The ICS Advisory Project was created by Dan Ricci to provide smaller OT asset owners, CISOs, cybersecurity analysts, and researchers with an analysis tool that allows them to quickly identify threats and vulnerabilities by product, vendor, and even by Critical Infrastructure sector. Our interactive dashboards are the result of countless hours of research, analysis, and data enrichment by Dan and community volunteers using publicly available threat/vulnerability data such as CISA ICS Advisories, CVEs, and MITRE ATT&CK, just to name a few.

While the vulnerability data provided in CISA ICS Advisories may seem duplicative of CVE data, the Advisories contain additional insights not supplied in a CVE, such as a vendor headquarters location, product distributions, and Critical Infrastructure sectors for each vendor product. This extra data is valuable to Security and Industry researchers to understand potential supply chain risks associated with vendor production locations and vulnerabilities across specific critical infrastructure sectors.

The ICS Advisory Project provides visualization of CISA ICS Advisories and Advance Persistent Threats (APT) information in a way that allows organizations to focus on vendor product vulnerabilities used in their OT/ICS networks when assessing their risk. Our entire ICS Advisory Project dataset is publicly available from our GitHub Repository and is already consumed by our users and organizations worldwide.

Our ICS Advisory Project continues to enrich the CISA ICS Advisories data through vendor name normalization, identification of ICS asset type and Purdue Model Level, and correlation to the CISA Known Exploited Vulnerability (KEV) catalog. We believe this approach can help save security analysts hours correlating vulnerability data points between different vulnerability data sources from one website. 

To help your organization identify vulnerabilities and prioritize defenses for protecting your ICS environment, you can use our ICS Advisory Project dashboards on your own or contact us directly to guide you on how to best use them for your organization.