The SANS Industrial Control Systems Library is a central resource for all ICS Brochures detailing our courses, Posters, Surveys, Whitepapers and our Defense Use Case papers. All of the assets below are .pdf downloads.
- August 2016: The GICSP: A Keystone Certification SANS Institute
- October 2015: The Industrial Control System Cyber Kill Chain SANS Institute
- August 2015: The Sliding Scale of Cyber Security SANS Institute
- June 2015: The State of Security in Control Systems Today: A SANS Survey SANS Institute Sponsored by: SurfWatch Labs and Tenable Network Security
- May 2015: The Perfect ICS Storm SANS Institute: Glenn Aydell
- August 2014: An Abbreviated History of Automation & Industrial Controls Systems and Cybersecurity SANS Institute
- January 2014: Industrial Control Systems (ICS) Cybersecurity Response to Physical Breaches of Unmanned Critical Infrastructure Sites Whitepaper SANS Institute
- ICS Defense Use Case 5: Analysis of the Cyber Attack on the Ukrainian Power Grid Mar. 18, 2016
- ICS Defense Use Case 4: Media Reports of Attacks on US Infrastructure by Iran Jan. 5, 2016
- ICS Defense Use Case 3: The Lost DUC - Unavailable for Online Apr. 23, 2015
- ICS Defense Use Case 2: German Steel Mill Cyber Attack Dec. 30, 2014
- ICS Defense Use Case 1: Media report of the Baku-Tbilisi-Ceyhan (BTC) pipeline Cyber Attack Dec. 20, 2014
The ICS community consisting of experienced ICS security practitioners have come together to analyze recent real world incidents that range from ICS incidents, threat intelligence, and CP/PE [Cyber-to-Physical or Process Effects] that have received media coverage. The Defense Use Cases below are case study papers that contain summaries of the publicly available information and potential realistic scenarios to fill in the gaps. In detailing scenarios that could have occurred we're able to provide a baseline for possibilities and how best to defend against these types of attacks.
The case study .pdf downloads below can be used to evaluate your critical systems and determine how best to keep them safe.
We are providing summaries of publicly available information and have not validated if the incidents happened the way that has been described in the publicly available reporting. We are providing summaries of information, as we believe elements of the stories being conveyed provide a learning opportunity for ICS defenders.