Advanced search Help
Searching for terms: EXACT: "United States. Department of Homeland Security. Office of Emergency Communications" in: publisher
Clear all search criteria
Only 2/3! You are seeing results from the Public Collection, not the complete Full Collection. Sign in to search everything (see eligibility).
-
ICS-CERT Advisory: ICSA-13-091-01: Wind River VxWorks SSH and Web Server Multiple Vulnerabilities
This advisory is from the Department of Homeland Security's Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT), a part of the U.S. Computer Emergency Readiness Team (US-CERT). "This advisory provides mitigation details for multiple vulnerabilities in the Wind River VxWorks Remote Terminal Operating System (RTOS). Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories have reported six vulnerabilities in Wind River's VxWorks SSH and Web Server. Successful exploitation of these vulnerabilities could cause a denial-of-service (DoS) condition in the RTOS. One of these vulnerabilities could allow remote code execution if exploited. These vulnerabilities were originally reported to JPCERT/CC. Wind River has produced patches that mitigate these vulnerabilities. These vulnerabilities affect devices using VxWorks in the critical manufacturing, energy, and water and wastewater sectors. These vulnerabilities can be exploited remotely."
United States. Department of Homeland Security. Office of Emergency Communications
2013-04-01
-
ICS-CERT Advisory: ICSA-13-050-01A: 3S CODESYS Gateway-Server Multiple Vulnerabilities, Update A
This advisory is from the Department of Homeland Security's Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT), a part of the U.S. Computer Emergency Readiness Team (US-CERT). "This updated advisory is a follow-up to the original advisory titled ICSA-13-050-01, 3S CODESYS Gateway-Server Multiple Vulnerabilities that was published February 19, 2013, on the ICS-CERT Web page. This updated advisory provides mitigation details for multiple vulnerabilities in the 3S-Smart Software Solutions GmbH CODESYS Gateway-Server. Independent researcher Aaron Portnoy of Exodus Intelligence has identified five vulnerabilities in the 3S CODESYS Gateway-Server application. 3S has produced a security patch that mitigates these vulnerabilities. Successful exploitation of these vulnerabilities could allow remote code execution. The Gateway-Server is a third-party component found in multiple control systems manufacturer's products. These vulnerabilities affect products primarily found in the energy, critical manufacturing, and industrial automation industries. These vulnerabilities could be exploited remotely."
United States. Department of Homeland Security. Office of Emergency Communications
2013-03-27
-
ICS-CERT Advisory: ICSA-13-084-01: Siemens CP 1604 and CP 1616 Improper Access Control
This advisory is from the Department of Homeland Security's Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT), a part of the U.S. Computer Emergency Readiness Team (US-CERT). "This advisory provides mitigation details for a vulnerability that impacts the Siemens CP 1604 and CP 1616 communication modules. Siemens has identified a vulnerability in the debugging interface of the CP 1604 and CP 1616 communications modules. Independent researchers Christopher Scheuring and Jürgen Bilberger from Daimler TSS GmbH coordinated disclosure of the vulnerability with Siemens. These products are used to connect PCI-104 systems to the PROFINET IO. By default, the debugging interface has been left enabled and can be accessed remotely on both devices. This remote access could lead to compromise of the system by denial of service (DoS), remote code execution, and loss of confidentiality. Siemens has produced a firmware update to mitigate the vulnerability. This vulnerability could be exploited remotely."
United States. Department of Homeland Security. Office of Emergency Communications
2013-03-25
-
ICS-CERT Advisory: ICSA-13-067-02: Invensys Wonderware Win-XML Exporter Improper Input Validation Vulnerability
This advisory is from the Department of Homeland Security's Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT), a part of the U.S. Computer Emergency Readiness Team (US-CERT). "This advisory was originally posted to the US-CERT secure Portal library on March 08, 2013, and is now being released to the ICS-CERT Web page. This advisory provides mitigation details for a vulnerability that impacts the Invensys Wonderware Win-XML Exporter. Researchers Timur Yunusov, Alexey Osipov, and Ilya Karpov of the Positive Technologies Research Team have discovered an improper input validation vulnerability in the Invensys Wonderware Win-XML Exporter. Invensys has released a patch that mitigates the vulnerability. The Positive Technologies Research Team has validated that the patch fixes the vulnerability. Exploitation of this vulnerability could impact systems deployed in the critical manufacturing, energy, food and beverage, chemical, and water and wastewater sectors."
United States. Department of Homeland Security. Office of Emergency Communications
2013-03-21
-
ICS-CERT Advisory: ICSA-13-050-01: 3s Codesys Gateway-Server Multiple Vulnerabilities
"This advisory provides mitigation details for multiple vulnerabilities in the 3S-Smart Software Solutions GmbH CODESYS OPC-Server. Independent researcher Aaron Portnoy of Exodus Intelligence has identified five vulnerabilities in the 3S CODESYS Gateway-Server application. 3S has produced a security patch that mitigates these vulnerabilities. Successful exploitation of these vulnerabilities could allow remote code execution. The OPC-Server is a third-party component found in multiple control systems manufacturer's products. These vulnerabilities affect products primarily found in the energy, critical manufacturing, and industrial automation industries. These vulnerabilities could be exploited remotely."
United States. Department of Homeland Security. Office of Emergency Communications
2013-02-19
-
ICSA-13-045-01 - Tridium NiagaraAX Directory Traversal Vulnerability
"This advisory provides mitigation details for a vulnerability in the Tridium NiagaraAX software. Independent researchers Billy Rios and Terry McCorkle discovered a directory traversal vulnerability in the Tridium NiagaraAX software product. They demonstrated that with a valid user account or guest privileges enabled, privilege escalation is possible on a NiagaraAX system. Exploitation of this vulnerability could allow loss of availability, integrity, and confidentiality of the system. Tridium has produced a patch that mitigates this vulnerability. This vulnerability is remotely exploitable."
United States. Department of Homeland Security. Office of Emergency Communications
2013-02-14
-
ICS-CERT Advisory: ICSA-13-011-03: Rockwell Automation ControlLogix Multiple PLC Vulnerabilities
"This advisory is a follow up to the original alert titled ICS-Alert-12-020-02A - Rockwell Automation ControlLogix Multiple PLC Vulnerabilitiesa that was published February 14, 2012, on the ICS-CERT Web page. Independent researcher Rubén Santamarta of IOActive identified multiple vulnerabilities in Rockwell Automation's ControlLogix PLC and released proof-of-concept (exploit) code at the Digital Bond S4 Conference on January 19, 2012. The vulnerabilities are exploitable by transmitting arbitrary commands from a control interface to the programmable logic controller (PLC) or network interface card (NIC). The information was released without coordination with either the vendor or ICS-CERT. Rockwell Automation released firmware patches on July 18, 2012, that resolve the following vulnerabilities. There have been no updates from Rockwell since these patches were released. Exploitation of these vulnerabilities could allow loss of confidentiality, integrity, and availability of the device. These vulnerabilities could be exploited remotely. Exploits that target these vulnerabilities are publicly available."
United States. Department of Homeland Security. Office of Emergency Communications
2013-01-11
-
Technical Assistance Catalog, Version 3.1
"The mission of the Office of Emergency Communications (OEC) is to support and promote communications for emergency responders and government officials during all hazards and threats. Since 2007 the OEC Interoperable Communications Technical Assistance Program (OEC/ICTAP) has delivered over 1,000 technical assistance courses and workshops in every State and Territory to enhance the capabilities of emergency responders and government officials to communicate in the event of natural disasters, acts of terrorism, or other man-made disasters. OEC/ICTAP enhances interoperable communications among Federal, State/Territory, local, and tribal emergency responders and public safety officials as well as promotes national security and emergency preparedness (NS/EP) communications. The goal of the program is to ensure, accelerate, and attain operable and interoperable emergency communications nationwide. OEC/ICTAP is managed and supported by the Technical Assistance (TA) Branch, OEC. At OEC's direction, technical assistance services and deliverables are provided by consulting staff under contract to the Space and Naval Warfare Center (SPAWAR), San Diego, the implementation arm for the program."
United States. Department of Homeland Security. Office of Emergency Communications
2013?
-
Post Oak Bluetooth Traffic Systems Insufficient Entropy Vulnerability
"This advisory provides mitigation details for a vulnerability that impacts Post Oak Traffic AWAM [Anonymous Wireless Address Matching] Bluetooth Reader Systems. An independent research group composed of Nadia Heninger, Zakir Durumeric, Eric Wustrownd, and J. Alex Halderman identified an insufficient entropy vulnerability in authentication key generation in Post Oak's AWAM Bluetooth Reader Traffic System. By impersonating the device, an attacker can obtain the credentials of administrative users and potentially perform a Man-in-the-Middle (MitM) attack. Post Oak has validated the vulnerability and produced an updated firmware version that mitigates the vulnerability. According to Post Oak, products are deployed in the transportation sector, mainly in the United States. This vulnerability can be exploited remotely."
United States. Department of Homeland Security. Office of Emergency Communications
2012-11-30
-
FY 2013 Inspector General Federal Information Security Management Act Reporting Metrics
"Refer to the General Instructions section of the FY13 CIO [Chief Information Officer] Reporting Metrics, specifically the Definitions under each control area. All of these instructions apply to the OIG [Office of Inspector General] questions except the instructions for 'Structure and Organization.'"
United States. Department of Homeland Security. Office of Emergency Communications
2012-11-30
-
FY 13 Q1 Chief Information Officer Federal Information Security Management Act Reporting Metrics
"The majority of the FY13 Q1 metrics are based on the Administration Priorities."
United States. Department of Homeland Security. Office of Emergency Communications
2012-11-30
-
Emergency Communications Forum - Volume 10, September 2012
This edition of the Emergency Communications Forum contains the following articles: "The March 2012 Tornado: PSIC [Public Safety Interoperable Communications] Investments Aid Response"; "The Future of Public Safety Communications: A Nationwide Public Safety Broadband Network"; "Resources Available to Help Agencies Meet FCC [Federal Communications Commission] Narrowbanding Requirement"; "OEC [Office of Emergency Communications] Co-Sponsors Strategic Resourcing of Emergency Calling and Communications Forum"; and "OEC Team on the Road."
United States. Department of Homeland Security. Office of Emergency Communications
2012-09
-
ICS-TIP-12-146-01A: Targeted Cyber Intrusion Detection and Mitigation Strategies (Udpate A)
"Sophisticated and targeted cyber intrusions have increased in recent months against owners and operators of industrial control systems across multiple critical infrastructure sectors. ICS-CERT [Industrial Controls System-Cyber Emergency Response Team] developed the following guidance to provide basic recommendations for owners and operators of critical infrastructure to mitigate the impacts of cyber attacks and enhance their network security posture. This guidance applies to organizations whose networks have been compromised by a cyber attack as well as to those desiring to improve their network security preparedness to respond to a cyber incident. The guidance is relevant to both enterprise and control system networks, particularly where interconnectivity could allow adversaries to move laterally within and between networks. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to implementing defensive measures to avoid any negative impact to normal operations. The guidance is organized into several topical areas and provides network administrators with concepts for improving detection of intrusions, preventing lateral movement of threat actors, and controlling access to the various segments of a network. The guidance is in the form of "what" should be done and "why" it is important. The "how" of implementation is the responsibility of each organization and is dependent on individual needs, network topology, and operational requirements."
United States. Department of Homeland Security. Office of Emergency Communications
2012-07-19
-
Technical Assistance Catalog, Version 2
"The U.S. Department of Homeland Security (DHS) Office of Emergency Communications, Interoperable Communications Technical Assistance Program (OEC/ICTAP) supports and promotes the capabilities of emergency responders and government officials to continue to communicate in the event of natural disasters, acts of terrorism, or other man-made disasters, and works to ensure, accelerate, and attain operable and interoperable emergency communications nationwide. OEC/ICTAP's mission is to enhance interoperable communications among State/territory, local, and tribal emergency responders, and public safety officials. OEC/ICTAP provides support for planning, operations, technical issues, and policy decisions that need to be considered when developing interoperable communications initiatives. The goal of the program is to improve the capabilities of public safety agencies across multiple disciplines and jurisdictions to communicate effectively as they work to manage disasters, emergency incidents, and planned events. Since 2007, OEC/ICTAP has fielded subject matter experts (SMEs) with the skills, practitioner experience, and technical knowledge to address stakeholders' technical needs. OEC/ICTAP staff bring practitioner and operations-based skills and technical expertise to bear on a wide range of interoperable communications challenges. OEC TA also relates to the National Emergency Communications Plan (NECP), the Nation's first strategic plan to improve emergency response communications. OEC/ICTAP offerings have and will continue to support NECP goals directly. During 2011 stakeholders nationwide have been collecting data about performance and capabilities at the county-level in response to NECP Goal 2. SWICs and stakeholders are encouraged to continue to use their NECP Goal 2 data to inform their decisions about TA requests in order to focus resources on challenges to and gaps in interoperable emergency communications."
United States. Department of Homeland Security. Office of Emergency Communications
2012-07-06
-
Nationwide Public Safety Broadband Network: First Steps
"February 22, 2012 will long be remembered as a landmark day for public safety and emergency communications. It was on that day that President Barack Obama signed into law the Middle Class Tax Relief and Job Creation Act of 2012 (H.R.3630). The signing of that Act was a significant win for the public safety community nationwide. It was the culmination of over a decade of advocacy to see the reallocation of the 'D Block' spectrum to public safety and to fulfill one of the last outstanding recommendations of the 9/11 Commission: the development of a nationwide interoperable communications network. In addition to the reallocation of the D Block to public safety, the Act provides authorization and funding to establish the Nationwide Public Safety Broadband Network (NPSBN). This includes $7 billion to build the network, including funding for research and development, a nationwide governance structure to oversee the network, and access to the network for Federal, State, and local public safety and secondary users such as utility companies, transportation, and other critical infrastructure providers. The development and deployment of a Nationwide Network will be an accomplishment that will significantly advance the Nation's public safety communications capabilities, and enhance the ability of first responders across the country to provide life-saving services. But this network will not be developed overnight. There remains a great amount of work to be done at every level of government to make this new network become reality."
United States. Department of Homeland Security. Office of Emergency Communications
2012-06
-
Emergency Communications Case Study: Hurricane Irene-North Carolina
"One of the State's COMLs [Communications Unit Leaders] trained through the DHS Office of Emergency Communications' (OEC) Program and called to action was Greg Hauser, the Operations Manager at the Charlotte Fire Department-Communications Division. Another COML was Matt McMahon, a lieutenant with the Greenville Fire and Rescue and a member of the State's Urban Search and Rescue team. On Friday, August 26, Hauser received a message notifying him of the need for a Communications Coordinator in the emergency management center. According to Hauser's after action report, when he arrived at the center it 'had very limited communications, with no land line phone service, no Internet, spotty cell coverage, and limited radio communications due to the NC VIPER (Voice Interoperability Plan for Emergency Responders) system going in and out of site trunking. The building was also without power and running on generator.' VIPER is North Carolina's statewide digital 800 MHz radio system. Hauser assessed the equipment in the center and set up a workstation. He requested that the amateur radio operator return to the regional coordination center to provide a direct communications link to the State Emergency Operation Center (EOC) via amateur radio. Hauser also worked with team members to request satellite telephones, and to deploy a satellite system brought in to assist the Helicopter and Aquatic Rescue Team."
United States. Department of Homeland Security. Office of Emergency Communications
2012-06
-
Emergency Communications Case Study: Amateur Operators Aid Emergency Communications During Violent Storms in Tennessee
"Between February 29 and March 2, 2012, two powerful storm systems spawned a series of thunderstorms and tornadoes that ripped up trees, destroyed homes and buildings and killed more than 50 people across a wide swath of the Midwest and South. The National Oceanic and Atmospheric Administration (NOAA) estimated that 45 tornadoes hit 11 States during that three-day period, causing more than $1 billion in damage. Tennessee was affected by the second of these two devastating storm systems. NOAA estimates that 8 tornadoes touched down in the State, and 10 of Tennessee's counties were declared disaster areas. The unrelenting onslaught of severe weather overwhelmed the capabilities and resources of emergency response and communications throughout the region. Emergency communications officials in Tennessee have a strong working relationship with amateur radio operators also known as Auxiliary Communicators, many of whom have received training on how to operate within emergency operations centers. As a result, when the storms developed and damaged communities, Auxiliary Communicators were ready and able to fill communications gaps and offer additional assistance."
United States. Department of Homeland Security. Office of Emergency Communications
2012-04
-
Emergency Communications Forum - Volume 9, March 2012
"The Emergency Communications Forum (ECF), published by OEC [Office of Emergency Communications] is intended to engage and inform the emergency response community, policy makers, and Federal, State, local, and tribal officials about issues and events that directly impact everyday nationwide emergency communications.' This edition of the Emergency Communications Forum contains the following articles: 'The National Council of Statewide Interoperability Coordinators: Coordinated Governance for Nationwide Guidance'; 'Charlotte Readies Public Safety Broadband Network for Summer Launch'; 'Broadband at the Local Level: What Every Jurisdiction Should Know'; 'Social Media and Emergency Response: Industry Council Hosts Social Media Forum'; 'SAFECOM and Statewide Interoperability Coordinators Convene First Joint Meeting'; 'OEC Team on the Road'."
United States. Department of Homeland Security. Office of Emergency Communications
2012-03
-
ICS-CERT Alert: ICS-ALERT-12-020-03: Schneider Electric Modicon Quantum Multiple Vulnerabilities
"ICS-CERT [Industrial Control Systems Cyber Emergency Response Team] is aware of a public report of multiple vulnerabilities affecting Schneider Electric Modicon Quantum PLC. According to this report, these vulnerabilities are exploitable through backdoor accounts (previously disclosed),a This report is based on information presented by the Project Basecamp team during Digital Bond's SCADA Security Scientific Symposium (S4), on January19, 2012. The vulnerability information is based on research conducted by Rubén Santamarta; the information was released without coordination with either the vendor or ICS-CERT. malformed HTTP [Hypertext Transfer Protocol] or FTP [File Transfer Protocol] requests, or cross-site scripting (XSS). ICS-CERT has notified Schneider Electric of the report and has asked the vendor to confirm the vulnerability and identify mitigations. ICS-CERT is issuing this alert to provide preliminary notice of the reported vulnerable products and to begin identifying baseline mitigations that can reduce the risk of cybersecurity attacks that may exploit these vulnerabilities."
United States. Department of Homeland Security. Office of Emergency Communications
2012-01-19
-
ICS-ALERT-12-020-04: Schweitzer SEL-2032 Plaintext Service Crash
"ICS-CERT [Industrial Control Systems Cyber Emergency Response Team] is aware of a report of multiple vulnerabilities with proof-of-concept (PoC) exploit code affecting Schweitzer Engineering Laboratories' SEL-2032 Communications Processor SCADA remote terminal unit (RTU). This report is based on research conducted by Dillon Beresford and was presented by the Project Basecamp team during the Digital Bond SCADA Security Scientific Symposium (S4) on January19, 2012. According to their findings, the RTU uses plaintext protocol for password authentication. In addition, the researchers were able to cause an intermittent crash to an unknown service through Telnet and Port 1024/TCP. Vulnerability details were released without prior coordination with either the vendor or ICS-CERT. ICS-CERT has coordinated with Schweitzer Engineering Laboratories and has asked the vendor to confirm the vulnerability and identify mitigations. ICS-CERT is issuing this alert to provide preliminary notice of the reported vulnerable product and to begin identifying baseline mitigations that can reduce the risk of cybersecurity attacks that may exploit these vulnerabilities."
United States. Department of Homeland Security. Office of Emergency Communications
2012-01-19
-
ICS-CERT Advisory: ICSA-13-014-01 - Siemans SIMATIC RF Manager Buffer Overflow
"This advisory provides mitigation details for a vulnerability that impacts the Siemens SIMATIC RF Manager. Siemens has identified a buffer overflow vulnerability in the ActiveX component of the SIMATIC RF Manager. Siemens has produced a patch that mitigates this vulnerability. Successful exploitation of this vulnerability could lead to possible remote code execution or a denial of service. This vulnerability could be exploited remotely."
United States. Department of Homeland Security. Office of Emergency Communications
2012-01-14
-
Technical Assistance Catalog [January 2012]
"This year's TA [technical assistance ] Catalog features several new and updated offerings to help our stakeholders address these challenges Among them are workshops for dispatch operations, mobile communications vehicles operations, and radio re-programming for narrowbanding In 2012, OEC [Office of Emergency Communications] will work with local stakeholders to help them understand and analyze National Emergency Communications Plan (NECP) Goal 2 data in order to focus OEC resources We are also exploring new technology to maximize our resources and expand TA access This includes virtual workshops and making resources available online using the www publicsafetytools info website Stakeholders can easily access tools such as the Narrowband License Status Tool and the CASM application, among others"
United States. Department of Homeland Security. Office of Emergency Communications
2012-01
-
Emergency Communications Forum - Volume 8, January 2012
"The Emergency Communications Forum (ECF), published by OEC [Office of Energy Commissions] is intended to engage and inform the emergency response community, policy makers, and Federal, State, local, and tribal officials about issues and events that directly impact everyday nationwide emergency communications." This edition of the Emergency Communications Forum contains the following articles: "There's No Model for This: Early Builder Iowa Navigates Uncharted LTE Territory"; "OEC Releases Interoperability Case Studies"; "Nations' Urban Areas Achieve Goal 1 of NECP [National Emergency Communications Plan]"; "FY 3023 SCIP [Statewide Communication Interoperability Plan] Implementation Workshop Program"; and "OEC Team on the Road".
United States. Department of Homeland Security. Office of Emergency Communications
2012-01
-
ICS-CERT Alert: ICS-ALERT-11-336-01: 3S CoDeSys Multiple Vulnerabilities
"ICS-CERT [Industrial Control Systems Cyber Emergency Response Team] is aware of public reporting of a buffer overflow vulnerability with proof-of-concept (PoC) exploit code affecting 3S CoDeSys web server, a Supervisory Control and Data Acquisition/Human-Machine Interface (SCADA/HMI) product. According to this report, the vulnerability is exploitable by sending specially crafted packets to the server Port 8080/TCP. This report was released by Celil Unuver of SignalSEC Labs. ICS-CERT had been coordinating the vulnerability with the security researcher and affected vendor prior to the public release. ICS-CERT is issuing this alert to provide notice of the report and identify baseline mitigations for reducing risks to this and other cybersecurity attacks."
United States. Department of Homeland Security. Office of Emergency Communications
2011-12-02
-
Interoperability Planning for Wireless Broadband
"The U.S. Department of Homeland Security's Office of Emergency Communications (OEC) created this document, in coordination with the emergency response community, to help Statewide Interoperability Coordinators plan for wireless broadband use in emergency communications. Established by Congress, OEC was stood up on April 1, 2007 in response to the communications challenges witnessed during Hurricane Katrina. OEC's mission is to support and promote the ability of public safety and government officials to continue to communicate in the event of natural disasters, acts of terrorism, or other man-made disasters, and work to ensure, accelerate, and attain interoperable and operable emergency communications nationwide. In 2008, OEC published the 'National Emergency Communications Plan'--the Nation's first strategic plan to address nationwide interoperable communications. Wireless broadband in emergency communications is rapidly becoming an essential component of nationwide interoperability. This document provides an overview of broadband technology, guidance on interoperability planning for broadband, best practices from waiver jurisdictions, and regional governance considerations. Although targeted toward Statewide Interoperability Coordinators, the topics are relevant to all public safety stakeholders. This document serves as a reliable and comprehensive source of information about wireless broadband in the emergency response environment."
United States. Department of Homeland Security. Office of Emergency Communications
2011-11
-
ICS-ALERT-11-291-01: W32.Duqu-Malware Targeting ICS Manufacturers
"On October 18, 2011, Symantec released a Security Response Report describing W32.Duqu, an information-gathering threat targeting specific organizations, including industrial control systems (ICSs) manufacturers. According to Symantec, W32.Duqu does not contain any code related to ICSs and is primarily a remote access Trojan (RAT). Symantec reports that the original sample of W32.Duqu was gathered from a research organization based in Europe and that additional variants have been recovered from a second organization in Europe. According to Symantec, the attackers are looking for information, such as design documents, that could potentially be used in a future attack on an industrial control facility. This threat is highly targeted toward a limited number of organizations, apparently to exfiltrate data concerning their specific assets; the propagation method is not yet known. Symantec indicates that W32.Duqu is not self-replicating. Symantec reports that other attacks could be ongoing using undetected variants of W32.Duqu. Symantec states that they are continuing to analyze additional variants of W32.Duqu."
United States. Department of Homeland Security. Office of Emergency Communications
2011-10-18
-
ICS-CERT Alert: ICS-ALERT-11-256-01: Progea Movicon Multiple Vulnerabilities
"ICS-CERT [Industrial Control Systems Cyber Emergency Response Team] is aware of a public report of three vulnerabilities with proof of concept (POC) exploit code affecting Progea Movicon PowerHMI Version 11, a SCADA/HMI [Supervisory Control And Data Acquisition/Human Machine Interface] Product. The report was released without coordination with the vendor or ICS-CERT. ICS-CERT has not yet verified the vulnerabilities or POC code, but has reached out to the affected vendor to notify, confirm, and identify mitigations. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks."
United States. Department of Homeland Security. Office of Emergency Communications
2011-09-13
-
Regional Interoperability Communications Plan
From the Introduction: "This document offers States guidance on completing the RICP [Regional Interoperability Communications Plan] template and provides further explanation on the types of information contained in each of the sections of the RICP template. It is a companion guide to the RICP template itself, which can be customized by States prior to sending the RICP template out to its regions for completion. It is the intent of the US Department of Homeland Security's Office of Emergency Communications (OEC) to provide States and their regions with a manageable template that can be easily adapted for their specific need."
United States. Department of Homeland Security. Office of Emergency Communications
2011-09
-
Emergency Communications System Life Cycle Planning Guide
From the Opening Letter of Chris Essid: "Public safety systems, whether they are land mobile radio systems or mobile data systems, can be complex and costly to implement. There are many technical challenges, but it is also important that those entrusted to make decisions understand the elements that go into deploying and managing these systems. System life cycle planning is a critical part of this understanding because it enables practitioners to better forecast long-term funding requirements and helps to set the framework for establishing and maintaining a public safety system. The Department of Homeland Security's Office of Emergency Communications within the National Protection and Programs Directorate's Office of Cybersecurity and Communications developed, with practitioner input, this System Life Cycle Planning Guide to assist you in your efforts to design, implement, support, and maintain a public safety communications system. The guide walks you through a number of steps and provides a high-level description of each area to help you fully engage in successful systems life cycle management. The guide is a starting point from which your organization can begin to plan and budget for a public safety system's implementation. Additionally, the guide provides information to help you educate agency or jurisdictional leadership on the complexity of public safety systems in support of your system justification."
United States. Department of Homeland Security. Office of Emergency Communications
2011-08
-
Communications Unit Leader (COML): A Valuable Resource for Incident Commanders
"The Communications Unit Leader (COML) is a position under the Logistics Section of the Incident Command System (ICS) […] The COML reports directly to the Logistics Chief or Incident Commander. A COML's responsibilities include developing plans for the effective use of incident communications equipment and facilities, managing the distribution of communications equipment to incident personnel, and coordinating the installation and testing of communications equipment. The COML will supervise other members of the Communications Unit such as the Communications Technician (COMT), Radio Operator (RADO), and Incident Communications Center Manager (INCM), if those positions are filled during an incident. The COML may also supervise volunteer communicators, if available, such as the amateur radio emergency communications support team."
United States. Department of Homeland Security. Office of Emergency Communications
2011-07
