homepage
Menu
Open menu
  • Training
    Go one level top Back

    Training

    • Courses

      Build cyber prowess with training from renowned experts

    • Hands-On Simulations

      Hands-on learning exercises keep you at the top of your cyber game

    • Certifications

      Demonstrate cybersecurity expertise with GIAC certifications

    • Ways to Train

      Multiple training options to best fit your schedule and preferred learning style

    • Training Events & Summits

      Expert-led training at locations around the world

    • Free Training Events

      Upcoming workshops, webinars and local events

    • Security Awareness

      Harden enterprise security with end-user and role-based training

    Featured: Solutions for Emerging Risks

    Discover tailored resources that translate emerging threats into actionable strategies

    Risk-Based Solutions

    Can't find what you are looking for?

    Let us help.
    Contact us
  • Learning Paths
    Go one level top Back

    Learning Paths

    • By Focus Area

      Chart your path to job-specific training courses

    • By NICE Framework

      Navigate cybersecurity training through NICE framework roles

    • DoDD 8140 Work Roles

      US DoD 8140 Directive Frameworks

    • By European Skills Framework

      Align your enterprise cyber skills with ECSF profiles

    • By Skills Roadmap

      Find the right training path based on critical skills

    • New to Cyber

      Give your cybersecurity career the right foundation for success

    • Leadership

      Training designed to help security leaders reduce organizational risk

    • Degree and Certificate Programs

      Gain the skills, certifications, and confidence to launch or advance your cybersecurity career.

    Featured

    New to Cyber resources

    Start your career
  • Community Resources
    Go one level top Back

    Community Resources

    Watch & Listen

    • Webinars
    • Live Streams
    • Podcasts

    Read

    • Blog
    • Newsletters
    • White Papers
    • Internet Storm Center

    Download

    • Open Source Tools
    • Posters & Cheat Sheets
    • Policy Templates
    • Summit Presentations
    • SANS Community Benefits

      Connect, learn, and share with other cybersecurity professionals

    • CISO Network

      Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

  • For Organizations
    Go one level top Back

    For Organizations

    Team Development

    • Why Partner with SANS
    • Group Purchasing
    • Skills & Talent Assessments
    • Private & Custom Training

    Leadership Development

    • Leadership Courses & Accreditation
    • Executive Cybersecurity Exercises
    • CISO Network

    Security Awareness

    • End-User Training
    • Phishing Simulation
    • Specialized Role-Based Training
    • Risk Assessments
    • Public Sector Partnerships

      Explore industry-specific programming and customized training solutions

    • Sponsorship Opportunities

      Sponsor a SANS event or research paper

    Interested in developing a training plan to fit your organization’s needs?

    We're here to help.
    Contact us
  • Talk with an expert
  • Log In
  • Join - it's free
  • Account
    • Account Dashboard
    • Log Out
  1. Home >
  2. Blog >
  3. Critical Infrastructure Cyber Threats & The UK Region
DeanParsons_340x340.png
Dean Parsons

Critical Infrastructure Cyber Threats & The UK Region

Mature ICS facilities in the region realize and embrace the differences between IT and ICS/OT.

February 7, 2024

PRACTITIONER EXPERIENCE – BETWEEN SANS TRAINING EVENTS

ICS_-_Blog_Graphics_-_Critical_infrastructure_cyber_threats_&_the_uk_region_-_725_x_413.198.png

With my firm ICS Defense Force, I perform industrial control system (ICS) security assessments, incident response tasks, and incident response tabletops across multiple critical infrastructure sectors as defined by the UK Government. As a Certified SANS Instructor, this experience in the field between my classes allows me to meet with security teams, engineering staff, and those leading the charge of cybersecurity risk management and defense. Including the decision makers, who are seeking technical solutions and tactical training to address their identified cybersecurity challenges for the protection of critical infrastructure.

THE 1st EVER SANS ICS SUMMIT IN LONDON

We. Are. Excited! For the 1st time ever, SANS ICS will be hosting an ICS Summit in London. The SANS ICS UK Summit 2024 will take place on Tuesday 5th March at etc.venues Monument in London. The summit is set to deliver relevant cyber security knowledge and skills through panel discussions and presentations while bringing together the industry’s top practitioners and leading experts from across the UK region. The summit will be available to attend in-person only where you can expect to hear from and network with prominent experts and leaders in the ICS/OT industry. More information, and on how to register to reserve your spot at this inaugural event, can be found here: SANS ICS UK Summit 2024.

Below is the reason why we will be in the region speaking specifically on the protection of control systems and critical infrastructure in the there.

MODERN ATTACKS AGAINST CRITICAL INFRASTRUCTURE

Modern adversaries have illustrated brazen steps to defeat traditional security controls. They have placed the safety of people, and reliability of engineering industrial control systems, at high risk. With this, adversaries have sent a clear message to facility owners, operators, and leadership responsible for industrial control system (ICS) and operational technology (OT) environments. That is, critical infrastructure is a target. The protection and defense? Safe and resilient critical infrastructure requires dedicated ICS/OT specifically trained defenders, using purpose-built ICS/OT-aware technology, how embrace the defined differences between IT and ICS/OT.

ICS THREAT LANDSCAPE IN THE UK REGION

Recent threat landscape analysis for the UK region, and surrounding area, indicates attacks against critical infrastructure are increasing in volume and sophistication. Energy, Food, Water, and Transport, are just some of the critical national infrastructure (CNI) that adversaries, including nation-state offensive teams, continue to target in the region. The NCSC (National Cyber Security Centre), has warned of significant threat to UK's critical infrastructure in recent reports through the 2022 and 2023 Annual Reviews. These outline the importance of cyber resilience for UK critical national infrastructure, as the region has observed the emergence of a new class of cyber adversary. Adversaries who include cyber-attacks against critical infrastructure as a legitimate component of cyber and physical warfare.

In alignment to this, modern ICS/OT adversary groups have illustrated capabilities ranging from external and internal industrial control system network reconnaissance to system shutdowns and safety impacts. All of which can be mapped to Stage 1 and Stage 2 of the ICS Kill Chain. Additionally, they have up skilled their capabilities which has become more difficult to detect inside control system networks.

Many of their attack techniques, including their disruptive attack capabilities do not even need to rely on exploits or zero-day vulnerabilities. Instead, such groups leverage legitimate and already installed engineering systems, program libraries, and hardware features, but used for nefarious purposes. This dangerous attack tradecraft effectively turns the control systems against itself. This, now a common adversary attack technique called “Living off the land”, is difficult or impossible for traditional security controls to detect or respond to. Living off the land and the related countermeasures can be found in a recent ICS cyber security blog here: Living Off the Land Attacks and Countermeasures in Industrial Control Systems.

Ransomware has also been increasing, globally. IT Ransomware that makes its way into ICS networks can have impacts on traditional operating system components. However, ICS/OT purpose-built Ransomware, such as EKANS, can have more of an impact on the monitoring and controls over engineering operations.

ICS Attack Framework for ANY sector

The discovery and analysis of the ICS/OT attack framework PIPEDREAM/Incontroller provides capabilities to target engineering equipment inside ICS facilities in nearly any sector, and any region. It can impact a wide variety of vendor equipment including PLCs (programmable logic controllers), which effectively run entire plant floors. This dangerous scalable attack framework can abuse already installed legitimate industrial automation software, and legitimate ICS network protocols, including but not limited to OPC-UA, Modbus, and some proprietary protocols.

STARTLING FINDINGS IN 2023 ICS/OT SECURITY

Taken from the recent SANS 2023 ICS/OT Cybersecurity Survey data, nearly 40% of ICS/OT facilities indicate the initial attack vector of compromises to their ICS/OT come from IT networks that allow threats into the ICS network.

ICS_-_Blog_Graphics_-_Critical_infrastructure_cyber_threats_&_the_uk_region_-_725_x_419.198.png

Additionally, from the recent SANS 2023 ICS/OT Cybersecurity Survey data, about only half of ICS facilities have an ICS/OT-specific incident response plan that is documented, tested using engineering driven tabletop exercises, and is kept up to date. 17% are unsure whether they have such a dedicated ICS incident response plan.

ICS_-_Blog_Graphics_-_Critical_infrastructure_cyber_threats_&_the_uk_region_-_725_x_419.1982.png

A COPY & PASTE OF IT SECURITY INTO ICS/OT WILL KILL SAFETY

It is imperative top facility leadership, and engineering teams know the differences between traditional IT security and industrial control system security. ICS/OT assets are often incorrectly compared to traditional IT assets. Traditional IT assets focus on data at rest or data in transit, user data and user applications. Whereas ICS/OT are engineering assets, equipment, that focus on real-time systems for physical input values and controlled output physical action that have an effect in the real-world. It is this primary difference between IT and ICS/OT that drive differing cybersecurity design, security assessment approaches, risk surface understanding, safety, strategy, support, cyber tactical defense, and industrial incident response practices.

“Standard cyber incident remediation actions deployed in IT business systems may result in ineffective and even disastrous results when applied to ICS cyber incidents, if prior thought and planning specific to operational ICS is not done.”

ICS_-_Blog_Graphics_-_Critical_infrastructure_cyber_threats_&_the_uk_region_-_725_x_960.png

While in the region training at our SANS ICS events, during the breaks and networking sessions it gives everybody a wonderful opportunity to share experiences from the field. Also, insights into recent trends and practical engineering ways to address cybersecurity challenges in facilities looking to mature their ICS/OT security programs.

Tactical Training for ICS-Specific Cyber Defense

The SANS course, ICS515: ICS Visibility, Detection, and Response meets several modern ICS security challenges head-on. ICS515 teaches students how to perform tactical ICS incident response by leveraging hands-on labs. Labs include assembling and running a programmable logic controller (PLC) like you’d see on a plant floor. Students keep the PLC kit for continued learning after class is over. Students from IT, ICS, engineering, etc., will detect and defend against threats in several realistic ICS environments.

ICS Tactical Defense Take-Away Resources

Those who are technical and assigned to industrial control system cyber defense can leverage these freely available resources to help kick-start and mature their ICS dedicated cybersecurity program:

Industrial Control System Cyber Incident Response

This poster offers guidance on preparing for and performing cyber–Incident Response (IR) for Industrial Control System (ICS) environments. For the most effective industrial IR and established industrial NSM (Network Security Monitoring) program an updated ICS Asset Inventory is best. See related ICS NSM Poster to assist with this control system network security monitoring and proactive defense. Download here.

ICS Leadership Take-Away Resources

Leaders responsible for industrial control system cyber defense best build strong relationships with engineering staff, always prioritize safety, and can leverage this ICS Leadership poster if they are new to an ICS/OT leadership role.

ICS Cybersecurity Leadership

This industrial control systems (ICS) and operational technology (OT) cybersecurity leadership poster reveals the key elements to building and leading an industrial cybersecurity team. Several critical points are included in this poster for ICS security leaders, such as how to build a dedicated ICS cybersecurity team, with specific roles, tasks and job descriptions. Additional elements of this poster provide ICS/OT risk managers with possible training and development paths and how to build and maintain strong relationships with engineering teams. Furthermore, this poster guides those responsible for ICS/OT cybersecurity around The ICS Cybersecurity Leadership Cycle and offers both tactical and strategic defense moves ready to be applied to any sector to further the protection of critical infrastructure environments.

The content of this poster supports ICS418: ICS Security Essentials for Managers. Download here.

Leadership Training for ICS-Specific and Engineering Management

The SANS course, ICS418: ICS Security Essentials for Managers course empowers leaders responsible for securing ICS/OT environments. The course addresses the need for dedicated ICS security programs, the teams that run them, and the skills required to map industrial cyber risk to business objectives to prioritize safety. ICS418 will help leaders manage the people, processes, and technologies necessary to create and sustain lasting ICS cyber risk programs while promoting a culture of safety, reliability, and security, for any ICS/OT environment, across any sector or region.

CONCLUSION

Mature ICS facilities in the region realize and embrace the differences between IT and ICS/OT. They hire, train, and retrain people trained in ICS specific security who prioritize safety. Who have an engineering-driven mindset to ensure preparedness for the eventuality of responding to industrial-grade incident against their engineering and critical infrastructure operations.

On behalf of myself and the SANS ICS, we thank you for taking the time to review this crucial topic and related actionable take-aways for the further protection of critical systems in the UK region. We look forward to seeing you all at the 1st ever SANS ICS UK Summit 2024 in London!

Be safe from industrial cyber incidents!

Share:
TwitterLinkedInFacebook
Copy url Url was copied to clipboard
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Cote D'ivoire
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Eswatini
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Macedonia
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania, United Republic Of
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City State
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Tags:
  • Industrial Control Systems Security

Related Content

Blog
Industrial Control Systems Security
May 19, 2025
Culture Over Checklists: How NextEra Is Rethinking NERC CIP with People at the Center
When people ask me what makes a successful NERC CIP program, my answer is always the same: it’s not just about compliance, it’s about culture. You can meet every regulatory requirement and still be vulnerable. You can pass every audit and still lack resilience. The organizations that stand out—the...
370x370_Jason-D-Christopher.jpg
Jason D. Christopher
read more
Blog
emerging threats summit 340x340.png
Digital Forensics, Incident Response & Threat Hunting, Offensive Operations, Pen Testing, and Red Teaming, Cyber Defense, Industrial Control Systems Security, Cybersecurity Leadership
May 14, 2025
Visual Summary of SANS Emerging Threats Summit 2025
Check out these graphic recordings created in real-time throughout the event for SANS Emerging Threats Summit 2025
No Headshot Available
Alison Kim
read more
Blog
Blog - Cloudy with a Chance of_340 x 340.jpg
Industrial Control Systems Security
May 13, 2025
Cloudy with a Chance of Industrial Cyber Threats, Part 1
Cloud in ICS/OT can enable scalable data storage, remote monitoring, analytics, disaster recovery, & industrial process control capabilities.
DeanParsons_340x340.png
Dean Parsons
read more
  • Company
  • Mission
  • Instructors
  • About
  • FAQ
  • Press
  • Contact Us
  • Careers
  • Policies
  • Training Programs
  • Work Study
  • Academies & Scholarships
  • Public Sector Partnerships
  • Law Enforcement
  • SkillsFuture Singapore
  • Degree Programs
  • Get Involved
  • Join the Community
  • Become an Instructor
  • Become a Sponsor
  • Speak at a Summit
  • Join the CISO Network
  • Award Programs
  • Partner Portal
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Cote D'ivoire
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Eswatini
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Macedonia
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania, United Republic Of
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City State
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
  • Privacy Policy
  • Terms and Conditions
  • Do Not Sell/Share My Personal Information
  • Contact
  • Careers
© 2025 The Escal Institute of Advanced Technologies, Inc. d/b/a SANS Institute. Our Terms and Conditions detail our trademark and copyright rights. Any unauthorized use is expressly prohibited.
  • Twitter
  • Facebook
  • Youtube
  • LinkedIn