Featuring 9 Papers as of June 28, 2016
SANS 2016 State of ICS Security Survey Analyst Paper
by Derek Harp and Bengt Gregory-Brown - June 28, 2016
- Associated Webcasts: Where Are We Now?: The SANS 2016 ICS Survey
- Sponsored By: Arbor Networks Carbon Black Anomali Belden
Analysis of survey data collected between January and April 2016 indicates that security for ICSes has not improved in many areas and that many problems identified as high-priority concerns in our past surveys remain as prevalent as ever. In this report we focus on identifying and prioritizing recommendations to address the greatest concerns.
Constructing a Measurable Tabletop Exercise for a SCADA Environment Masters
by Matthew Hosburgh - March 14, 2016
It was the start of the evening shift. Because daylight savings just fell back it was already dark outsideat six oclock PM central time.
Leveraging the SCADA Cloud for Fun and Profit Masters
by Matthew Hosburgh - December 19, 2014
Long live the operator! At a point in time, they were the backbone of the phone system, ensuring that calls were routed where they needed to go. In many organizations, an operator still exists in one form or another. A version of this operator is common in a Security Operation Center (SOC) and many Industrial Control System (ICS) networks. In the ICS and Supervisory Control and Data Acquisition (SCADA) world, centralized security monitoring is either non-existent or so limited that the information provided does not paint an accurate security picture.
Energy and Utilities Defense Response based on 2014 Attack Pattern Masters
by Adi Sitnica - December 11, 2014
False sense of security and management not understanding the value of cyber security are just a few of the issues why the Energy and Utilities industry are behind in terms of elevating cyber security to a status level on par or higher with physical security.
Rate my nuke: Bringing the nuclear power plant control room to iPad by Mikko Niemel - November 14, 2014
Industrial Control Systems monitor and control industrial processes that exist in the physical world and by design, are isolated from public networks. However, the prevailing use case, connectivity, and integration of mobile devices in the workplace has impacted the industrial environment. These isolated control system networks are now under pressure due to market demand to become Internet-accessible. Therefore, a security architecture for mobile device usage in th industrial environment must be designed with security controls and proper certificate-based authentication.
The Spy with a License to Kill Masters
by Matthew Hosburgh - October 24, 2014
The opening scene of GoldenEye underscores the skills and precision of James Bond, 007. Years of experience and training make impossible missions look routine. These skills alone would not allow 007 to succeed; rather, a calculated plan that targeted the vulnerabilities in the Archangel Chemical Weapons Facility coupled with 007's skills provided for a successful mission.
Security Operations Centre (SOC) in a Utility Organization by Babu Veerappa Srinivas - October 7, 2014
Cyber security threats are an increasing manifold, irrespective of the size of an organization. This is evident after reviewing many industry reports such as Verizon 2014 Data Breach Investigation Report (Verizon, 2014), Trustwave 2014 Global Security Report ((Trustwave, 2014) and Symantec Internet Security Threat Report 2014 (Symantec, 2014).
Protect Critical Infrastructure Systems With Whitelisting by Dwight Anderson - August 5, 2014
Today there tends to be a misunderstanding regarding the operational aspect of critical infrastructure systems.
Breaches on the Rise in Control Systems: A SANS Survey Analyst Paper
by Matthew Luallen - April 1, 2014
- Associated Webcasts: SANS Survey on Control Systems Security
- Sponsored By: Qualys Cisco Systems Inc. Tenable Network Security Raytheon | Websense
Survey shows SCADA breaches on rise from 2013, and more targeted.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact email@example.com.
All papers are copyrighted. No re-posting or distribution of papers is permitted.