SANS Industrial Control Systems Security Blog: Category - Instructors

...But I'm a CIP Cyborg Warrior with Real Kung Fu Grip... Then Prove It!

This blog is written by Jason Christopher, SANS ICS456 instructor. Ok, sure, that's an exaggeration on the existing CIP Ninja[1] nomenclature so many of us use, but you get the point. Sometimes it's hard to make CIP exciting. Depending on your responsibilities, you may face death-by-patching updates or log reviews. You may be trapped … Continue reading ...But I'm a CIP Cyborg Warrior with Real Kung Fu Grip... Then Prove It!


ICS Defense: It's Not a "copy-paste" from an IT playbook

This blog was written by Dean Parsons. A large portion of Industrial Control Systems (ICS) are critical infrastructure that underpin our modern society. Some of which generate and distribute power and heat to our homes, businesses and healthcare centres. Other examples are key in the manufacturing industry, the refining and production of oil & gas, … Continue reading ICS Defense: It's Not a "copy-paste" from an IT playbook


Know Thyself Better Than The Adversary - ICS Asset Identification and Tracking

Know Thyself Better Than The Adversary - ICS Asset Identification & Tracking This blog was written by Dean Parsons. As SANS prepares for the 2018 ICS Summit in Orlando, Dean Parsons is preparing a SANS ICS Webcast to precede the event, a Summit talk, and a SANS@Night presentation. In this blog, Dean tackles some common … Continue reading Know Thyself Better Than The Adversary - ICS Asset Identification and Tracking


Preparing for Cyber Security Incidents

This blog post was written by ICS515 instructor,Kai Thomsen. Talk with any incident responder and you'll learn that there are a few less glamorous parts of the job. Writing the final report and preparation in advance to an incident are probably top contenders. In this article I want to focus on preparation and explain to … Continue reading Preparing for Cyber Security Incidents


Four Keys to Effective ICS Incident Response

This post was written by SANS ICS515 - ICS Active Defense and Incident Response instructor Mark Bristow.

While incident response in Information Technology (IT) and Operational Technology (OT) or Industrial Control Systems (ICS) may appear to be very similar, incident response in an ICS environment has different considerations and priorities. Many organizations leverage their existing IT incident response capabilities in an OT environment which may not be ideal for successful incident response and safe, reliable operations. Understanding these gaps and closing them ahead of the incident is key to a successful ICS incident response. Continue reading Four Keys to Effective ICS Incident Response