Industrial Control Systems / SCADA
Featuring 18 Papers as of February 3, 2017
Digital Ghost: Turning the Tables Analyst Paper
by Michael J. Assante - February 1, 2017
- Associated Webcasts: Digital Ghost: Turning the Tables on Cyber Attacks in Industrial Systems
- Sponsored By: GE
The complex weave of digital technology relies heavily on hyperconnected systems to move data and unlock value through analytics. The benefits are real, but the stakes involved require a serious look at the potential downsides, including the risk of cyber attacks. Organizations embracing technology innovation should not focus solely on efficiency and productivity, for innovation done correctly can also reduce the risks that come with expanding digital touchpoints.
How to Target Critical Infrastructure: The Adversary Return on Investment from an Industrial Control System STI Graduate Student Research
by Matthew Hosburgh - July 12, 2016
Imagine a device that could decrypt all encryption—within seconds. A box with this capability could be one of the most valuable pieces of equipment for an organization, but even more valuable to an adversary. What if that box only worked against American encryption? If true, a particular market would be ripe for the harvest. A device that powerful could be used to decrypt secrets and data in transit, making encrypted data an adversary might have access to, extremely valuable. Similarly, Critical Infrastructure is a target for some because of the yield that a successful attack could result in. Death, disruption or damage is a real possibility. The Return on Investment (ROI) and Return on Security Investment (ROSI) fall short in actually determining the level of protection required for an organization striving to protect the most sensitive data or system. The Adversary Return on Investment (AROI) is the missing piece to the equation. From the adversary’s vantage point, data, infrastructure or systems have value. By understanding this value an organization can more appropriately align its security strategy; especially, for the most critical infrastructure.
SANS 2016 State of ICS Security Survey Analyst Paper
by Derek Harp and Bengt Gregory-Brown - June 28, 2016
- Associated Webcasts: Where Are We Now?: The SANS 2016 ICS Survey
- Sponsored By: Arbor Networks Carbon Black Anomali Belden
Analysis of survey data collected between January and April 2016 indicates that security for ICSes has not improved in many areas and that many problems identified as high-priority concerns in our past surveys remain as prevalent as ever. In this report we focus on identifying and prioritizing recommendations to address the greatest concerns.
Evaluating Cyber Risk in Engineering Environments: A Proposed Framework and Methodology by Rebekah Mohr - May 31, 2016
Constructing a Measurable Tabletop Exercise for a SCADA Environment STI Graduate Student Research
by Matthew Hosburgh - March 14, 2016
It was the start of the evening shift. Because daylight savings just “fell back” it was already dark outside—at six o’clock PM central time.
The Impact of Dragonfly Malware on Industrial Control Systems STI Graduate Student Research
by Nell Nelson - January 22, 2016
During the past several years and ending in 2014, Dragonfly malware infected hundreds of business computers in an often successful attempt to collect information on industrial control systems across the United States and Europe.
Secure Architecture for Industrial Control Systems STI Graduate Student Research
by Luciana Obregon - October 15, 2015
Industrial Control Systems (ICS) have migrated from stand-alone isolated systems to interconnected systems that leverage existing communication platforms and protocols to increase productivity, reduce operational costs and further improve an organization’s support model. ICS are responsible for a vast amount of critical processes necessitating organizations to adequately secure their infrastructure. Creating strong boundaries between business and process control networks can reduce the number of vulnerabilities and attack pathways that an intruder may exploit to gain unauthorized access into these critical systems. This paper provides guidance to those organizations that must secure their ICS systems and networks through a defense-in-depth approach to security, achieved through the identification of key security patterns and controls that apply to critical information security domains. The goal is a visual explanation that allows stakeholders to understand how to reduce information risk while preserving the confidentiality, integrity and availability of critical infrastructure resources in the industrial control environment.
The Industrial Control System Cyber Kill Chain by Michael J. Assante and Robert M. Lee - October 5, 2015
- Associated Webcasts: ICS Cybersecurity: Models for Success
Read this paper to gain an understanding of an adversary's campaign against ICS. The first two parts of the paper introduce the two stages of the ICS Cyber Kill Chain. The third section uses the Havex and Stuxnet case studies to demonstrate the ICS Cyber Kill Chain in action.
Challenges for IDS/IPS Deployment in Industrial Control Systems STI Graduate Student Research
by Michael Horkan - August 7, 2015
Intrusion Detection and Prevention Systems (IDS/IPS) are a key component of defense-in-depth strategy for information systems. Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems need to incorporate this technology in order to properly defend against a growing threat landscape. This paper examines how to deploy this technology in a sample ICS/SCADA setting, identifies hurdles that both industrial control system vendors and asset owners must overcome in order to make IDS/IPS deployment successful, and provides recommendations for both vendors and owners in order to approach the use of these technologies. This paper is written with two audiences in mind. It is intended for the enterprise IT professional who is familiar with security technologies and best practices, but unfamiliar with ICS/SCADA, as well as ICS/SCADA engineers and managers who lack experience in enterprise security.
The Perfect ICS Storm by Glenn Aydell - June 8, 2015
As manufacturing Industrial Control System (ICS) architectural designs have evolved from isolated and proprietary systems with physical separation to a layered architecture using more standard IT components to the latest “trend” of Industrial Internet of Things (IIoT); so too have the challenges associated with securing these environments.
Leveraging the SCADA Cloud for Fun and Profit STI Graduate Student Research
by Matthew Hosburgh - December 19, 2014
Long live the operator! At a point in time, they were the backbone of the phone system, ensuring that calls were routed where they needed to go. In many organizations, an operator still exists in one form or another. A version of this operator is common in a Security Operation Center (SOC) and many Industrial Control System (ICS) networks. In the ICS and Supervisory Control and Data Acquisition (SCADA) world, centralized security monitoring is either non-existent or so limited that the information provided does not paint an accurate security picture.
Energy and Utilities Defense Response based on 2014 Attack Pattern STI Graduate Student Research
by Adi Sitnica - December 11, 2014
False sense of security and management not understanding the value of cyber security are just a few of the issues why the Energy and Utilities industry are behind in terms of elevating cyber security to a status level on par or higher with physical security.
Rate my nuke: Bringing the nuclear power plant control room to iPad by Mikko Niemel - November 14, 2014
Industrial Control Systems monitor and control industrial processes that exist in the physical world and by design, are isolated from public networks. However, the prevailing use case, connectivity, and integration of mobile devices in the workplace has impacted the industrial environment. These isolated control system networks are now under pressure due to market demand to become Internet-accessible. Therefore, a security architecture for mobile device usage in th industrial environment must be designed with security controls and proper certificate-based authentication.
The Spy with a License to Kill STI Graduate Student Research
by Matthew Hosburgh - October 24, 2014
The opening scene of GoldenEye underscores the skills and precision of James Bond, 007. Years of experience and training make impossible missions look routine. These skills alone would not allow 007 to succeed; rather, a calculated plan that targeted the vulnerabilities in the Archangel Chemical Weapons Facility coupled with 007's skills provided for a successful mission.
Security Operations Centre (SOC) in a Utility Organization by Babu Veerappa Srinivas - October 7, 2014
Cyber security threats are an increasing manifold, irrespective of the size of an organization. This is evident after reviewing many industry reports such as Verizon 2014 Data Breach Investigation Report (Verizon, 2014), Trustwave 2014 Global Security Report ((Trustwave, 2014) and Symantec Internet Security Threat Report 2014 (Symantec, 2014).
Protect Critical Infrastructure Systems With Whitelisting by Dwight Anderson - August 5, 2014
Today there tends to be a misunderstanding regarding the operational aspect of critical infrastructure systems.
Breaches on the Rise in Control Systems: A SANS Survey Analyst Paper
by Matthew Luallen - April 1, 2014
- Associated Webcasts: SANS Survey on Control Systems Security
- Sponsored By: Qualys Cisco Systems Inc. Tenable Network Security Raytheon | Websense
Survey shows SCADA breaches on rise from 2013, and more targeted.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.