SANS Industrial Control Systems Security Blog

The Risks of an IT Versus OT Paradigm

Despite Industrial Control System (ICS) environments having a reputation of being relatively stagnant, over the years the industry has seen an accelerating convergence of Information Technology (IT) and Operational Technology (OT). Primarily serial-based networks running proprietary protocols are increasingly being replaced with ethernet-based networks running TCP/IP protocols. Similarly, "air-gapped" stand-alone networks are being connected to … Continue reading The Risks of an IT Versus OT Paradigm


7 Tips For Planning ICS Plant Visits

As you plan the next visit to your ICS plant(s) with your security team, consider these seven tips. They will maximize time on-site for accurate asset identification, effective cybersecurity awareness that will foster IT and OT relationships for smooth ICS incident response, and highlight new ways to ethically hack your digital and physical security perimeter. … Continue reading 7 Tips For Planning ICS Plant Visits


ICS Defenders: Light up your green, blue or purple lightsabers

Our Industrials & Infrastructure team had a chance to sit down with Dean Parsons, ISO in an energy company, and SANS ICS515 Instructor. SANS: What made you choose to work in tech/security? Dean: I can't recall ever sitting down thinking about which career path to take. Security has always been a passion of mine. I … Continue reading ICS Defenders: Light up your green, blue or purple lightsabers


...But I'm a CIP Cyborg Warrior with Real Kung Fu Grip... Then Prove It!

This blog is written by Jason Christopher, SANS ICS456 instructor. Ok, sure, that's an exaggeration on the existing CIP Ninja[1] nomenclature so many of us use, but you get the point. Sometimes it's hard to make CIP exciting. Depending on your responsibilities, you may face death-by-patching updates or log reviews. You may be trapped in … Continue reading ...But I'm a CIP Cyborg Warrior with Real Kung Fu Grip... Then Prove It!


ICS Defense: It's Not a "copy-paste" from an IT playbook

This blog was written by Dean Parsons. A large portion of Industrial Control Systems (ICS) are critical infrastructure that underpin our modern society. Some of which generate and distribute power and heat to our homes, businesses and healthcare centres. Other examples are key in the manufacturing industry, the refining and production of oil & gas, … Continue reading ICS Defense: It's Not a "copy-paste" from an IT playbook