{ "id": "a224f9de-0d6a-4b85-ab70-25c19e3717e2", "created_at": "2026-04-06T00:19:45.333884Z", "updated_at": "2026-04-10T13:12:24.098021Z", "deleted_at": null, "sha1_hash": "c57c777d069fa79b7ff6302fd4fd3dd8127c49b4", "title": "Industrial Control Systems (ICS) Security Training", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 30244446, "plain_text": "Industrial Control Systems (ICS) Security Training\r\nBy Emily W.Microsoft\r\nArchived: 2026-04-05 15:36:46 UTC\r\nIndustrial Control Systems (ICS) and Operational Technology (OT) are increasingly targeted by cyber threats,\r\nputting businesses, governments, and national infrastructure at risk. Specialized ICS/OT security training is vital\r\nto securing operations across all industries and defending the systems that make, move, and power the world.\r\nThe SANS ICS Security Mission\r\nUnlike traditional IT environments, ICS/OT systems face unique risks that demand both cybersecurity expertise\r\nand operational awareness. SANS ICS security training prepares defenders for the evolving threats targeting\r\nessential industries worldwide. From foundational to advanced—SANS ICS training, led by expert instructors\r\nwith real-world labs using cyber physical systems, provides the knowledge and hands-on skills to defend the\r\ncritical infrastructure and industrial operations that drive economies.\r\nStudent Insights\r\nEven in the tech industry, ICS security is often overlooked. This training showed me how ICS threats\r\nimpact all sectors and gave me the skills to mitigate them.\r\nMeet Your Experts\r\nhttps://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid\r\nPage 1 of 19\n\nhttps://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid\r\nPage 2 of 19\n\nMark loves the ever-changing landscape of security and views it as a puzzle that must be solved. He especially\r\nloves the challenges in ICS security, where the cyber meets the physical. There is no greater success than a safe\r\nand effective process.\r\nLearn more\r\nhttps://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid\r\nPage 3 of 19\n\nhttps://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid\r\nPage 4 of 19\n\nLesley Carhart\r\nTechnical Director of Industrial Incident Response\r\nLesley is Technical Director of Industrial Incident Response for North America for Dragos and teaches SANS\r\nIndustrial Control System courses. She's a recognized leader in cybersecurity and has won a number of prestigious\r\nawards in the field.\r\nLearn more\r\nhttps://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid\r\nPage 5 of 19\n\nhttps://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid\r\nPage 6 of 19\n\nJason Christopher\r\nSenior Vice President of Cybersecurity and Digital Transformation for Research and Innovation\r\nJason D. Christopher, Energy Impact Partners SVP, teaches ICS456 and co-authors ICS418, turning regulation\r\ninto safe, reliable OT-supporting programs and metrics to align practitioners and leaders on clear, defensible\r\naction.\r\nLearn more\r\nhttps://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid\r\nPage 7 of 19\n\nhttps://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid\r\nPage 8 of 19\n\nTim Conway\r\nSANS ICS Curriculum Lead\r\nSANS Fellow Tim Conway, co-author of ICS456, ICS310, and ICS612, blends decades of hands-on ICS/OT\r\nsecurity and compliance expertise with ongoing frontline consulting, helping students turn complex industrial\r\nchallenges into practical skills.\r\nLearn more\r\nhttps://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid\r\nPage 9 of 19\n\nhttps://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid\r\nPage 10 of 19\n\nJason Dely brings over 20 years of experience and a diverse industrial control system background to SANS and\r\nthe industrial control system (ICS) community.\r\nLearn more\r\nhttps://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid\r\nPage 11 of 19\n\nhttps://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid\r\nPage 12 of 19\n\nMonta Elkins\r\nHacker-in-Chief\r\nMonta Elkins is currently \"Hacker-in-Chief\" for FoxGuard Solutions, an ICS patch provider. A security researcher\r\nand consultant; he was formerly Security Architect for Rackspace, and the first ISO for Radford University.\r\nLearn more\r\nExplore Careers Within Industrial Control Systems Security\r\nSANS ICS Security Summit \u0026 Training 2026\r\nhttps://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid\r\nPage 13 of 19\n\nThe SANS ICS Security Summit offers something for everyone—from introductory learning for those new to\r\nICS/OT security to advanced insights and techniques for seasoned practitioners and leaders. Join us at Disney in\r\nOrlando to experience immersive workshops, in-depth talks, and practical takeaways led by the industry’s top\r\nexperts.\r\nExplore Event\r\nUpcoming Events\r\nSlide 1 of 3\r\nStrengthening the Foundation: Implementing SANS ICS Controls 1 and 2\r\nhttps://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid\r\nPage 14 of 19\n\nIn this session, we dive into the first two pillars of the SANS Top 5 Critical ICS Controls: ICS Incident\r\nResponse and Defensible Architecture.\r\nWebinarIndustrial Control Systems Security\r\n 3 Jun 2026\r\n 17:00 CDT\r\n Justin Searle\r\nView details\r\nSlide 2 of 3\r\nICS Solutions Track 2026: OT/ICS Actionable Industrial Cyber Defense -\r\nLive Demos, Real Attack Case Studies, and Proven Countermeasures\r\nTop ICS/OT vendors will showcase cutting-edge tools for anomaly detection, ransomware containment,\r\nand engineering-aware industrial ICS/OT incident response—proving how defenders can protect the\r\nsystems that make, move, and power our world.\r\nhttps://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid\r\nPage 15 of 19\n\nWebinarIndustrial Control Systems Security\r\n 9 Jun 2026\r\n 10:00 EDT\r\n Dean Parsons\r\nView details\r\nSlide 3 of 3\r\nSANS 2026 State of ICS/OT Security Survey Insights: Industrial\r\nCybersecurity at a Crossroads\r\nJoin us to discuss insights from SANS 9th annual State of ICS/OT Security Survey. This trusted industry\r\nresearch captures how organizations across sectors are evolving their industrial cybersecurity strategies in\r\nresponse to regulatory pressures, emerging threats, and operational demands.\r\nWebinarIndustrial Control Systems Security\r\nhttps://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid\r\nPage 16 of 19\n\n10 Nov 2026\r\n 10:30 EST\r\n Jason Christopher\r\nView details\r\nSlide 1 of 3\r\nhttps://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid\r\nPage 17 of 19\n\nSlide 2 of 3\r\nhttps://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid\r\nPage 18 of 19\n\nSlide 3 of 3\r\nMore Insights\r\nFrequently Asked Questions\r\nSource: https://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid\r\nhttps://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid\r\nPage 19 of 19", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia", "MISPGALAXY" ], "origins": [ "web" ], "references": [ "https://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid" ], "report_names": [ "confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid" ], "threat_actors": [ { "id": "d90307b6-14a9-4d0b-9156-89e453d6eb13", "created_at": "2022-10-25T16:07:23.773944Z", "updated_at": "2026-04-10T02:00:04.746188Z", "deleted_at": null, "main_name": "Lead", "aliases": [ "Casper", "TG-3279" ], "source_name": "ETDA:Lead", "tools": [ "Agentemis", "BleDoor", "Cobalt Strike", "CobaltStrike", "RbDoor", "RibDoor", "Winnti", "cobeacon" ], "source_id": "ETDA", "reports": null }, { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434785, "ts_updated_at": 1775826744, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/c57c777d069fa79b7ff6302fd4fd3dd8127c49b4.pdf", "text": "https://archive.orkl.eu/c57c777d069fa79b7ff6302fd4fd3dd8127c49b4.txt", "img": "https://archive.orkl.eu/c57c777d069fa79b7ff6302fd4fd3dd8127c49b4.jpg" } }