The ICS Advisory Project is an open-source project to provide clean and usable DHS CISA ICS Advisories data in Comma Separated Value (CSV) format. This format better supports vulnerability analysis for the OT/ICS community, which is difficult to perform in the current CISA ICS Advisory HTML format. The CISA ICS Advisories data also supports the other project goal: CISA ICS Advisory Dashboard. The dashboard provides smaller OT/ICS asset owners with a tool to quickly filter the view of vulnerabilities affecting vendors/products within their environment. This project is by no means a replacement for the original CISA ICS Advisories, and I highly recommend that anyone using this dataset refer to and read them.
While some of this dataset may seem duplicative of CVE data, CISA ICS Advisories have been providing additional insight not provided in a CVE, such as Vendor headquarters locations, Product distributions, and Critical Infrastructure sectors for each vendor product. This additional data is valuable to security and industry researchers as it helps them understand potential supply chain risks associated with vendor production locations and vulnerabilities across specific critical infrastructure sectors.
Don't hesitate to contact us if you have questions about the project or suggestions to improve, expand, and protect this data source.
To view the ICS Advisory Project: ICS Advisory Dashboard, click Here.
Check out Efi Kaufman's Splunk Add-On for CISA ICS Advisories: https://github.com/efi-k/ICS_CERT_TA
- ICS Advisory Project: https://discord.gg/qJ8QMmxw9M
- OT | ICS | SCADA: https://discord.gg/ZqVChAUTE3
-
This repository will focus solely on providing CISA ICS Advisories data formatted in a way that can quickly help organizations look for vulnerabilities identified specific to Vendors/Products used in OT/ICS environments.
-
For CISA's official ICS-CERT Advisories on vulnerabilities, please follow this link.
This Open-source project is available and contributed to under licenses that include terms that, for the protection of contributors, the ICS Advisory projects datasets are offered "as-is," without warranty, and is not liable for damages resulting from using data from this project.
ICS Advisory Project has updated its license for the ICS Advisory repository and is now an Open Database License (ODbL) v1.0. This database, "ICS Advisory Project", is made available under the Open Database License: http://opendatacommons.org/licenses/odbl/1.0/. Any rights in individual contents of the database are licensed under the Database Contents License: http://opendatacommons.org/licenses/dbcl/1.0/