SANS Industrial Control Systems Security Blog: Category - Instructors

Detecting the Siemens S7 Worm and Similar Capabilities

An article came out on May 5th titled "Daisy-chained research spells malware worm hell for power plants and other utilities" with the subtitle of "World's first PLC worm spreads like cancer". Having been on the receiving end of sensationalized headlines before I empathize with the authors of the research. Regardless of the headlines, the … Continue reading Detecting the Siemens S7 Worm and Similar Capabilities


Collecting Serial Data for ICS Network Security Monitoring

Below is a postby SANS ICS515 - ICS Active Defense and Incident Response instructor Mark Bristow. Adversaries across the capability spectrum are increasingly targeting Industrial Control System (ICS) environments. Malware such as BlackEnergy2, Havex, and Stuxnet have been developed with specific capabilities against different control system targets. As exemplified by BlackEnergy2 and Havex even today's … Continue reading Collecting Serial Data for ICS Network Security Monitoring


Ready, Set, Stop! FERC Postpones CIP Version 5

This post was written by SANSICS456 - Essentials for NERC CIP co-author TedGutierrez. Just when the electric industry thought that they had seen it all, FERC pulls another rabbit out of its hat astonishing audiences near and far. In an order issued today (February 25, 2016) FERC granted a motion to defer the implementation of … Continue reading Ready, Set, Stop! FERC Postpones CIP Version 5


Takeaways from Reports on Iranian Activity Against the Power Grid and a Dam

Yesterday a report on Iranian activity focused on a small dam in New York was released by Danny Yadron at the Wall Street Journal. Today a report was released by Garance Burke and Jonathan Fahey at the Associated Press reporting on Iranian activity linked to the OpCleaver report by CYLANCE where documents related to Calpine … Continue reading Takeaways from Reports on Iranian Activity Against the Power Grid and a Dam


Integrating Information and Operational technologies in critical infrastructures.

Editor's Note: This is a guest Blog Post from Graham Speake, the instructor for the SANS ICS410 course. Bring up the subject of Information Technology or IT and most people at least understand the term. Mention Operation Technology (OT) and there is likely to be less knowledge of the subject or even a clear cut … Continue reading Integrating Information and Operational technologies in critical infrastructures.