The SANS Industrial Control Systems Library is a central source for ICS/OT cyber security resources detailing our Courses, Posters, Surveys, Whitepapers, Defense Use Case papers, and more.
Brochures
2016: Deutsche ICS Brochüre
2016: ICS Security Training Brochure
2016: 2016 ICS Security Summit & Training Orlando Brochure
2015: ICS for Electric Utility Brochure
Posters
The Differences between ICS/OT and IT Security Poster
Intelligence-Driven ICS Cybersecurity Poster
Industrial Control System Cyber Incident Response Poster
Industrial Network Security Monitoring Poster
ICS Assessment Quick Start Guide Poster
ICS "Control Systems Are A Target" Poster
Analyst Surveys
2020: ICS Asset Identification: It's More Than Just Security
2019: SANS 2019 State of OT/ICS Cybersecurity Survey
2018: The 2018 SANS Industrial IoT Security Survey: Shaping IIoT Security Concerns
2017: Securing Industrial Control Systems
2016: SANS 2016 State of ICS Security Survey
Whitepapers
November 2022: The Five ICS Cybersecurity Critical Controls
SANS Institute: Robert M. Lee and Tim Conway
March 2020: ICS OT Systems Security Engineering Is Not Dead
SANS Institute: Isiah Jones
September 2018: Practical Industrial Control System (ICS) Cybersecurity: IT and OT Have Converged - Discover and Defend Your Assets
SANS Institute: Doug Wylie and Dean Parsons
July 2018: Hunting with Rigor: Quantifying the Breadth, Depth and Threat Intelligence Coverage of a Threat Hunt in Industrial Control System Environments
SANS Institute: Dan Gunter
June 2017: Incentivizing Cyber Security: A Case for Cyber Insurance
SANS Institute: Jason Christopher
February 2017: Digital Ghost: Turning the Tables
SANS Institute
August 2016: The GICSP: A Keystone Certification
SANS Institute
October 2015: The Industrial Control System Cyber Kill Chain
SANS Institute
August 2015: The Sliding Scale of Cyber Security
SANS Institute
June 2015: The State of Security in Control Systems Today: A SANS Survey
SANS Institute
Sponsored by: SurfWatch Labs and Tenable Network Security
May 2015: The Perfect ICS Storm
SANS Institute: Glenn Aydell
August 2014: An Abbreviated History of Automation & Industrial Controls Systems and Cybersecurity
SANS Institute
January 2014: Industrial Control Systems (ICS) Cybersecurity Response to Physical Breaches of Unmanned Critical Infrastructure Sites Whitepaper
SANS Institute
Videos
SANS ICS Security Brief Series
Exploring the Unknown Industrial Control System Threat Landscape - SANS ICS Security Summit 2017
If We're Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?
Incentivizing ICS Security: The Case for Cyber Insurance - SANS ICS Security Summit 2017
Demo: The Ukraine Event In a Box - SANS ICS Security Summit 2017
How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017
ICS Defense Use Cases (DUC)
The ICS community consisting of experienced ICS security practitioners have come together to analyze recent real-world incidents that range from ICS incidents, threat intelligence, and CP/PE [Cyber-to-Physical or Process Effects] that have received media coverage. The Defense Use Cases below are case study papers that contain summaries of the publicly available information and potential realistic scenarios to fill in the gaps. In detailing scenarios that could have occurred we're able to provide a baseline for possibilities and how best to defend against these types of attacks.
The case study .pdf downloads below can be used to evaluate your critical systems and determine how best to keep them safe.
- ICS Defense Use Case 7: Analysis of the recent report of supply chain attacks on US electric infrastructure by Chinese Actors, June 12th, 2020
- ICS Defense Use Case 6: Modular ICS Malware, Aug. 3, 2017
- ICS Defense Use Case 5: Analysis of the Cyber Attack on the Ukrainian Power Grid, Mar. 18, 2016
- ICS Defense Use Case 4: Media Reports of Attacks on US Infrastructure by Iran, Jan. 5, 2016
- ICS Defense Use Case 3: The Lost DUC - Unavailable for Online, Apr. 23, 2015
- ICS Defense Use Case 2: German Steel Mill Cyber Attack, Dec. 30, 2014
- ICS Defense Use Case 1: Media report of the Baku-Tbilisi-Ceyhan (BTC) pipeline Cyber Attack, Dec. 20, 2014
Disclaimer:
We are providing summaries of publicly available information and have not validated if the incidents happened the way that has been described in the publicly available reporting. We are providing summaries of information, as we believe elements of the stories being conveyed provide a learning opportunity for ICS defenders.
Other Resources
SANS ICS Cybersecurity Field Manual Series - Vols. 1-3
The SANS ICS HyperEncabulator Video
