KL ICS CERT Mission
Who are we?
Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (KL-ICS-CERT) is a global Kaspersky Lab project that aims to coordinate the actions of automation system manufacturers, the owners and operators of industrial facilities and information security researchers when addressing problems related to the security of industrial enterprises and critical infrastructure objects.
Our view of the situation
We see that the owners and operators of industrial facilities face a whole range of problems when it comes to providing cybersecurity for their main production assets. Different sources offer different and often conflicting information about threats; information about vulnerabilities is published months or even years after they are detected, while information about some incidents is not published at all. Requirements stipulated by industry standards and government regulators are difficult to understand; sometimes they are incomplete and inconsistent. The level of awareness of the most basic security measures among employees at industrial enterprises remains inadequate in the face of current threats. Despite the obvious progress in information security technologies and procedures, these are rarely used to protect industrial facilities; there are no generally accepted practices or standards for applying security measures and tools.
In these circumstances, we cannot remain on the sidelines. Seeing the bigger global picture and watching the development of the threat landscape, we realize the critical nature of the situation and we are ready to help change it for the better and make our world a safer place.
We have information about vulnerabilities and cybersecurity threats that is gathered from Kaspersky Lab’s own proprietary sources; we possess state-of-the-art, in-house technologies for detecting and preventing complex attacks. Our goal is to create a platform where information security experts and the owners and operators of industrial facilities can work together on issues such as designing and implementing security for critical enterprises to protect them from cyber attacks. We hope to involve experts from other companies and enterprises in our project, as well as interested researchers.
Kaspersky Lab’s contribution
Within the framework of the KL-ICS-CERT project, Kaspersky Lab provides a broad range of information and other services:
- Information about vulnerabilities detected in industrial automation systems, recommendations on how to fix them or mitigate the risks when running such systems;
- Information about current threats to industrial automation systems and recommendations on how to protect against them;
- Information about known information security incidents;
- Consultation on state and industry regulatory requirements in the field of information security for industrial systems;
- Security assessments of the automation systems installed at industrial facilities;
- Vulnerability scans of industrial automation systems and their components;
- Investigation of information security incidents that occur on industrial automation systems;
- Technical analysis of incident artifacts (detected malicious code, memory dumps and network activity, contents of electronic media, etc.).
- Objectivity. We do not take sides. We do not withhold or conceal any information about current vulnerabilities or threats. We verify our sources of information, run a comprehensive analysis of the data we receive, and thoroughly double-check research results. We base our reports on the facts we have examined ourselves. We do not make conclusions based on assumptions or speculation. In our publications, we endeavor not to leave any room for misreading or loose interpretations. We do not accept politically motivated requests. The religious views or political opinions of our employees do not influence the results of the work we do. We have no explicit commercial motivation. In our research, we do not make it a point to justify or substantiate our own point of view, even if it runs counter to Kaspersky Lab’s commercial interests.
- Trust. All our actions are taken purely for the purpose of protecting against cyber attacks. We do not transfer any information to third parties that, in our opinion, could be used to prepare or conduct attacks on automation systems in industrial facilities or critical infrastructure objects.
- Confidentiality. Under no circumstances do we divulge information that our clients or contractors provided to us confidentially, unless they have explicitly authorized us to do so. We do not store information unless necessary. We use the most reliable technologies and organizational measures for communicating and storing information.
- We are leaders. Kaspersky Lab is a global leader in the anti-malware security market. We detect the most complex attacks, including targeted attacks, against our clients’ information systems. We have detected and investigated more complicated targeted attacks than any of our competitors.
- We’re a global company. We have a presence in 200+ countries around the world. This allows us to see a global picture of current threats, promptly warn our clients of newly emerging threats and protect against them.
- We are pioneers. Kaspersky Lab is among the first large information security players to address the problems of industrial automation systems.
- We have unique expertise. Our team brings together unique specialists in the areas of both information and functional security; this makes it possible to protect industrial objects as well as cyber-physical systems based on the logic and physical implementation of the technological process. It means we can detect and prevent cyber attacks that may lead to immediate physical consequences.
- We are independent. We are in no way, whether directly or indirectly, related to or associated with any political entities, government institutions or businesses. This helps us be objective both when we detect cyber attacks and when we publish information about threats or vulnerabilities. This also enables us to effectively cooperate with national and international partners in various countries and on different continents, and exchange information with them about vulnerabilities and threats.
- Our users trust us. More than 400 million users around the globe entrust their security to Kaspersky Lab. 60 million users around the world actively help us to detect new threats by voluntarily participating in our Kaspersky Security Network. Of these users, XXX are owners or operators of industrial facilities.
- We can afford it. We are ready to share information and help free of charge, funding our research and services from Kaspersky Lab’s own funds, in order to provide critical infrastructure objects with protection from cyberattacks. Our motivation for this is an awareness that people’s comfort and wellbeing relies on the uninterrupted and stable operation of such infrastructures.
For all requests please email firstname.lastname@example.org or contact one of our regional offices by phone: