SANS Industrial Control Systems Security Blog

Four Keys to Effective ICS Incident Response

This post was written by SANS ICS515 - ICS Active Defense and Incident Response instructor Mark Bristow.

While incident response in Information Technology (IT) and Operational Technology (OT) or Industrial Control Systems (ICS) may appear to be very similar, incident response in an ICS environment has different considerations and priorities. Many organizations leverage their existing IT incident response capabilities in an OT environment which may not be ideal for successful incident response and safe, reliable operations. Understanding these gaps and closing them ahead of the incident is key to a successful ICS incident response. Continue reading Four Keys to Effective ICS Incident Response


What Will Your Attack Look Like?

In my time at SANS I have had the opportunity to work with an amazing group of ICS professionals, and helped to create some industry leading ICS courses as well as certifications. While we are always hard at work in helping our customers we are equally as focused on leveraging the opportunity that SANS … Continue reading What Will Your Attack Look Like?


One CIP, Two CIP, Red CIP, Blue CIP

This blog was written by - Tim Conway with contributions, edits, and research from Ted Gutierrez and Kevin Perry Looking at the Ukraine cyber-attacks through the various lenses of NERC CIP Following the cyber-attacks which impacted the Ukrainian electric system on December 23, 2015 there were a number of public statements and discussions asking … Continue reading One CIP, Two CIP, Red CIP, Blue CIP


Pictures and Theories May Help, but Data Will Set Us Free

This blog post was written by Tim Conway SANS Technical Director - ICS/SCADA Programs. In reviewing the open source information available on the most recent Ukraine activity, I have seen numerous references to either a device failure or a cyber-attack as being the leading theories behind the recent electric system event. As the asset owner … Continue reading Pictures and Theories May Help, but Data Will Set Us Free


How do you say Ground Hog Day in Ukrainian?

This post was written by Michael J. Assante, SANS ICS/SCADA Lead and Tim Conway SANS Technical Director - ICS/SCADA Programs. Around this same time last year, as many of us were preparing to enjoy our winter holidays with family and friends, exchanging gifts and eating entirely too much food, the cybersecurity community began learning of … Continue reading How do you say Ground Hog Day in Ukrainian?