ICS-CSIRT.io is a community effort to disseminate security information on Industrial Control Systems. ICS-CSIRT.io is not affiliated or linked with a governmental or commercial partner. Membership of ICS-CSIRT.io is free and grants you access to a MISP and OpenCVE instance. In return for membership we ask you to submit content to the ICS threat data.
Send an e-mail to info@ics-csirt.io, describe how you can contribute and after a validation process you will get login credentials for MISP and OpenCVE. Use your professional or corporate email address and optionally attach your public PGP or S/MIME key. The MISP accounts require authentication with OTP. Accounts are setup for name-based addresses (your.name@company.com), and not for generic addresses (info@company.com).
Events and information are shared under the conditions of the Traffic Light Protocol (TLP). Every participant is obliged to comply with the classification. Naturally, you are responsible for the information you share. In your request e-mail acknowledge that you agree with these sharing and classification conditions, and educate the users of the organisation you will be MISP OrgAdmin for about those rules, too. The acknowledgement is mandatory for processing the request.
If you already have a MISP instance installed (which is usually more convenient for automation), you can also already provide us the MISP UUID of your organization.
The MISP instance is bootstrapped with ICS relevant events shared under tlp:clear (tlp:white). It is then up to the community to further add relevant events.
There is an automatic curation process for events synchronised from other MISP servers, this includes checks with MISP warninglists and the CIRCL Hashlookup service. Only events tagged with workflow:state=complete are considered complete and ready to be used.