Library of Resources for Industrial Control System Cyber Security


= Updated Content Q2-2020 (link and page error corrections) (R8)
= New Content Q2-2020 (R9)
= New Content Q3-2020 (R10)
= New Content Q2-2021 (R11)
= New Content Q3-2021 (R12)
Revision History
ICS Vulnerabilities
Standards
Best Practices
Frameworks
Table-Top and Live-Fire Exercises
White Papers & Articles
Assessment Guidance
Assessment Tools
ICS Cyber Event Reference
Threat Intelligence
Cyber Threat Report 2015 | ACSC | pdf R6 |
Definitive Guide to Sharing Threat Intelligence | Anomali | pdf
![]() |
Iran Country Profile Relating to Security | Anomali | pdf
![]() |
Cyber Threat Predictions (2018) | BAE | pdf
![]() |
IT Security Situation in Germany (2014 (DE) | 2011 | 2009) | BSI | pdf R6 |
Threat Catalogue for Elementary Threats | BSI | pdf R2 |
Cyber Crime and Security Report 2013 (pdf | doc) | CERTAu | R2 |
Cyber Crime and Security Report 2012 (pdf | doc) | CERTAu | R2 |
Year in Review (2018 | 2017) | CIS | pdf
![]() |
Cisco Annual Cybersecurity Report ( 2018 | 2017 | 2016 | 2016 | 2015 | 2014 | 2013 | 2011 | 2010) |
Cisco | pdf
![]() |
Cisco Threats of the Year (2019) | Cisco | pdf
![]() |
Global Threat Report | CrowdStrike | pdf R2 |
Computer Crime and Security Survey (2010 | 2009) | CSI | pdf R2 |
Cyberthreat Defense Report (2020 | 2019 | 2018 | 2017 | 2016 | 2015 | 2014) |
CyberEdge | pdf
![]() |
Global IoT-ICS Risk Report (2020) | CyberX | pdf
![]() |
Annual Threat Report (2017) | Cypher | pdf
![]() |
Sector Resilience Report: Electric Power Delivery - June 2014 | DHS | pdf R2 |
Malware Trends 2016 | DHS | pdf
![]() |
Freight Rail Threat Assessment | DHS | pdf
![]() |
Threat Landscape 2015 | ENISA | pdf R6 |
Advanced Threat Report - 2012 (1H | 2H) | FireEye | pdf R1 |
Definitive Guide to Next-Generation Threat Protection | FireEye | pdf R1 |
ICS Vulnerability Trend Report (2016) | FireEye | pdf
![]() |
Industrial Control System Vulnerability Trend Report (2016) | FireEye | pdf
![]() |
The Evolving Threat Landscape in 2016 | Fortinet | pdf R6 |
ICS2 Global Information Security Workforce Study (2013) | Frost-Sullivan | pdf R1 |
Attack Landscape (2019-1H) | F-Secure | pdf
![]() |
Cyber Risk Report (2016) | HPE | pdf
![]() |
Threat Intelligence Index (2017) | IBM | pdf
![]() |
Internet Crime Report (2015 | 2014 | 2013 | 2012 | 2011 | 2010) | IC3 | pdf
![]() |
BYOD and Mobile Security 2014 | InfoSec | pdf R2 |
Executive Perspectives on Cyber Threat Intelligence | iSight | pdf R6 |
State of Industrial Cybersecurity (2018) | Kaspersky | pdf
![]() |
Threat Intelligence Report for the Telecommunications Industry (2016) | Kaspersky | pdf
![]() |
Threat Predictions (2018) | Kaspersky | pdf
![]() |
Cybersecurity in the Oil and Gas Industry | LMCO | pdf R4 |
Cybercrime Exposed: Cybercrime as a Service | McAfee | pdf R1 |
McAfee Global Threat Intelligence | McAfee | pdf R1 |
Hacking the Human OS | McAfee | pdf R5 |
Reputation - The Foundation of Effective Threat Protection | McAfee | pdf R1 |
State of Security (March 2012) | McAfee | pdf R1 |
Threat Predictions (2019 | 2018 | 2017 | 2016 | 2015 | 2014 | 2013 | 2012) | McAfee | pdf R6 |
Threat Report 2018 (Q1 | Q2) | McAfee | pdf
![]() |
Threat Report 2017 (Q1 | Q2 | Q3 | Q4) | McAfee | pdf
![]() |
Threat Report 2016 (Q1 | Q2 | Q3 | Q4) | McAfee | pdf
![]() |
Threat Report 2015 (Q1 | Q2 | Q3) | McAfee | pdf R6 |
Threat Report 2014 (Q1 | Q2 | Q3 | Q4) | McAfee | pdf R5 |
Threat Report 2013 (Q1 | Q2 | Q3 | Q4) | McAfee | pdf R1 |
Threat Report 2012 (Q1 | Q2 | Q3 | Q4) | McAfee | pdf R1 |
Security Intelligence Report (2018 | 2017 2Q 1Q | 2016 1H | 2015 2H 1H | 2014 2H 1H | 2013 2H 1H | 2012 2H 1H | 2011 2H 1H | 2010 2H 1H | 2009 2H 1H | 2008 2H) |
Microsoft | pdf
![]() |
Security Intelligence Report 2015 (Key Findings 1H) | WW Threat Assess) | Microsoft | pdf R6 |
Security Intelligence Report 2014 (1H | 2H) | Microsoft | pdf R6 |
Security Intelligence Report 2013 (1H | 2H) | Microsoft | pdf R1 |
Security Intelligence Report 2012 (1H | 2H) | Microsoft | pdf R1 |
Security Intelligence Report 2011 (2H) | Microsoft | pdf R6 |
Nationwide Cyber Security Review (2018 | 2017 | 2016) | MS-ISAC | pdf
![]() |
Global Threat Intelligence Report (2016 | 2014) | NTT | pdf
![]() |
Application Usage and Threat Report 2015 - Unit 42 | Palo Alto | pdf R6 |
Value of Threat Intelligence (2017) | Ponemon | pdf
![]() |
ICS Security in Review (2017) | Positive Tech | pdf
![]() |
Vulnerability Review 2015 | Secunia | pdf R5 |
State of Security in Control Systems Today (Survey Results) - 2015 | SANS | pdf R6 |
Intelligence Report (Feb. 2013) | Symantec | pdf R1 |
Internet Security Threat Report (2016 | 2015 App | 2014 App | 2013 App | 2012 Trends App | 2011 2010) |
Symantec | pdf
![]() |
Report on Cybersecurity and Critical Infrastructure in the Americas | Trend Micro | pdf R5 |
Spear-Phishing - Email: Most Favored APT Attack Bait (2012) | Trend Micro | pdf R1 |
Cybersecurity Trend Report (2016) | UBM | pdf
![]() |
Attacker Behavior Report (2018) | Vectra | pdf
![]() |
Hidden Threat of Cyberattachs in the Energy and Utilities Industry (2018) | Vectra | pdf
![]() |
Data Breach Investigations Report (2020 | 2019 | 2018 | 2017 | 2016 | 2015 | 2014 | 2013 | 2012) |
Verizon | pdf
![]() |
Data Breach Digest (2016) | Verion | pdf
![]() |
TOP |
Open-Source Intelligence
Bugtraq (seclists.org) | html R1 |
Exploit-DB | html R1 |
National Vulnerability Database (NIST) | html R1 |
Rapid 7 (Metasploit) Vulnerabilities & Exploit Modules | html R1 |
Security Focus (by Symantec) | html R1 |
Tenable Nessus Plugins | html
![]() |
CVE Details | html
![]() |
TOP |
ICS Vendor Security Reference
Insider Threats
Common Sense Guide to Prevention and Detection of Insider Threats | CERT | pdf R1 |
Insider Threat Control - Using a SIEM signature to detect potential precursors to IT Sabotage | CERT | pdf R1 |
Insider Threat Control - Using Centralized Logging to Detect Data Exfiltration Near Insider Termination | CERT | pdf R1 |
Insider Misuse of IT Systems | CPNI | pdf R2 |
2010-2011 Computer Crime and Security Survey | CSI | pdf R1 |
Cybersecurity Watch Survey 2011 | Deloitte | pdf R1 |
Combating the Insider Threat | DHS | pdf R4 |
Insider Threat Awareness Webinar | DHS | pdf R1 |
National Risk Estimate: Insider Threat Fact Sheet | DHS | pdf R4 |
Risks to US Critical Infrastructure from Insider Threat (23 Dec 2013) | DHS | pdf R1 |
Insider Threat Intelligence Report (2018) | Dtex | pdf
![]() |
Insider Threats | FBI | pdf R1 |
Insider Threat Examples by Sector | pdf R1 | |
Insider Threat to Criticail Infrastructure | NIAC | pdf R1 |
Insider Threat Program - Maturity Framework | NITTF | pdf
![]() |
Cost of Data Breach Study 2011 | Ponemon | pdf R1 |
TOP |
Risk Management
Government
Roadmaps
Defense & Military
Case Studies
Backdoors and Holes in Network Perimeters | |
Deepwater Horizon Accident Investigation Report (Executive Summary | Full Report) | pdf R1 |
Maroochy Water Services Australia (NIST) (Report | Presentation) | pdf R6 |
Olympic Pipeline Bellingham, Washington (NIST) (Report | Presentation) | pdf R6 |
German Still Works Facility (SANS) | pdf R6 |
Undirected Attached Against Critical Infrastructure | |
Air Traffic Control (ATC) Cyber Security Project (CSFI) | pdf R6 |
ABB SCADA EMS System INEEL Baseline Summary Test Report (INEEL) | |
Control System Security Assessments including PCS7 Details (INL-Siemens) | pdf R6 |
Olympic (Bellingham) Pipeline Accident Report (NTSB) | pdf R1 |
TOP |
Security Considerations for OPC
Effective OPC Security for Control Systems | Matrikon | |
Hardening Guidelines for OPC Hosts | Byres | |
OPC Exposed | Byres | |
Understanding OPC | Byres | |
Using OPC via DCOM with Windows XP SP2 | OPCF | pdf
![]() |
Securing Your OPC Classic Control Systems | Tofino | |
Security Implcations of OPC in Control Systems | DHS | |
TOP |
ICS Basics
ICS Protocols & Networks
Manuals and User Guides
Cheat Sheets
eBooks
Multimedia
WEB-BASED DEMONSTRATION VIDEOS BY SCADAHACKER | |
Exploitation 101: Turning a SCADA Vulnerability into a Successful Attack | html
![]() |
Protecting Your ICS from Zero-Day Attacks | html
![]() |
Stuxnet - Introduction, Installation, and Injection Methods | html
![]() |
Stuxnet - Using Software Restriction Policy as a Mitigation | html
![]() |
WEB-BASED THIRD-PARTY VIDEOS | |
Auditing SCADA and Control System Networks (Tenable) | html |
TOP |
Spreadsheets
IP Address Subnet Calculator | xls R1 |
Network Assistant (subnetting, port lookup, cli commands, acronyms) | xls R1 |
IP Subnetting Assistant (tools to understand "visibility") | xls R1 |
TOP |
Tools and Applications
Websites
Software
These links will redirect you to various sites on the Internet for downloading of current versions. Some applications may require registration prior to downloading. You should always validate that you are accessing the latest version before downloading.
Revision History:
R1 = New/Updated Content Q1-2014
R2 = New/Updated Content Q3-2014
R3 = New/Updated Content Q4-2014
R4 = New/Updated Content Q1-2015
R5 = New/Updated Content Q2-2015
R6 = New/Updated Content Q1-2016
R7 = New/Updated Content Q1-2018
(R8) = Updated Content Q2-2020 (link and page error corrections)
(R9) = New Content Q2-2020
(R10) = New Content Q3-2020
(R11) = New Content Q2-2021
(R12) = New Content Q3-2021
Assessment Guidance
Assessment Tools
Best Practices
Case Studies
Cheat Sheets
Defense & Military
eBooks
Exercises
Frameworks
Government
ICS Basics
ICS Cyber Events
ICS Protocols & Networks
ICS Vendor Security
ICS Vulnerabilities
Incident Response
Insider Threats
Manuals & Users Guides
Maturity Models
Multimedia
News Sources
OPC Security
Open-Source Intelligence
Reference
Risk Management
Roadmaps
Software
Spreadsheets
Standards
Threat Intelligence
Tools & Applications
Vulnerability Disclosure
Websites
White Papers & Articles
Workforce Development

Click Here for special pricing and PDF options

Click Here for special pricing and PDF options


