The ICS Advisory Project
The ICS Advisory Project offers a range of resources for Industrial Control System (ICS) asset owners, analysts, CISOs, and researchers. Here are some key features of the site:
​
-
ICS Advisory Dashboards: These allow users to quickly identify new and existing advisories that impact control system assets in Operational Technology (OT) environments across various critical infrastructure sectors, specific details on CVE such as CWE, CVSS vectors, and tools to calculate vulnerability scores for ICS/OT environments and mitigations.
-
Other Dashboards: Users can view the CISA KEV Catalog for CISA ICS Advisories, CISA KEV for CISA ICS Advisories: This dashboard provides Industrial Control Systems (ICS) asset owners, analysts, and CISOs with a view of correlated CVEs identified in ICS Advisories with CVEs added to the CISA Known Exploited Vulnerabilities (KEV) catalog and prioritized vulnerabilities.
​
-
ICS Asset ID & PM Levels: This dashboard assists asset owners, analysts, and researchers in understanding the type of equipment impacted by the vulnerabilities reported in CISA ICS Advisories.
-
ICS Advisory CVE CPEs: This dashboard provides ICS asset owners, analysts, CISOs, and researchers with Common Platform Enumeration (CPE) data for each CVE identified in CISA ICS Advisories.
-
Researcher Scoreboard: This dashboard provides a quick way for analysts and researchers to track individual researchers and affiliated research organizations that disclose vulnerabilities to CISA and Vendors.
​
-
NIS2 CI Sector View ICS Advisories: This dashboard is designed to view NIS2 Sectors of High Criticality and other Critical CI Sectors for CISA ICS Advisories.
-
Siemens Updates to CISA Advisories: This dashboard was created to address the recent decision by CISA to stop updating Siemens Security Advisories. It lets you quickly filter and view which Siemens Security Advisory updates correlate to previously released CISA ICS Advisories for Siemens products.
Other CERTS & Vendors ICS Advisories: This dashboard provides four views similar to the CISA ICS Advisory dashboards but for ICS Advisory Project Weekly Summaries data and slides. This includes annual summaries briefs and reports on ICS Advisories for 2022 and 2023.
-
GitHub Repository: The project maintains a GitHub repository, presumably for sharing code, tools, or data related to ICS advisories.
-
Resources: The site provides resources such as an APT Profiler for ICS
The ICS Advisory Project, in partnership with Industrial Data Works, now provides our enriched CISA ICS Advisory data for OT/ICS security practitioners and vendors to build and visualize our dataset on-prem or through other preferred data visualization or security appliances/platform solutions through the API subscription and contracted services.
ICS Vendor Resources: Contains lists of hyperlinked text for ICS Security Advisories and Vendor websites for conducting security analysis vulnerabilities.
Tools & Resources Lists: Contains useful open-source resources for conducting security analysis research on networks, ports, protocols, services, and vulnerabilities.
I hope this is helpful in describing what you want to share on the CS2AI site of resources for the ICS/OT community.