Ethical Hacking for Industrial Control Systems is NOW OPEN for registration! Check out CURRICULUM->ETHICAL HACKING FOR ICS for more details and registration.
Library of Resources for Industrial Control System Cyber Security
ICS Vulnerabilities
Standards
Best Practices
Frameworks
Maturity Models
Cybersecurity Maturity Model Certification (CMMC) v0.7 | DoD | pdf R9 |
Cybersecurity Capability Maturity Model (C2M2) v1.1 | DoE | pdf R9 |
Electricity Subsector C2M2 v1.1 | DoE | pdf R9 |
Oil and Natural Gas Subsector C2M2 v1.1 | DoE | pdf R9 |
The Community Cyber Security Maturity Model | White | pdf R9 |
TOP |
Table-Top and Live-Fire Exercises
CRR Method Description and Self Assessment User Guide | DHS | pdf R9 |
CRR NIST Framework Crosswalk | DHS | pdf R9 |
CRR Self Assessment Package | DHS | pdf R9 |
Homeland Security Exercise and Evaluation Program | DHS | pdf R9 |
Homeland Security Exercise and Evaluation Program | DHS | pdf R9 |
GridEx I (2011) After Action Report | NERC | pdf R9 |
GridEx II (2013) After Action Report | NERC | pdf R9 |
GridEx III (2015) After Action Report | NERC | pdf R9 |
SP800-84 - Guide to Test Training and Exercise Programs | NIST | pdf R9 |
TOP |
White Papers & Articles
Assessment Guidance
Assessment Tools
ICS Cyber Event Reference
Vulnerability Disclosure
Framework for Vulnerability Disclosure Program for Online Systems | DoJ | pdf R9 |
Governments Role in Vulnerability Disclosure | Harvard | pdf R9 |
TOP |
Threat Intelligence
Cyber Threat Report 2015 | ACSC | pdf R6 |
Definitive Guide to Sharing Threat Intelligence | Anomali | pdf R9 |
Iran Country Profile Relating to Security | Anomali | pdf R9 |
Cyber Threat Predictions (2018) | BAE | pdf R9 |
IT Security Situation in Germany (2014 (DE) | 2011 | 2009) | BSI | pdf R6 |
Threat Catalogue for Elementary Threats | BSI | pdf R2 |
Cyber Crime and Security Report 2013 (pdf | doc) | CERTAu | R2 |
Cyber Crime and Security Report 2012 (pdf | doc) | CERTAu | R2 |
Year in Review (2018 | 2017) | CIS | pdf R9 |
Cisco Annual Cybersecurity Report ( 2018 | 2017 | 2016 | 2016 | 2015 | 2014 | 2013 | 2011 | 2010) |
Cisco | pdf R9 |
Cisco Threats of the Year (2019) | Cisco | pdf R9 |
Global Threat Report | CrowdStrike | pdf R2 |
Computer Crime and Security Survey (2010 | 2009) | CSI | pdf R2 |
Cyberthreat Defense Report (2020 | 2019 | 2018 | 2017 | 2016 | 2015 | 2014) |
CyberEdge | pdf R9 |
Global IoT-ICS Risk Report (2020) | CyberX | pdf R9 |
Annual Threat Report (2017) | Cypher | pdf R9 |
Sector Resilience Report: Electric Power Delivery - June 2014 | DHS | pdf R2 |
Malware Trends 2016 | DHS | pdf R9 |
Freight Rail Threat Assessment | DHS | pdf R9 |
Threat Landscape 2015 | ENISA | pdf R6 |
Advanced Threat Report - 2012 (1H | 2H) | FireEye | pdf R1 |
Definitive Guide to Next-Generation Threat Protection | FireEye | pdf R1 |
ICS Vulnerability Trend Report (2016) | FireEye | pdf R9 |
Industrial Control System Vulnerability Trend Report (2016) | FireEye | pdf R9 |
The Evolving Threat Landscape in 2016 | Fortinet | pdf R6 |
ICS2 Global Information Security Workforce Study (2013) | Frost-Sullivan | pdf R1 |
Attack Landscape (2019-1H) | F-Secure | pdf R9 |
Cyber Risk Report (2016) | HPE | pdf R9 |
Threat Intelligence Index (2017) | IBM | pdf R9 |
Internet Crime Report (2015 | 2014 | 2013 | 2012 | 2011 | 2010) | IC3 | pdf R9 |
BYOD and Mobile Security 2014 | InfoSec | pdf R2 |
Executive Perspectives on Cyber Threat Intelligence | iSight | pdf R6 |
State of Industrial Cybersecurity (2018) | Kaspersky | pdf R9 |
Threat Intelligence Report for the Telecommunications Industry (2016) | Kaspersky | pdf R9 |
Threat Predictions (2018) | Kaspersky | pdf R9 |
Cybersecurity in the Oil and Gas Industry | LMCO | pdf R4 |
Cybercrime Exposed: Cybercrime as a Service | McAfee | pdf R1 |
McAfee Global Threat Intelligence | McAfee | pdf R1 |
Hacking the Human OS | McAfee | pdf R5 |
Reputation - The Foundation of Effective Threat Protection | McAfee | pdf R1 |
State of Security (March 2012) | McAfee | pdf R1 |
Threat Predictions (2019 | 2018 | 2017 | 2016 | 2015 | 2014 | 2013 | 2012) | McAfee | pdf R6 |
Threat Report 2018 (Q1 | Q2) | McAfee | pdf R9 |
Threat Report 2017 (Q1 | Q2 | Q3 | Q4) | McAfee | pdf R9 |
Threat Report 2016 (Q1 | Q2 | Q3 | Q4) | McAfee | pdf R9 |
Threat Report 2015 (Q1 | Q2 | Q3) | McAfee | pdf R6 |
Threat Report 2014 (Q1 | Q2 | Q3 | Q4) | McAfee | pdf R5 |
Threat Report 2013 (Q1 | Q2 | Q3 | Q4) | McAfee | pdf R1 |
Threat Report 2012 (Q1 | Q2 | Q3 | Q4) | McAfee | pdf R1 |
Security Intelligence Report (2018 | 2017 2Q 1Q | 2016 1H | 2015 2H 1H | 2014 2H 1H | 2013 2H 1H | 2012 2H 1H | 2011 2H 1H | 2010 2H 1H | 2009 2H 1H | 2008 2H) |
Microsoft | pdf R9 |
Security Intelligence Report 2015 (Key Findings 1H) | WW Threat Assess) | Microsoft | pdf R6 |
Security Intelligence Report 2014 (1H | 2H) | Microsoft | pdf R6 |
Security Intelligence Report 2013 (1H | 2H) | Microsoft | pdf R1 |
Security Intelligence Report 2012 (1H | 2H) | Microsoft | pdf R1 |
Security Intelligence Report 2011 (2H) | Microsoft | pdf R6 |
Nationwide Cyber Security Review (2018 | 2017 | 2016) | MS-ISAC | pdf R9 |
Global Threat Intelligence Report (2016 | 2014) | NTT | pdf R9 |
Application Usage and Threat Report 2015 - Unit 42 | Palo Alto | pdf R6 |
Value of Threat Intelligence (2017) | Ponemon | pdf R9 |
ICS Security in Review (2017) | Positive Tech | pdf R9 |
Vulnerability Review 2015 | Secunia | pdf R5 |
State of Security in Control Systems Today (Survey Results) - 2015 | SANS | pdf R6 |
Intelligence Report (Feb. 2013) | Symantec | pdf R1 |
Internet Security Threat Report (2016 | 2015 App | 2014 App | 2013 App | 2012 Trends App | 2011 2010) |
Symantec | pdf R9 |
Report on Cybersecurity and Critical Infrastructure in the Americas | Trend Micro | pdf R5 |
Spear-Phishing - Email: Most Favored APT Attack Bait (2012) | Trend Micro | pdf R1 |
Cybersecurity Trend Report (2016) | UBM | pdf R9 |
Attacker Behavior Report (2018) | Vectra | pdf R9 |
Hidden Threat of Cyberattachs in the Energy and Utilities Industry (2018) | Vectra | pdf R9 |
Data Breach Investigations Report (2020 | 2019 | 2018 | 2017 | 2016 | 2015 | 2014 | 2013 | 2012) |
Verizon | pdf R9 |
Data Breach Digest (2016) | Verion | pdf R9 |
TOP |
Open-Source Intelligence
Bugtraq (seclists.org) | html R1 |
Exploit-DB | html R1 |
National Vulnerability Database (NIST) | html R1 |
Rapid 7 (Metasploit) Vulnerabilities & Exploit Modules | html R1 |
Security Focus (by Symantec) | html R1 |
Tenable Nessus Plugins | html R11 |
CVE Details | html R11 |
TOP |
ICS Vendor Security Reference
Insider Threats
Common Sense Guide to Prevention and Detection of Insider Threats | CERT | pdf R1 |
Insider Threat Control - Using a SIEM signature to detect potential precursors to IT Sabotage | CERT | pdf R1 |
Insider Threat Control - Using Centralized Logging to Detect Data Exfiltration Near Insider Termination | CERT | pdf R1 |
Insider Misuse of IT Systems | CPNI | pdf R2 |
2010-2011 Computer Crime and Security Survey | CSI | pdf R1 |
Cybersecurity Watch Survey 2011 | Deloitte | pdf R1 |
Combating the Insider Threat | DHS | pdf R4 |
Insider Threat Awareness Webinar | DHS | pdf R1 |
National Risk Estimate: Insider Threat Fact Sheet | DHS | pdf R4 |
Risks to US Critical Infrastructure from Insider Threat (23 Dec 2013) | DHS | pdf R1 |
Insider Threat Intelligence Report (2018) | Dtex | pdf R9 |
Insider Threats | FBI | pdf R1 |
Insider Threat Examples by Sector | pdf R1 | |
Insider Threat to Criticail Infrastructure | NIAC | pdf R1 |
Insider Threat Program - Maturity Framework | NITTF | pdf R9 |
Cost of Data Breach Study 2011 | Ponemon | pdf R1 |
TOP |
Risk Management
An IT Auditor’s Guide to Security Controls and Risk Compliance | Bit9 | pdf R9 |
Good Practice Guide - Understand the Business Risk | CPNI | pdf R2 |
Good Practice Guide - Manage Third Party Risk | CPNI | pdf R2 |
Five Critical Attributes of Effective Cybersecurity Risk Management | Crowe | pdf R6 |
Cybersecurity Risk Management Processs Guideline | DoE | pdf R9 |
Reducing Operational Risk in Oil and Gas Industry | EMC | pdf R4 |
Bound to Fail: Why Cyber Security Risk Cannot Simply Be "Managed" Away | Langner | pdf R2 |
Cyber Supply Chain Risk Management: Toward a Global Vision of Transparency & Trust | Microsoft | pdf R1 |
SP800-30 (Rev 1) - Risk Management Guide for IT Systems | NIST | pdf R1 |
SP800-39 - Managing Information Security Risk | NIST | pdf R1 |
Cyber-Risk Oversight - Director's Handbook Series | Tripwire | pdf R6 |
State of Risk-Based Security Management | Tripwire | pdf R6 |
TOP |
Government
Roadmaps
Defense & Military
Case Studies
Backdoors and Holes in Network Perimeters | |
Deepwater Horizon Accident Investigation Report (Executive Summary | Full Report) | pdf R1 |
Maroochy Water Services Australia (NIST) (Report | Presentation) | pdf R6 |
Olympic Pipeline Bellingham, Washington (NIST) (Report | Presentation) | pdf R6 |
German Still Works Facility (SANS) | pdf R6 |
Undirected Attached Against Critical Infrastructure | |
Air Traffic Control (ATC) Cyber Security Project (CSFI) | pdf R6 |
ABB SCADA EMS System INEEL Baseline Summary Test Report (INEEL) | |
Control System Security Assessments including PCS7 Details (INL-Siemens) | pdf R6 |
Olympic (Bellingham) Pipeline Accident Report (NTSB) | pdf R1 |
TOP |
Security Considerations for OPC
Effective OPC Security for Control Systems | Matrikon | |
Hardening Guidelines for OPC Hosts | Byres | |
OPC Exposed | Byres | |
Understanding OPC | Byres | |
Using OPC via DCOM with Windows XP SP2 | OPCF | pdf R9 |
Securing Your OPC Classic Control Systems | Tofino | |
Security Implcations of OPC in Control Systems | DHS | |
TOP |
ICS Basics
ICS Protocols & Networks
Manuals and User Guides
Cheat Sheets
eBooks
Multimedia
WEB-BASED DEMONSTRATION VIDEOS BY SCADAHACKER | |
Exploitation 101: Turning a SCADA Vulnerability into a Successful Attack | html R8 |
Protecting Your ICS from Zero-Day Attacks | html R8 |
Stuxnet - Introduction, Installation, and Injection Methods | html R8 |
Stuxnet - Using Software Restriction Policy as a Mitigation | html R8 |
WEB-BASED THIRD-PARTY VIDEOS | |
Auditing SCADA and Control System Networks (Tenable) | html |
TOP |
Spreadsheets
IP Address Subnet Calculator | xls R1 |
Network Assistant (subnetting, port lookup, cli commands, acronyms) | xls R1 |
IP Subnetting Assistant (tools to understand "visibility") | xls R1 |
TOP |
Tools and Applications
Websites
Software
These links will redirect you to various sites on the Internet for downloading of current versions. Some applications may require registration prior to downloading. You should always validate that you are accessing the latest version before downloading.
Revision History:
R1 = Updated Q1-2014
R2 = Updated Q3-2014
R3 = Updated Q4-2014
R4 = Updated Q1-2015
R5 = Updated Q2-2015
R6 = Updated Q1-2016
R7 = Updated Q1-2018
R8 = Updated Q2-2020 (link and page error corrections)
R9 =
Updated Q2-2020
R10 =
Updated Q3-2020
R11 =
Updated Q2-2021
R12 =
Updated Q3-2021
Assessment Guidance
Assessment Tools
Best Practices
Case Studies
Cheat Sheets
Defense & Military
eBooks
Exercises
Frameworks
Government
ICS Basics
ICS Cyber Events
ICS Protocols & Networks
ICS Vendor Security
ICS Vulnerabilities
Incident Response
Insider Threats
Manuals & Users Guides
Maturity Models
Multimedia
News Sources
OPC Security
Open-Source Intelligence
Reference
Risk Management
Roadmaps
Software
Spreadsheets
Standards
Threat Intelligence
Tools & Applications
Vulnerability Disclosure
Websites
White Papers & Articles
Workforce Development
Click Here for special pricing and PDF options
Click Here for special pricing and PDF options