SANS Industrial Control Systems Security Blog: Category - Incident Response

Triton/TriSIS - In Search of its Twin

Post provided by: Michael Assante, Director of Industrials and Infrastructure and SANS ICS & SCADA Lead at SANS Institute The recent discovery of ICS-specific malware which targets Schneider Electric's Triconex Safety Instrumented Systems (SIS) with demonstrated capability of modifying system logic/programing, should prompt us to ask, "What is missing here?" Is the malware known … Continue reading Triton/TriSIS - In Search of its Twin

Preparing for Cyber Security Incidents

This blog post was written by ICS515 instructor,Kai Thomsen. Talk with any incident responder and you'll learn that there are a few less glamorous parts of the job. Writing the final report and preparation in advance to an incident are probably top contenders. In this article I want to focus on preparation and explain to … Continue reading Preparing for Cyber Security Incidents

Four Keys to Effective ICS Incident Response

This post was written by SANS ICS515 - ICS Active Defense and Incident Response instructor Mark Bristow.

While incident response in Information Technology (IT) and Operational Technology (OT) or Industrial Control Systems (ICS) may appear to be very similar, incident response in an ICS environment has different considerations and priorities. Many organizations leverage their existing IT incident response capabilities in an OT environment which may not be ideal for successful incident response and safe, reliable operations. Understanding these gaps and closing them ahead of the incident is key to a successful ICS incident response. Continue reading Four Keys to Effective ICS Incident Response