysisICS malware analysis support TrainingTechnical and nontechnical ICS instruction for all skill levels Vulnerability CoordinationCoordinated, public disclosure of ICS vulnerabilities + mitigation recommendations 2 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov ASSESSMENTS CISA offers a range of voluntary cybersecurity assessment services focused on Operational Technologies (OT) that evaluate an organization’s:Operational resilienceCybersecurity practicesManagement of external dependenciesAdditional elements that are key to a robust cybersecurity framework Stakeholders receivrecommendationandmitigationplansforallassessments.InformationsharedwithCISAthestorconfidentiProtectedCriticInformation(PCII) https://www.cisa.gov/pciihttps://www.cisa.gov/cyberesourceorfor more information on how to request CISA’s hunt capabilities are specificallyfocused on identifying sophisticated threats and adversary presence in OT and IT environments, often beyond the capacity and capability of traditional cybersecurity tools and techniques. EXERCISES CISA provides cyber exercisplanning to support ICS ancritical infrastructurpartners by deliverina full spectrucyber exercisplanninworkshops and seminars. These range frosmall discussionbasedexercisesthatlasttwohourstofullscale,internationallscoped,operationsasedexercisesthatspanmultipledays.CISAdesignstheseeventstoassistorganizationsalllevelsinthedevelopmentandtestingofcybersecuritprevention,protection,mitigation,andesponsecapabilitiesCISAdesigned tCISA Tabletop ExercisPacka(CTEPtoassistpartnerorganizationsindevelopingeirowntabletopcises to meet thspecific needs of their facilities anstakeholders. ThCTEP allows users to leveraprebuiltexercisetemplatesandvettedscenariostobuildtabletopexercisestoassess,develop,andupdateinformationsharingprocesses, emergency plans, policies, and procedures. To request more information about the CISA exercise program, visit or emailCentral@cisa.dhs.govVisittps://www.cisa.gov/publication/cisadocument and guides.INFORMATION EXCHANGE CISAregularlpublishesICSspecific alerts, advisories, anguidancdocuments forthepublic.Alertsprovidetimely notificationtocriticinfrastructureownersandoperatorsconcerningcontrosystemsthreats.Advisoriesprovidetimely informationaboutsecuritissues,exploitslatestadvisoriesguidancevisithttps://www.cisa.gov/icsclickonresourcestab. 2 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov ASSESSMENTS CISA offers a range of voluntary cybersecurity assessment services focused on Operational Technologies (OT) that evaluate an organization’s:Operational resilienceCybersecurity practicesManagement of external dependenciesAdditional elements that are key to a robust cybersecurity framework Stakeholders receivrecommendationandmitigationplansforallassessments.InformationsharedwithCISAtherequestorconfidentiProtectedCriticInformation(PCII) https://www.cisa.gov/pcii sithttps://www.cisa.gov/cyberesourceorfor more information on how to request CYBER HUNT CISA’s hunt capabilities are specificallyfocused on identifying sophisticated threats and adversary presence in OT and IT environments, often beyond the capacity and capability of traditional cybersecurity tools and techniques. EXERCISES CISA provides cyber exercisplanning to support ICS ancritical infrastructurpartners by deliverina full spectrucyber exercisplanninworkshops and seminars. These range frosmall discussionbasedexerciseshatlasttwohourstofullscale,internationallscoped,operationsbasexercisesthatspanmultipledays.CISAdesignstheseeventstoassistorganizationsalllevelsinthedevelopmentandtestingofcybersecuritprevention,protection,mitigation,andresponsecapabilitiesCISAdesigned tCISA Tabletop ExercisPacka(CTEPtoassistpartnerorganizationsindevelopingheiowntabletopexercises to meet thspecific needs of their facilities anstakeholders. ThCTEP allows users to leveraprebuiltexercisetemplatesandvettedscenariostobuildtabletopexercisestoassess,develop,andupdateinformationsharingprocesses, emergency plans, policies, and procedures. To request more information about the CISA exercise program, visit or emailCentral@cisa.dhs.govVisittps://www.cisa.gov/publication/cisadocument and guides.INFORMATION EXCHANGE CISAregularlpublishesCSspecific alerts, advisories, anguidancdocuments forthepublic.Alertsprovidetimely notificationtocriticinfrastructureownersandoperatorsconcerningcontrosystemsthreats.Advisoriesprovidetimely informationaboutsecuritissues,exploitslatestadvisoriesguidancevisithttps://www.cisa.gov/icsclickonresourcestab. 2 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov ASSESSMENTS CISA offers a range of voluntary cybersecurity assessment services focused on Operational Technologies (OT) that evaluate an organization’s:Operational resilienceCybersecurity practicesManagement of external dependenciesAdditional elements that are key to a robust cybersecurity framework Stakeholders receivrecommendationandmitigationplansforallassessments.InformationsharedwithCISAheconfidentiProtectedCriticon(PCII) sithttps://www.cisa.gov/cyberorfor more information on how to request CISA’s hunt capabilities are specificallyfocused on identifying sophisticated threats and adversary presence in OT and IT environments, often beyond the capacity and capability of traditional cybersecurity tools and techniques. EXERCISES CISA provides cyber exercisplanning to support ICS ancritical infrastructurpartners by deliverina full spectruyber exercisplanninworkshops and seminars. These range frosmall discussionbasedexercisesthatlasttwohoursfullcale,internationallscoped,operationsasedexercisesthatpanmultipleys.CISAdesignstheseeventstoassistorganizationsalllevelsinthedevelopmentandtestingofcybersecuritprevention,protection,mitigation,andresponsecapabilitiesdesigned tCISA Tabletop ExercisPacka(CTEPtoassistpartnerorganizationsindevelopingheirowntabletopexercises to meet thspecific needs of their facilities anstakeholders. ThCTEP allows users to leveraprebuiltexercisetemplatesandvettedscenariostobuildtabletopexercisestoassess,develop,andupdateinformationsharingprocesses, emergency plans, policies, and procedures. more information about the CISA exercise program, visitor emailCentral@cisa.dhs.govVisittps://www.cisa.gov/publication/cisadocument and guides. INFORMATION EXCHANGE CISAregularlpublishesICSecific alerts, advisories, anguidancdocuments forthepublic.Alertsprovidetimely notificationtocriticinfrastructureownersandoperatorsconcerningcontrosystemsthreats.Advisoriesprovidetimely informationaboutsecuritissues,exploitslatestadvisoriesguidancevisithttps://www.cisa.gov/icsclickonresourcestab. 2 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov ASSESSMENTS CISA offers a range of voluntary cybersecurity assessment services focused on Operational Technologies (OT) that evaluate an organization’s:Operational resilienceCybersecurity practicesManagement of external dependenciesAdditional elements that are key to a robust cybersecurity framework Stakeholders receivrecommendationandmitigationplansforallassessments.InformationsharedwithCISAthconfidentiProtectedCriticInformatio(PCII) sithttps://www.cisa.gov/cyberorfor more information on how to request CISA’s hunt capabilities are specificallyfocused on identifying sophisticated threats and adversary presence in OT and IT environments, often beyond the capacity and capability of traditional cybersecurity tools and techniques. EXERCISES CISA provides cyber exercisplanning to support ICS ancritical infrastructurartners by deliverina full spectrucyber exercisplanninworkshops and seminars. These range frosmall discussionbasedexercisesthatlasttwohoursfullscale,internationallscoped,operationsbasexercisesthatspanmultipledays.CISAdesignstheseeventstosistorganizationsalllevelsinthedevelopmentandtestingofcybersecuritrevention,protection,mitigation,andresponsecapabilitiesCISAdesigned tCISA Tabletop ExercisPacka(CTEPtoassistpartnerorganizationsindevelopingheirowntabletopcises to meet thspecific needs of their facilities anstakeholders. ThCTEP allows users to leverapreuiltexercisetemplatesandvettedscenariostobuildtabletopexercisestoassess,develop,andupdateinformationsharingemergency plans, policies, and procedures. information about the CISA exercise program, visitor emailCentral@cisa.dhs.govVisitcation/cisaument and guides.INFORMATION EXCHANGE CISAregularlpublishesICSspfic alerts, advisories, anguidancdocuments forthepublic.Alertsprovidetimely notificationtocriticinfrastructurewnersandoperatorsconcerningcontrosystemsthreats.Advisoriesprovidetimely informationaboutsecuritissues,exploitslatestadvisoriesguidancevisithttps://www.cisa.gov/icslickonresourcestab. 2 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov ASSESSMENTS CISA offers a range of voluntary cybersecurity assessment services focused on Operational Technologies (OT) that evaluate an organization’s:Operational resilienceCybersecurity practicesManagement of external dependenciesAdditional elements that are key to a robust cybersecurity framework Stakeholders receivrecommendationandmitigationplansforallassessments.InformationsharedwithCISAtheProtectedCriticInformationfor more information on how to request CISA’s hunt capabilities are specificallyfocused on identifying sophisticated threats and adversary presence in OT and IT environments, often beyond the capacity and capability of traditional cybersecurity tools and techniques. EXERCISES CISA provides cyber exercisplanning to support ICS ancritical infrastructurpartners by deliverina full spectrucyber exercisplanninworkshops and seminars. These range frosmall discussionbasedexercisesthatlasttwohourstollscale,internationallscoped,operationsbasedexercisesthatspanmultipledays.CISAdesigntheseeventstoassisorganizationsalllevelsinthedevelopmentandtestingofcybersecuritprevention,protection,mitigation,andresponsecapabilitiesCISAdesigned tCISA Tabletop ExercisPacka(CTEPtoassistpartnerorganizationsindevelopingheirowntabletopexercises to meet thspecific needs of their facilities anstakeholders. ThCTEP allows users to leveraprebuiltexercisetemplatesandvettedscenariostobuildtabletopexercisestoassess,develop,andupdateinformationsharingprocesses, emergency plans, policies, and To request more information about the CISA exercise program, visitor emailCentral@cisa.dhs.govVisitcation/cisadocument and guides.INFORMATION EXCHANGE CISAregularlpublishesICSspecific alerts, advisories, anguidancdocuments forthepublic.Alertsprovidetimely notificationtocriticinfrastructureownersandoperatorsconcerningcontrosystemsthreats.Advisoriesprovidetimely informationaboutsecuritissues,exploitslatestadvisoriesguidancevisithttps://www.cisa.gov/icslickonresourcestab. 3 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov Automated Indicatorharingrogram CISA’s freAutomatIndicator Sharin(AIcapability enables thexchangof cyber threat indicators between the Federal Government anthprivatsector at machinspeed. Threat indicators arpieces of information like malicious IP addresses or thsender address of a phishinemail (although they can also be much morcomplicated). is a part of CISA’s effort to create an ecosystwheras soon as a company or federal agency observes an attempted compromise, the indicatowillinrealourpartners,protectingthemfromfreelearnVisithttps://www.cisa.gov/automatedndicatorsharingisor PARTNERSHIPS AND ENGAGEMENTThe Industrial Control Systems Joint Working Group (ICSJWG) supports information sharing and reduced risk to the Nation’s ICS through enhanced collaboration between the Federal Government and private owners and operators of ICSacross all sectors. ICSJWG facilitates partnerships between Federal, state, and local governments; asset owners and operators; vendors; system integrators; international partners; and academic professionals in all 16 CI sectors. The ICSJWG encourages closer collaboration between government and industry through the ICSJWG Steering Team (IST). ICSJWG activities and products include:Inperson meetingsWebinarsNewslettersICSJWG membership is voluntary and free to all ICS stakeholders. Members receive all outgoing communication to thICSJWG community, including newsletters (with content submitted by ICSJWG membership), facetoface meeting invitations, announcements, training information, and calls for comments.For the latest ICSJWG event information, or to learn more about becomingan ICSJWG member, visit https://www.cisa.gov/icsjwg . PRODUCTS AND TOOLSCISA providesthe ICS community the opportunityto access the followingtools to help strengthen their cybersecurity posture. TheSecurityEvaluationTool(CSET®)systematic,disciplined,repeatableatingsecuritdesktopguidesownersoperators through a step-btepprocesssecuritpractices.Usersevaluatetheir own cybersecurity stance using many recognized government and industry standards andtoohttps://github.com/cisagov/cset/wikiThe Control Environment Laboratory Resource (CELR)a test range environment for government and privateindustry partners to experience the possieffectskineticphysicallowsperform security research on supervisorcontrolacquisitionsystems.ispilotprogramleveragesbestinbreedcommercial off-telf technologies,intrusionidentifmaliciousactivitinICS and corporate networks. CyberSentryparticipationimevisibilitintoprovidestecton CI networks derive cross-sectorMalcolmiseasdeployablenetworkanalysissuitethe user tocapture packetfiles)environments. Malcom provides uniqueinsightinto specificinenvironments. Because openource itdoes not users to obtain paid licenses. 3 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov Automated IndicatorharingogramISA’s freAutomatIndicator Sharin(AIcapability enables thexchangof cyber threat indicators between the Federal Government anthprivatsector at machinpeed. Threat indicators arpieces of information like malicious IP addresses or thsender address of a phishinemail (although they can also be much morcomplicated). AIis a part of CISA’s effort to create an ecosystwheras soon as a company or federal agency observes an attempted compromise, the indicatowillinrealourpartners,protectingthemfromfreelearnVisithttps://www.cisa.gov/automatedndicatorsharingisorPARTNERSHIPS AND ENGAGEMENTThe Industrial Control Systems Joint Working Group (ICSJWG) supports information sharing and reduced risk to the Nation’s ICS through enhanced collaboration between the Federal Government and private owners and operators of ICSacross all sectors. ICSJWG facilitates partnerships between Federal, state, and local governments; asset owners and operators; vendors; system integrators; international partners; and academic professionals in all 16 CI sectors. The ICSJWG encourages closer collaboration between government and industry through the ICSJWG Steering Team (IST). ICSJWG activities and products include:Inperson meetingsWebinarsNewslettersICSJWG membership is voluntary and free to all ICS stakeholders. Members receive all outgoing communication to thICSJWG community, including newsletters (with content submitted by ICSJWG membership), facetoface meeting invitations, announcements, training information, and calls for comments.For the latest ICSJWG event information, or to learn more about becomingan ICSJWG member, visit https://www.cisa.gov/icsjwg . PRODUCTS AND TOOLSCISA providesthe ICS community the opportunityto access the followingtools to help strengthen their cybersecurity posture. TheSecurityEvaluationTool(CSET®)systematic,disciplined,repeatableevalusecuritdesktopguidesownersoperators through a step-btepprocesssecuritpractices.Usersevaluatetheir own cybersecurity stance using many recognized government and industry standards andtoohttps://github.com/cisagov/cset/wikiThe Control Environment Laboratory Resource (CELR)a test range environment for government and privateindustry partners to experience the possieffectskineticphysicallowsperfor

3 m security research on supervisorcontrol
m security research on supervisorcontrolacquisitionsystems.ispilotprogramleveragesbestinbreedcommercial off-tintrusionidentifmaliciousactivitinICS and corporate networks. CyberSentryparticipationsibilitintoprovidesdeteon CI networks derive cross-sectorMalcolmiseasdeployablenetworkanalysissuitethe user tocapture packetfiles)environments. Malcom provides uniqueinsightinto specificinenvironments. Because openource itdoes not require users to obtain paid licenses. 3 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov Automated IndicatorharingrogramCISA’s freAutomatIndicator Sharin(AIcapability enables thexchangcyber threat indicators between the Federal Government anthprivatsector at machinspeed. Threat indicators arpieces of information like malicious IP addresses or thsender address of a phishinemail (although they can also be much morcomplicated). AIs a part of CISA’s effort to create an ecosystwheras soon as a company or federal agency observes an attempted compromise, the indicatowillinrealourpartners,protectingthemfromfreelearnVisithttps://www.cisa.gov/automatedndicatorsharingisorPARTNERSHIPS AND ENGAGEMENTThe Industrial Control Systems Joint Working Group (ICSJWG) supports information sharing and reduced risk to the Nation’s ICS through enhanced collaboration between the Federal Government and private owners and operators of ICSacross all sectors. ICSJWG facilitates partnerships between Federal, state, and local governments; asset owners and operators; vendors; system integrators; international partners; and academic professionals in all 16 CI sectors. The ICSJWG encourages closer collaboration between government and industry through the ICSJWG Steering Team (IST). ICSJWG activities and products include:Inperson meetingsWebinarsNewslettersICSJWG membership is voluntary and free to all ICS stakeholders. Members receive all outgoing communication to thICSJWG community, including newsletters (with content submitted by ICSJWG membership), facetoface meeting invitations, announcements, training information, and calls for comments.For the latest ICSJWG event information, or to learn more about becomingan ICSJWG member, visit https://www.cisa.gov/icsjwg . PRODUCTS AND TOOLSCISA providesthe ICS community the opportunityto access the followingtools to help strengthen their cybersecurity posture. TheSecurityEvaluationTool(CSET®)systematic,disciplined,repeatableevaluatisecuritdesktopguidesownersoperators through a step-btepprocesssecuritpractices.Usersevaluatetheir own cybersecurity stance using many recognized government and industry standards andtoohttps://github.com/cisagov/cset/wikiThe Control Environment Laboratory Resource (CELR)a test range environment for government and privateindustry partners to experience the possieffectskineticphysicallowsperform security research on supervisorcontrolacquisitionsystems.ispilotprogramleveragesbestinbreedcommercial off-telf technologies,intrusionidentifmaliciousactivitinICS and corporate networks. CyberSentryparticipationimevisiintoprovidesdetecton CI networks derive cross-sectorMalcolmiseasdeployablenetworkanalysissuitethe user tocapture packetfiles)environments. Malcom provides uniqueinsightinto specificinenvironments. Because openource itdoes not require users to obtain paid licenses. 3 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov Automated IndicatorharingrogramCISA’s freAutomatIndicator Sharin(AIcapability enables thexchangof cyber threat indicators between the Federal Government anthprivatsector at machinspeed. Threat indicators arpieces of information like malicious IP addresses or thsender address of a phishinemail (although they can also be much morcomplicated). AIis a part of CISA’s effort to create an ecosystwheras soon as a company or federal agency observes an attempted compromise, the indicatowillinrealourpartners,protectingthemfromfreelearnVisithttps://www.cisa.gov/automatedndicatorsharingisorPARTNERSHIPS AND ENGAGEMENTThe Industrial Control Systems Joint Working Group (ICSJWG) supports information sharing and reduced risk to the Nation’s ICS through enhanced collaboration between the Federal Government and private owners and operators of ICSacross all sectors. ICSJWG facilitates partnerships between Federal, state, and local governments; asset owners and operators; vendors; system integrators; international partners; and academic professionals in all 16 CI sectors. The ICSJWG encourages closer collaboration between government and industry through the ICSJWG Steering Team (IST). ICSJWG activities and products include:Inperson meetingsWebinarsNewslettersICSJWG membership is voluntary and free to all ICS stakeholders. Members receive all outgoing communication to thICSJWG community, including newsletters (with content submitted by ICSJWG membership), facetoface meeting invitations, announcements, training information, and calls for comments.For the latest ICSJWG event information, or to learn more about becomingan ICSJWG member, visit https://www.cisa.gov/icsjwg . PRODUCTS AND TOOLSCISA providesthe ICS community the opportunityto access the followingtools to help strengthen their cybersecurity posture. TheSecurityEvaluationTool(CSET®)systematic,disciplined,repeatableevaluatingsecuritdesktopguidesownersoperators through a step-btepprocesssecuritpractices.Usersevaluatetheir own cybersecurity stance using many recognized government and industry standards andtoohttps://github.com/cisagov/cset/wikiThe Control Environment Laboratory Resource (CELR)a test range environment for government and privateindustry partners to experience the possieffectskineticphysicallowsperform security research on supervisorcontrolacquisitionsystems.ispilotprogramleveragesbestinbreedcommercial off-telf technologies,intrusionidentifmaliciousactivitinICS and corporate networks. CyberSentryparticipationimesibilitintoprovidesdetecton CI networks derive cross-sectorMalcolmiseasdeployablenetworkanalysissuitethe user tocapture packetfiles)environments. Malcom provides uniqueinsightinto specificinenvironments. Because openource itdoes not require users to obtain paid 3 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov Automated IndicatorharingrogramCISA’s freAutomatIndicator Sharin(AIcapability enables thexchangof cyber threat indicators between the Federal Government anthprivatsector at machinspeed. Threat indicators arpieces of information like malicious IP addresses or thsender address of a phishinemail (although they can also be much morcomplicated). AIis a part of CISA’s effort to create an ecosystwheras soon as a company or federal agency observes an attempted compromise, the indicatowillinrealourpartners,protectingthemfromfreelearnVisithttps://www.cisa.gov/automatedndicatorsharingisorPARTNERSHIPS AND ENGAGEMENTThe Industrial Control Systems Joint Working Group (ICSJWG) supports information sharing and reduced risk to the Nation’s ICS through enhanced collaboration between the Federal Government and private owners and operators of ICSacross all sectors. ICSJWG facilitates partnerships between Federal, state, and local governments; asset owners and operators; vendors; system integrators; international partners; and academic professionals in all 16 CI sectors. The ICSJWG encourages closer collaboration between government and industry through the ICSJWG Steering Team (IST). ICSJWG activities and products include:Inperson meetingsWebinarsNewslettersICSJWG membership is voluntary and free to all ICS stakeholders. Members receive all outgoing communication to thICSJWG community, including newsletters (with content submitted by ICSJWG membership), facetoface meeting invitations, announcements, training information, and calls for comments.For the latest ICSJWG event information, or to learn more about becomingan ICSJWG member, visit https://www.cisa.gov/icsjwg PRODUCTS AND TOOLSCISA providesthe ICS community the opportunityto access the followingtools to help strengthen their cybersecurity posture. TheSecurityEvaluationTool(CSET®)systematic,disciplined,repeatableevaluatingsecuritdesktopguidesownersoperators through a step-btepprocesssecuritpractices.Usersevaluatetheir own cybersecurity stance using many recognized government and industry standards andtoo https://github.com/cisagov/cset/wiki The Control Environment Laboratory Resource (CELR)a test range environment for government and privateindustry partners to experience the possieffectskineticphysicallowsperform security research on supervisorcontrolacquisitionsystems.ispilotprogramleveragesbestinbreedcommercial off-telf technologies,intrusionidentifmaliciousactivitinICS and corporate networks. CyberSentryparticipationimevisibilitintoprovidesdetecton CI networks derive cross-sectorMalcolmiseasdeployablenetworkanalysissuitethe user tocapture files)environments. Malcom provides uniqueinsightinto specificinenvironments. Because openource itdoes not require users to obtain paid licenses. 4 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov To request additionalinformation on CELR, CyberSentry, or Malcom, call 888-282-0870 or emailcentral@cisa.dhs.gov . RESPONSE CAPABILITIES When cyber events impact physical processes, CISA can help asset owners by coordinating risk mitigation efforts across the ICS community and sharing indicators of compromise and tactics to secure the Nation’s infrastructure. CISA brings expertise and advanced tooling to aid ICS cyber victims in identifying artifacts, determining affected components, and building recovery plans specific to lowerlevel OT devices. To report an ICS incident, visit https://us-cert.cisa.gov/report or call 888-282-0870. STRATEGIC RISK ANALYSIS CISAprovidesICSpartnerswithresourcesandcapabilitiestomanageICSriskthroughCISA’sNationalRiskManagemententer(NRMC).NRMCplanning,analysis,andcollaborationcenterfocusedonaddressingtheNation’shighestprioritCIrisksoriginatingfromcyberthreatsndphysicalhazards. ThCenter also focuses on integratipreviously siloedrisks.Atthestrategiclevel,NRMCservestheend-toendintegratorofriskmanagementactivitiesfortheNationalCriticalFunctions(NCFs)andleveragesthatriskexpertisetosupportoveralexecutionoftheCISAmission.learnmoreaboutNRMC’skey initiativesandtoaccessresources,pleasevisitttps://www.cisa.gov/nationalriskmanagementexplorenformationabouttheNCFs,visithttps://www.cisa.gov/nationalcriticalfunctionsTECHNICAL ANALYSIS CISAhastheabilittoconductanalysismalware,digitmedia,andICShardware.CISAICSanalystsfocusondigitalartifactsfromdevicesspecifictoindustrialcontrolsystemssuch as PLCs anremotterminal units.CISA’sICSadvancedlaboratorspecializesinenvironmentsiswithvisit-cert.cisa.gov/report. TRAINING CISA’s ICtraining courses anworkshops provithICcommunity nocostinpersonandvirtutraining.Visithttps://www.cisa.gov/cybersecuritytraining-exercisesexploretrainingoptions.Topics covereinclude: Introduction to ICS securityDefense strategiesInformation on cyber threatsHow to coordinate response with DHSMitigations for vulnerabilitiesVULNERABILITY COORDINATION CISA’s Coordinated Vulnerability Disclosure (CVD) program coordinates the remediation and public disclosure of newly identified cybersecurity vulnerabilities in products and services with the affected vendor(s). This includes new vulnerabilities in ICS, Internet of Things (IoT), medical devices, as well as traditional IT vulnerabilities. 4 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov To request additionalinformation on CELR, CyberSentry, or Malcom, call 888-282-0870 or emailcentral@cisa.dhs.gov RESPONSE CAPABILITIES When cyber events impact physical processes, CISA can help asset owners by coordinating risk mitigation efforts across the ICS community and sharing indicators of compromise and tactics to secure the Nation’s infrastructure. CISA brings expertise and advanced tooling to aid ICS cyber victims in identifying artifacts, determining affected components, and building recovery plans specific to lowerlevel OT devices. To report an ICS incident, visit https://us-cert.cisa.gov/report or call 888-282-0870. STRATEGIC RISK ANALYSIS CISAprovidesICSpartnerswithresourcesandcapabilitiestomanageICSriskthroughISA’sNationalRiskManagementCenter(NRMC).NRMCplanning,analysis,andcollaborationcenterfocusedonaddressingtheNation’shighestrioritCIrisksoriginatingfromcyberthreatsndphysicalhazards. ThCenter also focuses on integratipreviously siloedrisks.Atthestrategiclevel,NRMCservestheend-toendintegratorofriskmanagementactivitiesfortheNationalCriticalFunctions(NCFs)andleveragesthatriskexpertisesupportoveralexecutionoftheCISAission.learnmoreaboutNRMC’skey initiativesandtoaccessresources,pleasevisithttps://www.cisa.gov/nationalriskmanagementexplorenformationabouttheNCFs,visithttps://www.cisa.gov/national-criticalfunctionsTECHNICAL ANALYSIS CISAhastheabilittoconductanalysismalware,igitmedia,andICShardware.CISAICSanalystsfocusondigitalartifactsfromdevicesspecifictoindustrialcontrolsystemssuch as PLCs anremotterminal units.CISA’sICSadvancedlaboratorspecializesinenvironmentsiswithvisit-cert.cisa.gov/report. TRAINING CISA’s ICtraining courses anworkshops provithICcommunity nocostinpersonandvirtutraining.Visithttps://www.cisa.gov/cybersecuritytraining-exercisesexploretrainingoptions.Topics covereinclude: Introduction to ICS securityDefense strategiesInformation on cyber threatsHow to coordinate response with DHSMitigations for vulnerabilitiesVULNERABILITY COORDINATION CISA’s Coordinated Vulnerability Disclosure (CVD) program coordinates the remediation and public disclosure of newly identified cybersecurity vulnerabilities in products and services with the affected vendor(s). This includes new vulnerabilities in ICS, Internet of Things (IoT), medical devices, as well as traditional IT vulnerabilities. 4 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov To request additionalinformation on CELR, CyberSentry, or Malcom, call 888-282-0870 or emailcentral@cisa.dhs.gov RESPONSE CAPABILITIES When cyber events impact physical processes, CISA can help asset owners by coordinating risk mitigation efforts across the ICS community and sharing indicators of compromise and tactics to secure the Nation’s infrastructure. CISA brings expertise and advanced tooling to aid ICS cyber victims in identifying artifacts, determining affected components, and building recovery plans specific to lowerlevel OT devices. To report an ICS incident, visit https://us-cert.cisa.gov/reportr call 888-282-0870. STRATEGIC RISK ANALYSIS CISAprovidesICSpartnerswithresourcesandcapabilitiestomanageICSriskthroughCISA’sNationalskManagemententer(NRMC).NRMCplanning,analysis,andcollaborationcenterfocusedonaddressingtheNation’shighestrioritCIrisksriginatingfromcyberthreatsdphysicalhazards. ThCenter also focuses on integratipreviously siloedrisks.Atthestrategiclevel,NRMCservestheend-endintegratorofriskmanagementactivitiesfortheationalCriticalFunctions(NCFs)andleveragesthatiskexpertisetosupportoveralexecutionoftheISAmission. earnmoreaboutNRMC’skey initiativesandtoaccessresources,pleasevisit https://www.cisa.gov/nationalrisk managementexplorenformationabouttheNCFs,visithttps://www.cisa.gov/national-criticalfunctions TECHNICAL ANALYSIS CISAhastheabilittoconductanalysismalware,digimedia,andICShardware.CISAICSanalystsfocusondigitaltifactsfromdevicesspecifictoindustrialcontrolsystemssuch as PLCs anremotterminal units.CISA’sICSadvancedlaboratorspecializesinenvironmentsiswithvisit-cert.cisa.gov/report. TRAINING CISA’s ICtraining courses anworkshops provithICcommunity nocostinpersonandvirtutraining.Visithttps://www.cisa.gov/cybersecuritytraining-exercisesexploretrainingoptions.Topics covereinclude: Introduction to ICS securityDefense strategiesInformation on cyber threatsHow to coordinate response with DHSMitigations for vulnerabilitiesVULNERABILITY COORDINATION CISA’s Coordinated Vulnerability Disclosure (CVD) program coordinates the remediation and public disclosure of newly identified cybersecurity vulnerabilities in products and services with the affected vendor(s). This includes new vulnerabilities in ICS, Internet of Things (IoT), medical devic

4 es, as well as traditional IT vulnerabil
es, as well as traditional IT vulnerabilities. 4 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov To request additionalinformation on CELR, CyberSentry, or Malcom, call 888-282-0870 or emailcentral@cisa.dhs.gov RESPONSE CAPABILITIES When cyber events impact physical processes, CISA can help asset owners by coordinating risk mitigation efforts across the ICS community and sharing indicators of compromise and tactics to secure the Nation’s infrastructure. CISA brings expertise and advanced tooling to aid ICS cyber victims in identifying artifacts, determining affected components, and building recovery plans specific to lowerlevel OT devices. To report an ICS incident, visit https://us-cert.cisa.gov/reportor call 888-282-0870. STRATEGIC RISK ANALYSIS CISAprovidesCSpartnerswithresourcesandcapabilitiesmanageCSriskthroughCISA’sNationalRiskManagementCenter(NRMC).NRMCplanning,analysis,andcollaborationcenterfocusednaddressingtheNation’shighestprioritCIrisksoriginatingfromcyberhreatsndphysicalhazards. Thenter also focuses on integratipreviously siloedrisks.Atthestrategiclevel,NRMCservestheend-tondintegratorofriskmanagementactivitiesfortheNationalCriticalFunctions(NCFs)andleverageshatriskexpertisetosupportoveralecutionoftheCISAmission.learnmoreaboutNRMC’skey initiativesandtoaccessresources,pleasevisitttps://www.cisa.gov/nationalriskmanagementexploreformationabouttheNCFs,visithttps://www.cisa.gov/nationalcriticalfunctionsTECHNICAL ANALYSIS CISAhastheabilittoconductanalysismalware,digitedia,andICShardware.CISAICSanalystsfocusondigitalartifactsfromdevicesspecifictoindustrialcontrolsystemssuch as PLCs anremotterminal units.CISA’sICSadvancedlaboratorspecializesinenvironmentsiswithvisit-cert.cisa.gov/report. TRAINING CISA’s ICtraining courses anworkshops provithICcommunity nocostinpersonandvirtutraining.Visithttps://www.cisa.gov/cybersecuritytraining-exercisesexploretrainingoptions.Topics covereinclude: Introduction to ICS securityDefense strategiesInformation on cyber threatsHow to coordinate response with DHSMitigations for vulnerabilitiesVULNERABILITY COORDINATION CISA’s Coordinated Vulnerability Disclosure (CVD) program coordinates the remediation and public disclosure of newly identified cybersecurity vulnerabilities in products and services with the affected vendor(s). This includes new vulnerabilities in ICS, Internet of Things (IoT), medical devices, as well as traditional IT vulnerabilities. 4 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov To request additionalinformation on CELR, CyberSentry, or Malcom, call 888-282-0870 or emailcentral@cisa.dhs.gov RESPONSE CAPABILITIES When cyber events impact physical processes, CISA can help asset owners by coordinating risk mitigation efforts across the ICS community and sharing indicators of compromise and tactics to secure the Nation’s infrastructure. CISA brings expertise and advanced tooling to aid ICS cyber victims in identifying artifacts, determining affected components, and building recovery plans specific to lowerlevel OT devices. To report an ICS incident, visit https://us-cert.cisa.gov/reportor call 888-282-0870. STRATEGIC RISK ANALYSIS CISAprovidesICSpartnerswithresourcesandcapabilitiestomanageICSriskthroughCISA’sNationalRiskManagementCenter(NRMC).NRMCplanning,analysis,andcollaborationcenterfocusedonaddressingtheNation’shighestrioritCIrisksoriginatingfromcyberthreatsphysicalhazards. ThCenter also focuses on integratipreviously siloedrisks.Atthestrategiclevel,NRMCservestheend-toenintegratorofriskmanagementactivitiesfortheNationalCriticalFunctions(NCFs)andleveragesthriskexpertisesupportoveralexecutionoftheISAission.earmoreaboutNRMC’skey initiativesandtoaccessresources,pleasevisithttps://www.cisa.gov/nationalriskmanagementexplorenformationabouttheCFs,visithttps://www.cisa.gov/national-criticalfunctionsTECHNICAL ANALYSIS CISAhastheabilittoconductanalysismalware,digitedia,andICShardware.CISAICSanalystsfocusondigitalartifactsfromdevicesspecifictoindustrialcontrolsystemssuch as PLCs anremotterminal units.CISA’sICSadvancedlaboratorspecializesinenvironmentsiswithvisit https://us-cert.cisa.gov/report . TRAINING CISA’s ICtraining courses anworkshops provithICcommunity nocostinpersonandvirtutraining.Visit https://www.cisa.gov/cybersecuritytraining-exercises exploretrainingoptions. Topics covereinclude: Introduction to ICS securityDefense strategiesInformation on cyber threatsHow to coordinate response with DHSMitigations for vulnerabilitiesVULNERABILITY COORDINATION CISA’s Coordinated Vulnerability Disclosure (CVD) program coordinates the remediation and public disclosure of newly identified cybersecurity vulnerabilities in products and services with the affected vendor(s). This includes new vulnerabilities in ICS, Internet of Things (IoT), medical devices, as well as traditional IT vulnerabilities. 5 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov The goal of the CVD program is to ensure CISA, the affected vendor(s) and/or service provider(s), and the eportersimultaneously.Thisensureusersreceiveconsistent, actionableinformationintimelmanner. vulnerability,or visit ert.cisa.gov/report Offe ring/Capability Website Assessments https㨯⽷睷.cisa⹧潶⽣yber-r敳ourc攭h畢 偃II 偲ogr慭 : https㨯⽷睷.cisa⹧潶⽰捩i pro杲am Ex敲cis敳 https㨯⽷睷.cisa⹧潶⽣riti捡l楮fr慳tructure-數ercis敳 CTEP documents: https://www.cisa.gov/publication/cisatabletop exercise - package Information Exchange https㨯⽷睷.cisa⹧潶⽩捳 > click on resources t慢 AI匠Pro杲am: https://www.c楳愮gov/慵tom慴ed 楮d楣慴or sh慲楮g Partn敲ships an搠En条来ment https㨯⽷睷.cisa⹧潶⽩捳 > click on resources t慢 https㨯⽷睷.cisa⹧潶⽩捳j睧 偲oducts 慮d Tools CSET too氺 https://g楴hub.com/c楳慧ov/cset/wiki Em慩l centr慬䁣is愮gov for oth敲 pro摵cts an搠tools 剥sponse⁃慰慢ilitiesTo report an ICS incident, visit https://us-cert.cisa.gov/report Strategic Risk Analysis N前C link: https㨯⽷w眮捩sa⹧潶/nati潮alri獫-浡na来m敮t National Critical Functions (NCF): https://www.cisa.gov/nationalcritical functio ns Technical AnalysisTo report malware, visit https://us-cert.cisa.gov/report Traininghttps://www.cisa.gov/cybersecuritytraining-exercises Vulnerability Coordination https㨯⽷睷.cisa⹧潶⽣o潲dinated vu汮erability di獣lo獵re proc敳s To report an ICS vulnerability, call 8882820870, or visit https://us cert.cisa.gov/report 5 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov The goal of the CVD program is to ensure CISA, the affected vendor(s) and/or service provider(s), and the eportersimultaneously.Thisensureusersreceiveconsistent, actionableinformationintimelmanner. vulnerability,or visitert.cisa.gov/report Offe ring/Capability Website Assessments https㨯⽷睷.cisa⹧潶⽣yber-r敳ourc攭h畢 偃II 偲ogr慭 : https㨯⽷睷.cisa⹧潶⽰捩i pro杲am Ex敲cis敳 https㨯⽷睷.cisa⹧潶⽣riti捡l楮fr慳tructure-數ercis敳 CTEP documents: https://www.cisa.gov/publication/cisatabletop exercise - package Information Exchange https㨯⽷睷.cisa⹧潶⽩捳 > click on resources t慢 AI匠Pro杲am: https://www.c楳愮gov/慵tom慴ed 楮d楣慴or sh慲楮g Partn敲ships an搠En条来ment https㨯⽷睷.cisa⹧潶⽩捳 > click on resources t慢 https㨯⽷睷.cisa⹧潶⽩捳j睧 偲oducts 慮d Tools CSET too氺 https://g楴hub.com/c楳慧ov/cset/wiki Em慩l centr慬䁣is愮gov for oth敲 pro摵cts an搠tools 剥sponse⁃慰慢ilitiesTo report an ICS incident, visit https://us-cert.cisa.gov/report Strategic Risk Analysis N前C link: https㨯⽷w眮捩sa⹧潶/nati潮alri獫-浡na来m敮t National Critical Functions (NCF): https://www.cisa.gov/nationalcritical functio ns Technical AnalysisTo report malware, visit https://us-cert.cisa.gov/report Traininghttps://www.cisa.gov/cybersecuritytraining-exercises Vulnerability Coordination https㨯⽷睷.cisa⹧潶⽣o潲dinated vu汮erability di獣lo獵re proc敳s To report an ICS vulnerability, call 8882820870, or visit https://us cert.cisa.gov/report 5 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov The goal of the CVD program is to ensure CISA, the affected vendor(s) and/or service provider(s), and the eportersimultaneously.Thisensureusersceiveconsistent, actionableinformationintimelmanner. rability,or visitert.cisa.gov/report Offe ring/Capability Website Assessments https㨯⽷睷.cisa⹧潶⽣yber-r敳ourc攭h畢 偃II 偲ogr慭 : https㨯⽷睷.cisa⹧潶⽰捩i pro杲am Ex敲cis敳 https㨯⽷睷.cisa⹧潶⽣riti捡l楮fr慳tructure-數ercis敳 CTEP documents: https://www.cisa.gov/publication/cisatabletop exercise - package Information Exchange https㨯⽷睷.cisa⹧潶⽩捳 > click on resources t慢 AI匠Pro杲am: https://www.c楳愮gov/慵tom慴ed 楮d楣慴or sh慲楮g Partn敲ships an搠En条来ment https㨯⽷睷.cisa⹧潶⽩捳 > click on resources t慢 https㨯⽷睷.cisa⹧潶⽩捳j睧 偲oducts 慮d Tools CSET too氺 https://g楴hub.com/c楳慧ov/cset/wiki Em慩l centr慬䁣is愮gov for oth敲 pro摵cts an搠tools 剥sponse⁃慰慢ilitiesTo report an ICS incident, visit https://us-cert.cisa.gov/report Strategic Risk Analysis N前C link: https㨯⽷w眮捩sa⹧潶/nati潮alri獫-浡na来m敮t National Critical Functions (NCF): https://www.cisa.gov/nationalcritical functio ns Technical AnalysisTo report malware, visit https://us-cert.cisa.gov/report Traininghttps://www.cisa.gov/cybersecuritytraining-exercises Vulnerability Coordination https㨯⽷睷.cisa⹧潶⽣o潲dinated vu汮erability di獣lo獵re proc敳s To report an ICS vulnerability, call 8882820870, or visit https://us cert.cisa.gov/report 5 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov The goal of the CVD program is to ensure CISA, the affected vendor(s) and/or service provider(s), and the eportersimultaneously.Thisensureusersreceiveconsistent, actionableinformationintimelmanner. rability,ert.cisa.gov/report Offe ring/Capability Website Assessments https㨯⽷睷.cisa⹧潶⽣yber-r敳ourc攭h畢 偃II 偲ogr慭 : https㨯⽷睷.cisa⹧潶⽰捩i pro杲am Ex敲cis敳 https㨯⽷睷.cisa⹧潶⽣riti捡l楮fr慳tructure-數ercis敳 CTEP documents: https://www.cisa.gov/publication/cisatabletop exercise - package Information Exchange https㨯⽷睷.cisa⹧潶⽩捳 > click on resources t慢 AI匠Pro杲am: https://www.c楳愮gov/慵tom慴ed 楮d楣慴or sh慲楮g Partn敲ships an搠En条来ment https㨯⽷睷.cisa⹧潶⽩捳 > click on resources t慢 https㨯⽷睷.cisa⹧潶⽩捳j睧 偲oducts 慮d Tools CSET too氺 https://g楴hub.com/c楳慧ov/cset/wiki Em慩l centr慬䁣is愮gov for oth敲 pro摵cts an搠tools 剥sponse⁃慰慢ilitiesTo report an ICS incident, visit https://us-cert.cisa.gov/report Strategic Risk Analysis N前C link: https㨯⽷w眮捩sa⹧潶/nati潮alri獫-浡na来m敮t National Critical Functions (NCF): https://www.cisa.gov/nationalcritical functio ns Technical AnalysisTo report malware, visit https://us-cert.cisa.gov/report Traininghttps://www.cisa.gov/cybersecuritytraining-exercises Vulnerability Coordination https㨯⽷睷.cisa⹧潶⽣o潲dinated vu汮erability di獣lo獵re proc敳s To report an ICS vulnerability, call 8882820870, or visit https://us cert.cisa.gov/report 5 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov The goal of the CVD program is to ensure CISA, the affected vendor(s) and/or service provider(s), and the eportersimultaneously.Thisensureusersreceiveconsistent, informationintimelmanner. vulnerability,or visitrt.cisa.gov/report Offe ring/Capability Website Assessments https㨯⽷睷.cisa⹧潶⽣yber-r敳ourc攭h畢 偃II 偲ogr慭 : https㨯⽷睷.cisa⹧潶⽰捩i pro杲am Ex敲cis敳 https㨯⽷睷.cisa⹧潶⽣riti捡l楮fr慳tructure-數ercis敳 CTEP documents: https://www.cisa.gov/publication/cisatabletop exercise - package Information Exchange https㨯⽷睷.cisa⹧潶⽩捳 > click on resources t慢 AI匠Pro杲am: https://www.c楳愮gov/慵tom慴ed 楮d楣慴or sh慲楮g Partn敲ships an搠En条来ment https㨯⽷睷.cisa⹧潶⽩捳 > click on resources t慢 https㨯⽷睷.cisa⹧潶⽩捳j睧 偲oducts 慮d Tools CSET too氺 https://g楴hub.com/c楳慧ov/cset/wiki Em慩l centr慬䁣is愮gov for oth敲 pro摵cts an搠tools 剥sponse⁃慰慢ilitiesTo report an ICS incident, visit https://us-cert.cisa.gov/report Strategic Risk Analysis N前C link: https㨯⽷w眮捩sa⹧潶/nati潮alri獫-浡na来m敮t National Critical Functions (NCF): https://www.cisa.gov/nationalcritical functio ns Technical AnalysisTo report malware, visit https://us-cert.cisa.gov/report Traininghttps://www.cisa.gov/cybersecuritytraining-exercises Vulnerability Coordination https㨯⽷睷.cisa⹧潶⽣o潲dinated vu汮erability di獣lo獵re proc敳s To report an ICS vulnerability, call 8882820870, or visit https://us cert.cisa.gov/report 5 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov The goal of the CVD program is to ensure CISA, the affected vendor(s) and/or service provider(s), and the eportersimultaneously.Thisensureusersreceiveconsistent, informationintimelmanner. vulnerability,v/report Offe ring/Capability Website Assessments https㨯⽷睷.cisa⹧潶⽣yber-r敳ourc攭h畢 偃II 偲ogr慭 : https㨯⽷睷.cisa⹧潶⽰捩i pro杲am Ex敲cis敳 https㨯⽷睷.cisa⹧潶⽣riti捡l楮fr慳tructure-數ercis敳 CTEP documents: https://www.cisa.gov/publication/cisatabletop exercise - package Information Exchange https㨯⽷睷.cisa⹧潶⽩捳 > click on resources t慢 AI匠Pro杲am: https://www.c楳愮gov/慵tom慴ed 楮d楣慴or sh慲楮g Partn敲ships an搠En条来ment https㨯⽷睷.cisa⹧潶⽩捳 > click on resources t慢 https㨯⽷睷.cisa⹧潶⽩捳j睧 偲oducts 慮d Tools CSET too氺 https://g楴hub.com/c楳慧ov/cset/wiki Em慩l centr慬䁣is愮gov for oth敲 pro摵cts an搠tools 剥sponse⁃慰慢ilitiesTo report an ICS incident, visit https://us-cert.cisa.gov/report Strategic Risk Analysis N前C link: https㨯⽷w眮捩sa⹧潶/nati潮alri獫-浡na来m敮t National Critical Functions (NCF): https://www.cisa.gov/nationalcritical functio ns Technical AnalysisTo report malware, visit https://us-cert.cisa.gov/report Traininghttps://www.cisa.gov/cybersecuritytraining-exercises Vulnerability Coordination https㨯⽷睷.cisa⹧潶⽣o潲dinated vu汮erability di獣lo獵re proc敳s To report an ICS vulnerability, call 8882820870, or visit https://us cert.cisa.gov/report CISA | DEFEND TODAY, SECURE TOMORROW Facebook.com/CISA @CISAgov|@cyber|@uscert_gov | @ICSCERT C entral @cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov CISA INDUSTRIAL CONTROL SYSTEMS SECURITY OFFERINGS CISA NDUSTRIAL TROL STEMS CURITY OFFERINGSAPABILITIES Cyersecurity anInfrastructurSecurity Agency (CISAis thNation's risk advisor, working with partners to defend againsttoday'sthreatsandcollaboratingwithindustrtobuildmoresecureandresilientinfrastructureforthefuture.CISA partnerwiththeindustrialontrosystemcommunittohelpunderstand,detect,andprotectagainstICSrisk,and,whennecessary,helpscriticalnfrastructure(CI)ownersandoperatorsrespondtosignificantcybersecuritincidents.CISA’S ROLE CURITY CISA plays a unique role as the lead federal civilian agency responsible for helping CI partners manage ICS risk. Fulfilling this role requires both operational and strategic partnerships across the ICS community. Such collaborative partnerships ten succeed in resolving intractable issues where unilateral efforts of government or private industry cannot. Broadly,theICScommunitincludestitiesgovernmentlevels,theprivatesector,internationpartners,academia, anotherswithequitiesinICSsecurity.CISA’sfocusonICSsecuritandcommit

5 menttocollaboratingwittheICScommunitvitp
menttocollaboratingwittheICScommunitvitpartofitsmission.OFFINGSTo support the ICS community's cyber risk management efforts, CISA offers a wide range of products, services,capabilioniconbelowlearnendto visit CISA webpages for each offering. AssessmentsOperational resilience evaluations Cyber HuntAid ICS partners with adversary presence search in absence of known threat ExercisesTesting and readiness for ICS incidents Information ExchangeSharing of threat and best practice guidance with partners Partnerships and EngagementCollaborate and coordinate with ICS partners Products and ToolsAccess to on tools for the ICS community ResponseProvide expertise tooling to aid ICS cyber victims Strategic Risk AnalysisProvide ICS risk information pertaining to National Critical Functions (NCFs Technical AnalysisICS malware analysis support TrainingTechnical and nontechnical ICS instruction for all skill levels Vulnerability CoordinationCoordinated, public disclosure of ICS vulnerabilities + mitigation recommendations CISA | DEFEND TODAY, SECURE TOMORROW Facebook.com/CISA @CISAgov|@cyber|@uscert_gov | @ICSCERT C entral @cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov CISA INDUSTRIAL CONTROL SYSTEMS SECURITY OFFERINGS CISA NDUSTRIAL TROL STEMS CURITY OFFERINGSCAPABILITIES yberecurity anInfrastructurSecurity Agency (CISAis thNation's risk advisor, working with partners to defend againsttoday'sthreatsandcollaboratingwithindustrtobuildmoresecureandresilientinfrastructureforhefuture.CISA partnerwiththeindustrialontrosystemcommunittohelpunderstand,detect,andprotectagainstICSrisk,and,whennecessary,helpscriticalnfrastructure(CI)ownersandoperatorsrespondtosignificantcybersecuritincidents.CISA’S ROLE CURITY CISA plays a unique role as the lead federal civilian agency responsible for helping CI partners manage ICS risk. Fulfilling this role requires both operational and strategic partnerships across the ICS community. Such collaborative partnerships ten succeed in resolving intractable issues where unilateral efforts of government or private industry cannot. Broadly,theICScommunitincludestitiesgovernmentlevels,therivatesector,internationpartners,academia, anotherswithequitiesinICSsecurity.CISA’sfocusonICSsecuritandommitmenttocollaboratingwithheICScommunitvitpartofitsmission.OFFERIGSTo support the ICS community's cyber risk management efforts, CISA offers a wide range of products, services,capabilitiesoniconbelowlearnendto visit CISA webpages for each offering. AssessmentsOperational resilience evaluations Cyber HuntAid ICS partners with adversary presence search in absence of known threat ExercisesTesting and readiness for ICS incidents Information ExchangeSharing of threat and best practice guidance with partners Partnerships and EngagementCollaborate and coordinate with ICS partners Products and ToolsAccess to on tools for the ICS community ResponseProvide expertise tooling to aid ICS cyber victims Strategic Risk AnalysisProvide ICS risk information pertaining to National Critical Functions (NCFs Technical AnalysisICS malware analysis support TrainingTechnical and nontechnical ICS instruction for all skill levels Vulnerability CoordinationCoordinated, public disclosure of ICS vulnerabilities + mitigation recommendations 2 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov ASSESSMENTS CISA offers a range of voluntary cybersecurity assessment services focused on Operational Technologies (OT) that evaluate an organization’s:Operational resilienceCybersecurity practicesManagement of external dependenciesAdditional elements that are key to a robust cybersecurity framework Stakeholders receivrecommendationandmitigationplansforallassessments.InformationsharedwithCISAtheProtectedCriticInformation(PCII) for more information on how to request CISA’s hunt capabilities are specificallyfocused on identifying sophisticated threats and adversary presence in OT and IT environments, often beyond the capacity and capability of traditional cybersecurity tools and techniques. EXERCISES CISA provides cyber exercisplanning to support ICS ancritical infrastructurpartners by deliverina full spectrucyber exercisplanninworkshops and seminars. These range frosmall discussionbasedexercisesthatlasttwohourstofuscale,internationallscoped,operationsbasedexercisesthatspanmultipledays.CISAdesignstheseeventstoassistorganizationsalllevelsinthedevelopmentandtestingofcybersecuritprevention,protection,mitigation,andresponsecapabilitiesCISAdesigned tCISA Tabletop ExercisPacka(CTEPtoassistpartnerorganizationsindevelopingheirowntabletopexercises to meet thspecific needs of their facilities anstakeholders. ThCTEP allows users to leveraprebuiltexercistemplatesandvettedscenariostobuildtabletopexercisestossess,develop,andupdateinformationsharingprocesses, emergency plans, policies, and procedures. more information about the CISA exercise program, visitor emailCentral@cisa.dhs.govVisittps://www.cisa.gov/publication/cisadocument and guides.INFORMATION EXCHANGE CISAregularlpublishesICSspecific alerts, advisories, anguidancdocuments forthepublic.Alertsprovidetimely notificationtocriticinfrastructureownersandoperatorsconcerningcontrosystemsthreats.Advisoriesprovidetimely nformationaboutsecuritissues,exploitslatestadvisoriesguidancevisithttps://www.cisa.gov/icsclickonresourcestab. 3 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov Automated IndicatorharingrogramCISA’s freAutomatIndicator Sharin(AIcapability enables thexchangof cyber threat indicators between the Federal Government anthprivatsector at machinspeed. Threat indicators arpieces of information like malicious IP addresses or thsender address of a phishinemail (although they can also be much morcomplicated). AIis a part of CISA’s effort to create an ecosystwheras soon as a company or federal agency observes an attempted compromise, the indicatowillinrealourpartners,protectingthemfromfreelearnVisithttps://www.cisa.gov/automatedndicatorsharingisorPARTNERSHIPS AND ENGAGEMENTThe Industrial Control Systems Joint Working Group (ICSJWG) supports information sharing and reduced risk to the Nation’s ICS through enhanced collaboration between the Federal Government and private owners and operators of ICSacross all sectors. ICSJWG facilitates partnerships between Federal, state, and local governments; asset owners and operators; vendors; system integrators; international partners; and academic professionals in all 16 CI sectors. The ICSJWG encourages closer collaboration between government and industry through the ICSJWG Steering Team (IST). ICSJWG activities and products include:Inperson meetingsWebinarsNewslettersICSJWG membership is voluntary and free to all ICS stakeholders. Members receive all outgoing communication to thICSJWG community, including newsletters (with content submitted by ICSJWG membership), facetoface meeting invitations, announcements, training information, and calls for comments.For the latest ICSJWG event information, or to learn more about becomingan ICSJWG member, visit https://www.cisa.gov/icsjwg PRODUCTS AND TOOLSCISA providesthe ICS community the opportunityto access the followingtools to help strengthen their cybersecurity posture. TherityEvaluationTool(CSET®)systematic,disciplined,repeatablevaluatingsecuritdesktopguidesownersthrough a step-btepprocesspractices.Usersevaluateown cybersecurity stance using many recognized government and industry standards andtoothub.com/cisagov/cset/wikiThe Control Environment Laboratory Resource (CELR)a test range environment for government and privatepartners to experience the possieffectskineticphysicallowssecurity research on supervisorcontrolacquisitionsystems.ispilotprogramleveragesinbreedelf technologies,intrusionidentifmaliciousactivitinICS and corporate networks. CyberSentryimevisibilitintoprovidesdetectCI networks cross-sectorlmiseasdeployablenetworkanalysissuiteuser tocapture files)environments. Malcom provides insightinto ficinenvironments. Because openurce itnot require users to obtain paid licenses. 4 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov To request additionalinformation on CELR, CyberSentry, or Malcom, call 888-282-0870 or emailcentral@cisa.dhs.gov RESPONSE CAPABILITIES When cyber events impact physical processes, CISA can help asset owners by coordinating risk mitigation efforts across the ICS community and sharing indicators of compromise and tactics to secure the Nation’s infrastructure. CISA brings expertise and advanced tooling to aid ICS cyber victims in identifying artifacts, determining affected components, and building recovery plans specific to lowerlevel OT devices. To report an ICS incident, visit https://us-cert.cisa.gov/reportor call 888-282-0870. STRATEGIC RISK ANALYSIS CISAprovidesICSpartnerswithresourcescapabilitiestoanageICSriskthroughISA’sNationalRiskManagementCente(NRMC).NRMCplanning,analysis,andcollaborationcenterfocusedonaddressingtheNation’shighestprioritCIrisksoriginatingfromcyberthreatsndphysicalhazards. ThCenter also focuses on integratipreviously siloedrisks.Atthestrategiclevel,NRMCservestheend-toendintegratorofriskmanagementactivitiesfortheNationalCriticalFunctions(NCFs)andleveragesthatriskexpertisetosupportoveralexecutionoftheCImission.learnmoreaboutNRMC’skey initiativesandtoaccessresources,pleasevisithttps://www.cisa.gov/nationalriskmanagementexplorenformationabouttheNCFs,visithttps://www.cisa.gov/nationalcrticalfunctionsTECHNICAL ANALYSIS CISAhastheabilittoconductanalysismalware,digitmedia,andICShardware.CISAICSanalystsfocusondigitalartifactsfromdevicesspecifictoindustrialcontrolsystemsuch as PLCs anremotterminal units.CISA’sICSadvancedlaboratorspecializesenvironmentsiswithvisit TRAINING CISA’s ICtraining courses anworkshops provithICcommunity nocostinpersonandvirtutraining.Visithttps://www.cisa.gov/cybersecuritytraining-exercisesexploretrainingoptions.Topics covereinclude: Introduction to ICS securityDefense strategiesInformation on cyber threatsHow to coordinate response with DHSMitigations for vulnerabilitiesVULNERABILITY COORDINATION CISA’s Coordinated Vulnerability Disclosure (CVD) program coordinates the remediation and public disclosure of newly identified cybersecurity vulnerabilities in products and services with the affected vendor(s). This includes new vulnerabilities in ICS, Internet of Things (IoT), medical devices, as well as traditional IT vulnerabilities. 5 CISA | DEFEND TODAY, SECURE TOMORROW Commercial Routing Assistance CISA ICS Security Offerings Facebook.com/CISA @CISAgov|@cyber|@uscert_gov| @ICSCERT Central@cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov The goal of the CVD program is to ensure CISA, the affected vendor(s) and/or service provider(s), and the eportersimultaneously.Thisensureusersreceiveinformationintimelmanner. vulnerability,ert.cisa.go Offe ring/Capability Website Assessments https㨯⽷睷.cisa⹧潶⽣yber-r敳ourc攭h畢 偃II 偲ogr慭 : https㨯⽷睷.cisa⹧潶⽰捩i pro杲am Ex敲cis敳 https㨯⽷睷.cisa⹧潶⽣riti捡l楮fr慳tructure-數ercis敳 CTEP documents: https://www.cisa.gov/publication/cisatabletop exercise - package Information Exchange https㨯⽷睷.cisa⹧潶⽩捳 > click on resources t慢 AI匠Pro杲am: https://www.c楳愮gov/慵tom慴ed 楮d楣慴or sh慲楮g Partn敲ships an搠En条来ment https㨯⽷睷.cisa⹧潶⽩捳 > click on resources t慢 https㨯⽷睷.cisa⹧潶⽩捳j睧 偲oducts 慮d Tools CSET too氺 https://g楴hub.com/c楳慧ov/cset/wiki Em慩l centr慬䁣is愮gov for oth敲 pro摵cts an搠tools 剥sponse⁃慰慢ilitiesTo report an ICS incident, visit https://us-cert.cisa.gov/report Strategic Risk Analysis N前C link: https㨯⽷w眮捩sa⹧潶/nati潮alri獫-浡na来m敮t National Critical Functions (NCF): https://www.cisa.gov/nationalcritical functio ns Technical AnalysisTo report malware, visit https://us-cert.cisa.gov/report Traininghttps://www.cisa.gov/cybersecuritytraining-exercises Vulnerability Coordination https㨯⽷睷.cisa⹧潶⽣o潲dinated vu汮erability di獣lo獵re proc敳s To report an ICS vulnerability, call 8882820870, or visit https://us cert.cisa.gov/report CISA | DEFEND TODAY, SECURE TOMORROW Facebook.com/CISA @CISAgov|@cyber|@uscert_gov | @ICSCERT C entral @cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov CISA INDUSTRIAL CONTROL SYSTEMS SECURITY OFFERINGS CISA NDUSTRIAL TROL STEMS CURITY OFFERINGSCAPABILITIES Cybersurity anInfrastructurSecurity Agency (CISAis thNation's risk advisor, working with partners to defend againsttoday'sthreatsandcollaboratingwithindustrtobuildmoresecureandresilientinfrastructureforthfuture.CISA partnerwiththeindustrialontrosystemcommunittohelpunderstand,detect,andprotectagainstICSrisk,and,whenecessary,helpscriticalnfrastructure(CI)ownersandoperatorsrespondtosignificantcybersecuritincidents.CISA’S ROLE CURITY CISA plays a unique role as the lead federal civilian agency responsible for helping CI partners manage ICS risk. Fulfilling this role requires both operational and strategic partnerships across the ICS community. Such collaborative partnerships ten succeed in resolving intractable issues where unilateral efforts of government or private industry cannot. Broadly,theICScommunitincludestitiesgovernmenlevels,theprivatesector,internationpartners,academia, anotherswithequitiesinICSsecurity.CISA’sfocusonICSsecuritandcommitmenttocollaboratingwiththICScommunitvitpartofitsmission.OFFERINTo support the ICS community's cyber risk management efforts, CISA offers a wide range of products, services,capabilitiesoniconbelowlearnendCISA webpages for each offering. AssessmentsOperational resilience evaluations Cyber HuntAid ICS partners with adversary presence search in absence of known threat ExercisesTesting and readiness for ICS incidents Information ExchangeSharing of threat and best practice guidance with partners Partnerships and EngagementCollaborate and coordinate with ICS partners Products and ToolsAccess to on tools for the ICS community ResponseProvide expertise tooling to aid ICS cyber victims Strategic Risk AnalysisProvide ICS risk information pertaining to National Critical Functions (NCFs Technical AnalysisICS malware analysis support TrainingTechnical and nontechnical ICS instruction for all skill levels Vulnerability CoordinationCoordinated, public disclosure of ICS vulnerabilities + mitigation recommendations CISA | DEFEND TODAY, SECURE TOMORROW Facebook.com/CISA @CISAgov|@cyber|@uscert_gov | @ICSCERT C entral @cisa.dhs.gov www.cisa.gov Linkedin.com/company/cisagov @cisagov CISA INDUSTRIAL CONTROL SYSTEMS SECURITY OFFERINGS CISA NDUSTRIAL TROL STEMS CURITY OFFERINGSCAPABILITIES Cybersecrity anInfrastructurSecurity Agency (CISAis thNation's risk advisor, working with partners to defend againsttoday'sthreatsandcollaboratingwithindustrtobuildmoresecureandresilientinfrastructureforthefuture.CISA partnerwiththeindustrialontrosystemcommunittohelpunderstand,detect,andprotectagainstICSrisk,and,whennecessary,helpscriticalnfrastructure(CI)ownersandoperatorsrespondtosignificantcybersecuritincidentsCISA’S ROLE CURITY CISA plays a unique role as the lead federal civilian agency responsible for helping CI partners manage ICS risk. Fulfilling this role requires both operational and strategic partnerships across the ICS community. Such collaborative partnerships ten succeed in resolving intractable issues where unilateral efforts of government or private industry cannot. Broadly,theICScommunitincludestitiesgovernmentlevels,theprivateector,internationpartnersacademia, anotherswithequitiesinICSsecurity.CISA’sfocusonICSsecuritandommitmenttocollaboratingwiththeICScommunitvitpartofitsmission.OFFERINGTo support the ICS community's cyber risk management efforts, CISA offers a wide range of products, services,capabilitiesoniconbelowlearnendCISA webpages for each offering. AssessmentsOperational resilience evaluations Cyber HuntAid ICS partners with adversary presence search in absence of known threat ExercisesTesting and readiness for ICS incidents Information ExchangeSharing of threat and best practice guidance with partners Partnerships and EngagementCollaborate and coordinate with ICS partners Products and ToolsAccess to on tools for the ICS community ResponseProvide expertise tooling to aid ICS cyber victims Strategic Risk AnalysisProvide ICS risk information pertaining to National Critical Functions (NCFs Technical AnalysisICS malware analysis support TrainingTechnical and nontechnical ICS instruction for all skill levels Vulnerability CoordinationCoordinated, public disclosure of ICS vulnerabilities + mitigation recommendat