SANS Industrial Control Systems Security Blog: Tag - ICS

One CIP, Two CIP, Red CIP, Blue CIP

This blog was written by - Tim Conway with contributions, edits, and research from Ted Gutierrez and Kevin Perry Looking at the Ukraine cyber-attacks through the various lenses of NERC CIP Following the cyber-attacks which impacted the Ukrainian electric system on December 23, 2015 there were a number of public statements and discussions asking … Continue reading One CIP, Two CIP, Red CIP, Blue CIP


Pictures and Theories May Help, but Data Will Set Us Free

This blog post was written by Tim Conway SANS Technical Director - ICS/SCADA Programs. In reviewing the open source information available on the most recent Ukraine activity, I have seen numerous references to either a device failure or a cyber-attack as being the leading theories behind the recent electric system event. As the asset owner … Continue reading Pictures and Theories May Help, but Data Will Set Us Free


Brief History of Cyber Attacks

This post was written by Michael J. Assante, SANS ICS Director The history of cyber attacks is nearly as long and as brief as the history of interconnected digital technology. The concept of self-replicating or propagating programs was envisioned in the 70s and 80s. The first PC virus, called the Brain, was created in Pakistan … Continue reading Brief History of Cyber Attacks


Effective Assessment of ICS Infrastructure Cyber Risk

One of the largest challenges facing management in Engineering organizations today is how to effectively assess cyber risk on ICS infrastructure and make the appropriate investments in risk mitigation activities to manage this risk to as low as possible. Continue reading Effective Assessment of ICS Infrastructure Cyber Risk


IRONGATE Malware - Thoughts and Lessons Learned for ICS/SCADA Defenders

FireEye uncovered a new piece of ICS malware that they released todayand their way of approaching it both to the public and in pre-briefing to the media has been outstanding. The malware is not in the wild, is not a threat to the industry, but offers lessons learned and I believe the FireEye/Mandiant team's handling … Continue reading IRONGATE Malware - Thoughts and Lessons Learned for ICS/SCADA Defenders