About
The ICS Advisory Project was created by Dan Ricci to provide smaller OT asset owners, CISOs, cybersecurity analysts, and researchers with an analysis tool that allows them to quickly identify threats and vulnerabilities by product, vendor, and even by Critical Infrastructure sector. Our interactive dashboards are the result of countless hours of research, analysis, and data enrichment by Dan and a few volunteers using publicly available threat/vulnerability data such as CISA ICS Advisories, CVEs, MITRE ATT&CK, and ICS Vulnerability Researcher Scoreboard.
The ICS Advisory Project was created by Dan Ricci to provide smaller OT asset owners, CISOs, cybersecurity analysts, and researchers with an analysis tool that allows them to quickly identify threats and vulnerabilities by product, vendor, and even by Critical Infrastructure sector. Our interactive dashboards are the result of countless hours of research, analysis, and data enrichment by Dan and a few volunteers using publicly available threat/vulnerability data such as CISA ICS Advisories, CVEs, MITRE ATT&CK, and ICS Vulnerability Researcher Scoreboard.
While the vulnerability data provided in CISA ICS Advisories may seem duplicative of CVE data, the Advisories contain additional insights not supplied in a CVE, such as a vendor headquarters location, product distributions, and Critical Infrastructure sectors for each vendor product. This extra data is valuable to Security and Industry researchers to understand potential supply chain risks associated with vendor production locations and vulnerabilities across specific critical infrastructure sectors.
While the vulnerability data provided in CISA ICS Advisories may seem duplicative of CVE data, the Advisories contain additional insights not supplied in a CVE, such as a vendor headquarters location, product distributions, and Critical Infrastructure sectors for each vendor product. This extra data is valuable to Security and Industry researchers to understand potential supply chain risks associated with vendor production locations and vulnerabilities across specific critical infrastructure sectors.
The ICS Advisory Project provides visualization of CISA ICS Advisories and Advance Persistent Threats (APT) information in a way that allows organizations to focus on vendor product vulnerabilities used in their OT/ICS networks when assessing their risk. Our entire ICS Advisory Project dataset is publicly available from our GitHub Repository and is already consumed by our users and organizations worldwide.
The ICS Advisory Project provides visualization of CISA ICS Advisories and Advance Persistent Threats (APT) information in a way that allows organizations to focus on vendor product vulnerabilities used in their OT/ICS networks when assessing their risk. Our entire ICS Advisory Project dataset is publicly available from our GitHub Repository and is already consumed by our users and organizations worldwide.
Our ICS Advisory Project continues to enrich the CISA ICS Advisories data through vendor name normalization, identification of ICS asset type and Purdue Model Level, and correlation to the CISA Known Exploited Vulnerability (KEV) catalog. We believe this approach can help save security analysts hours correlating vulnerability data points between different vulnerability data sources from one website.
Our ICS Advisory Project continues to enrich the CISA ICS Advisories data through vendor name normalization, identification of ICS asset type and Purdue Model Level, and correlation to the CISA Known Exploited Vulnerability (KEV) catalog. We believe this approach can help save security analysts hours correlating vulnerability data points between different vulnerability data sources from one website.
To help your organization identify vulnerabilities and prioritize defenses for protecting your ICS environment, you can use our ICS Advisory Project dashboards on your own or contact us directly to guide you on how to best use them for your organization.
To help your organization identify vulnerabilities and prioritize defenses for protecting your ICS environment, you can use our ICS Advisory Project dashboards on your own or contact us directly to guide you on how to best use them for your organization.