The SANS Industrial Control Systems Library is a central resource for all ICS Brochures detailing our courses, Posters, Surveys, Whitepapers and our Defense Use Case papers. All of the assets below are .pdf downloads.
Brochures
Posters
Analyst Surveys
Whitepapers

- March 2020: ICS OT Systems Security Engineering Is Not Dead SANS Institute: Isiah Jones
- September 2018: Practical Industrial Control System (ICS) Cybersecurity: IT and OT Have Converged - Discover and Defend Your Assets SANS Institute: Doug Wylie and Dean Parsons
- July 2018: Hunting with Rigor: Quantifying the Breadth, Depth and Threat Intelligence Coverage of a Threat Hunt in Industrial Control System Environments SANS Institute: Dan Gunter
- June 2017: Incentivizing Cyber Security: A Case for Cyber Insurance SANS Institute: Jason Christopher
- February 2017: Digital Ghost: Turning the Tables SANS Institute
- August 2016: The GICSP: A Keystone Certification SANS Institute
- October 2015: The Industrial Control System Cyber Kill Chain SANS Institute
- August 2015: The Sliding Scale of Cyber Security SANS Institute
- June 2015: The State of Security in Control Systems Today: A SANS Survey SANS Institute Sponsored by: SurfWatch Labs and Tenable Network Security
- May 2015: The Perfect ICS Storm SANS Institute: Glenn Aydell
- August 2014: An Abbreviated History of Automation & Industrial Controls Systems and Cybersecurity SANS Institute
- January 2014: Industrial Control Systems (ICS) Cybersecurity Response to Physical Breaches of Unmanned Critical Infrastructure Sites Whitepaper SANS Institute
Videos

- Exploring the Unknown Industrial Control System Threat Landscape - SANS ICS Security Summit 2017
- If We're Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?
- Incentivizing ICS Security: The Case for Cyber Insurance - SANS ICS Security Summit 2017
- Demo: The Ukraine Event In a Box - SANS ICS Security Summit 2017
- How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017
ICS Defense Use Cases (DUC)

- ICS Defense Use Case 7: Analysis of the recent report of supply chain attacks on US electric infrastructure by Chinese Actors June 12th, 2020
- ICS Defense Use Case 6: Modular ICS Malware Aug. 3, 2017
- ICS Defense Use Case 5: Analysis of the Cyber Attack on the Ukrainian Power Grid Mar. 18, 2016
- ICS Defense Use Case 4: Media Reports of Attacks on US Infrastructure by Iran Jan. 5, 2016
- ICS Defense Use Case 3: The Lost DUC - Unavailable for Online Apr. 23, 2015
- ICS Defense Use Case 2: German Steel Mill Cyber Attack Dec. 30, 2014
- ICS Defense Use Case 1: Media report of the Baku-Tbilisi-Ceyhan (BTC) pipeline Cyber Attack Dec. 20, 2014
The ICS community consisting of experienced ICS security practitioners have come together to analyze recent real world incidents that range from ICS incidents, threat intelligence, and CP/PE [Cyber-to-Physical or Process Effects] that have received media coverage. The Defense Use Cases below are case study papers that contain summaries of the publicly available information and potential realistic scenarios to fill in the gaps. In detailing scenarios that could have occurred we're able to provide a baseline for possibilities and how best to defend against these types of attacks.
The case study .pdf downloads below can be used to evaluate your critical systems and determine how best to keep them safe.
Disclaimer:
We are providing summaries of publicly available information and have not validated if the incidents happened the way that has been described in the publicly available reporting. We are providing summaries of information, as we believe elements of the stories being conveyed provide a learning opportunity for ICS defenders.