One Day Left! Get an iPad, Tab A, or $250 Off with your OnDemand registration


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

As Industrial Cyber Attacks Increase in Size and Scope Companies Struggle to Train Enough Defenders

  • Bethesda, MD
  • December 22, 2014

Industrial corporations are beginning to train "cyber defenders" at a record rate, but the number of trained and certified employees who can defend their companies' equipment and systems against skilled attackers falls far short of the need.

"Targeted, customized cyber attacks against industrial equipment at power plants, pipelines, refineries, energy distribution centers and factories are increasing and workforces generally are under-trained to defend their companies," said Michael Assante, a project leader at the SANS Institute, the world's largest cyber defense training provider.

While cyber attacks against retailers, credit card companies and banks get much attention, "another universe of cyber incidents are going on virtually out of sight," Assante said, "and the danger to our infrastructure, economy and security is difficult to measure."

These attacks are being lodged against "industrial control systems," ICS for short, a category that includes all the hardware, software and communications that enable pipelines to flow, nuclear power to be safely generated, and factory machines to produce goods. Municipal water and sewer systems also fall into this classification.

Industrial equipment was first controlled manually, then with analog electronics. Since the 1990s the brains of these systems have been converted to digital, web-accessible structures that raise efficiency and save money, but open them to cyber tampering.

Certified training to prevent or stifle ICS attacks involves different job roles and a different set of skills than the more familiar capabilities used to protect office systems and financial structures. To ensure that training is rigorous and relevant, a collaboration of ICS manufacturers, ICS users and security specialists such as SANS established the Global Industrial Control System Professional (GICSP) certification.

"Protecting the retail or front end of businesses through training is much further along than training for ICS defense," Assante said. The SANS Institute, which expects to train and certify a record 1,000-plus engineers and cyber security professionals in 2014, estimates that in the U.S. power industry alone - nuclear, conventional and the transmission grids - almost 10,000 more certified trained professionals are needed today than are currently working in this sector.

"That's just one example," Assante said. "The power industry is just one of many vulnerable sectors that support our economy and face a shortfall of qualified cyber defenders."

Assante and his colleagues are encouraged that the federal government is beginning to recognize the training gap, but he said bills in Congress aimed addressing the problem "will need a lot of work to become effective legislation."

"As a society, we've declared war on criminal hackers who are after your credit card and bank account. But when criminals attack the machinery of our economy, the threat is every bit as great, and perhaps greater," said Ed Skoudis, a SANS Institute trainer and founder of the New Jersey security firm Counter Hack. "As machinery and processes become more digitized and connected to the Internet, the threat grows more extreme."

Tackling the problem in earnest now is imperative, Assante said, calling the increasingly sophisticated ICS attacks "a dress rehearsal for what's coming with smart homes, connected cars and 'the Internet of Things.'"

Assante is the SANS Institute's security project lead for ICS and Supervisory Control and Data Acquisition (SCADA). He is a former vice president and chief security officer of the North American Electric Reliability Corporation (NERC). Prior to joining NERC he held high-level positions at Idaho National Labs and was vice president and chief security officer for American Electric Power Co. in Columbus, Ohio.

Skoudis and his firm are the developers of CyberCity, a virtual town where computers simulate ICS-type structures and professionals practice attacking and defending the town's infrastructure.

SANS' 10th annual ICS Security Summit & Training, the premier event to attend in 2015 for ICS cybersecurity practitioners and managers, convenes Feb. 23, 2015 and runs through March 2, in Orlando, Fla. This year's summit will feature hands-on training focused on attacking and defending ICS environments, industry-specific pre-summit events, and an action-packed summit agenda with the release of ICS security tools and the popular security kit for Summit attendees. At the Summit you will learn: 1) The nature of these ICS-focused threats & implications of targeted attacks; 2) What is not working; 3) The paths and options to building your program.

For more information about the 10th annual ICS Summit & Training, or to register, please visit:

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (