SANS Industrial Control Systems Security Blog: Tag - ICS515

Preparing for Cyber Security Incidents

This blog post was written by ICS515 instructor,Kai Thomsen. Talk with any incident responder and you'll learn that there are a few less glamorous parts of the job. Writing the final report and preparation in advance to an incident are probably top contenders. In this article I want to focus on preparation and explain to … Continue reading Preparing for Cyber Security Incidents


Detecting the Siemens S7 Worm and Similar Capabilities

An article came out on May 5th titled "Daisy-chained research spells malware worm hell for power plants and other utilities" with the subtitle of "World's first PLC worm spreads like cancer". Having been on the receiving end of sensationalized headlines before I empathize with the authors of the research. Regardless of the headlines, the … Continue reading Detecting the Siemens S7 Worm and Similar Capabilities


Active Defense as a Strategy - ICS 515 and Making Better Defenders

Editor's Note: This is a guest Blog Post from Robert M. Lee, the author and instructor for the SANS ICS515 course. The new SANS ICS 515 class "Active Defense" is not just a class to train individuals in skills that know how to use tools effectively - it is about teaching defenders an effective and … Continue reading Active Defense as a Strategy - ICS 515 and Making Better Defenders