Introduction to Control System Cyber Security and Curated Resources

Intro to Control System Cyber Security

Cybersecurity is not a new topic but in industrial control systems (ICS) it remains largely unexplored. The hardest part for most people is learning whom to trust and which resources are reliable. Beware of self‑proclaimed “SCADA Security Gurus” without relevant experience; critical evaluation of credentials is essential. Below is a curated list of trusted resources to aid your journey.

An Abbreviated History of Automation and ICS Cybersecurity

This SANS paper provides a comprehensive background on the evolution of ICS cybersecurity over the past two decades.

SANS ICS Library

The library offers numerous posters and papers for beginners, along with a blog and the Defense Use Case series that examines real and hypothetical ICS attacks.

SCADAHacker Library

Joel’s collection contains papers on ICS security standards, protocols, and systems, offering valuable technical content.

The ICS Cyber Kill Chain

A paper co‑authored with Michael Assante that outlines the distinct steps adversaries take to compromise ICS environments.

Analyzing Stuxnet (Windows Portion)

Bruce Dang’s presentation from the 27th CCC in Germany details the Windows side of Stuxnet analysis, highlighting the dual IT/OT nature of such investigations.

Analyzing Stuxnet (ICS Portion)

Ralph Langer’s talk delves into the OT‑specific payload of Stuxnet, offering insight into industrial impact.

To Kill a Centrifuge – Stuxnet Analysis

Ralph Langer’s paper explores the technical details and impact of Stuxnet’s ICS payload, encouraging readers to research unfamiliar terms.

SANS ICS Defense Use Case #5 – Ukraine Power Grid Attack

A collaborative analysis of the 2015 Ukraine power grid attack, providing defense recommendations for each stage of the ICS kill chain.

Perfect ICS Storm

Glenn’s paper examines the interconnectivity of ICS and surrounding networks, discussing implications for monitoring and visibility.

Network Security Monitoring in ICS 101

Chris Sistrunk’s introductory talk from DEFCON 23 explains how passive network monitoring can meet the safety and reliability constraints of ICS.

Achieving Network Security Monitoring Visibility with Flow Data

A SANS webcast featuring the author and Chris Sander demonstrating the FlowBAT tool for ICS network monitoring.

S4 Videos

The S4 conference, organized by Dale Peterson, provides numerous presentations that showcase the perspective of ICS security researchers.

Defense Will Win

Dale Peterson’s uplifting talk promotes the mantra “defense is doable,” emphasizing that robust, defensible ICS environments are achievable.

The ICS Cyber Security Challenge

An annual SANS‑sponsored challenge offering questions and data sets to help participants advance their ICS security skills.