The SANS Industrial Control Systems Library is a central resource for all ICS Brochures detailing our courses, Posters, Surveys, Whitepapers, and our Defense Use Case papers. All of the assets below are .pdf downloads.
Brochures
2016: Deutsche ICS Brochüre
2016: ICS Security Training Brochure
2016: 2016 ICS Security Summit & Training Orlando Brochure
2015: ICS for Electric Utility Brochure
Posters
NEW! - ICS "Control Systems Are A Target" Poster
NEW! - ICS "What Will Your Attack Look Like?" Poster
ICS "Sliding Scale of Cyber Security" Poster
ICS "Job Role to Competency Level Recommendation" Poster
ICS "Securing an Automated World" Poster
Analyst Surveys
2017: Securing Industrial Control Systems
2016: SANS 2016 State of ICS Security Survey
2015: The State of Security in Control Systems Today 2015
2014: SANS ICS Security Survey 2014
2013: SANS SCADA and Process Control Security Survey 2013
Whitepapers
March 2020: ICS OT Systems Security Engineering Is Not Dead
SANS Institute: Isiah Jones
September 2018: Practical Industrial Control System (ICS) Cybersecurity: IT and OT Have Converged - Discover and Defend Your Assets
SANS Institute: Doug Wylie and Dean Parsons
July 2018: Hunting with Rigor: Quantifying the Breadth, Depth and Threat Intelligence Coverage of a Threat Hunt in Industrial Control System Environments
SANS Institute: Dan Gunter
June 2017: Incentivizing Cyber Security: A Case for Cyber Insurance
SANS Institute: Jason Christopher
February 2017: Digital Ghost: Turning the Tables
SANS Institute
August 2016: The GICSP: A Keystone Certification
SANS Institute
October 2015: The Industrial Control System Cyber Kill Chain
SANS Institute
August 2015: The Sliding Scale of Cyber Security
SANS Institute
June 2015: The State of Security in Control Systems Today: A SANS Survey
SANS Institute
Sponsored by: SurfWatch Labs and Tenable Network Security
May 2015: The Perfect ICS Storm
SANS Institute: Glenn Aydell
August 2014: An Abbreviated History of Automation & Industrial Controls Systems and Cybersecurity
SANS Institute
January 2014: Industrial Control Systems (ICS) Cybersecurity Response to Physical Breaches of Unmanned Critical Infrastructure Sites Whitepaper
SANS Institute
Videos
Exploring the Unknown Industrial Control System Threat Landscape - SANS ICS Security Summit 2017
If We're Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?
Incentivizing ICS Security: The Case for Cyber Insurance - SANS ICS Security Summit 2017
Demo: The Ukraine Event In a Box - SANS ICS Security Summit 2017
How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017
ICS Defense Use Cases (DUC)
The ICS community consisting of experienced ICS security practitioners have come together to analyze recent real-world incidents that range from ICS incidents, threat intelligence, and CP/PE [Cyber-to-Physical or Process Effects] that have received media coverage. The Defense Use Cases below are case study papers that contain summaries of the publicly available information and potential realistic scenarios to fill in the gaps. In detailing scenarios that could have occurred we're able to provide a baseline for possibilities and how best to defend against these types of attacks.
The case study .pdf downloads below can be used to evaluate your critical systems and determine how best to keep them safe.
- ICS Defense Use Case 7: Analysis of the recent report of supply chain attacks on US electric infrastructure by Chinese Actors
June 12th, 2020 - ICS Defense Use Case 6: Modular ICS Malware
Aug. 3, 2017 - ICS Defense Use Case 5: Analysis of the Cyber Attack on the Ukrainian Power Grid
Mar. 18, 2016 - ICS Defense Use Case 4: Media Reports of Attacks on US Infrastructure by Iran
Jan. 5, 2016 - ICS Defense Use Case 3: The Lost DUC - Unavailable for Online
Apr. 23, 2015 - ICS Defense Use Case 2: German Steel Mill Cyber Attack
Dec. 30, 2014 - ICS Defense Use Case 1: Media report of the Baku-Tbilisi-Ceyhan (BTC) pipeline Cyber Attack
Dec. 20, 2014
Disclaimer:
We are providing summaries of publicly available information and have not validated if the incidents happened the way that has been described in the publicly available reporting. We are providing summaries of information, as we believe elements of the stories being conveyed provide a learning opportunity for ICS defenders.
Other Resources
