The document provides guidance on securing industrial control systems through a defense-in-depth approach. It summarizes the Purdue Model for Control Hierarchy, which defines five zones and six levels of operations for industrial control systems. It then presents a reference architecture based on this model, with multiple zones and security controls between the enterprise, manufacturing and process zones. Specifically, it identifies security patterns and controls for access control, log management, network security and remote access that are critical for industrial control system security.
The document discusses materials requirements planning (MRP), which coordinates the flow of components and inputs through the production process. MRP was developed after World War II to improve upon quarterly ordering systems as demand became more based on forecasts rather than confirmed orders. It takes production forecasts and breaks them down into weekly schedules using a bill of materials to determine dependent demand for components. MRP provides schedules and priorities to help manage inventory levels and avoid stockouts. It requires accurate data on master production schedules, bills of materials, inventory levels, and order status.
MRP is a production planning and inventory control system that uses a master production schedule, bill of materials, and inventory data to determine material requirements. It generates planned order releases to ensure materials and components are available when needed for production. Benefits of MRP include reduced inventory levels, faster production and delivery times, improved efficiency, and better ability to respond to changes. MRP determines requirements by calculating net requirements based on scheduled production and current inventory levels.
The document describes the key steps in a company's procure to pay process. It includes:
1) Material requirement planning to determine needed supplies and when.
2) Vendor selection by comparing quotations.
3) Purchase requisitions, purchase orders, goods receipt, and goods receipt invoicing to receive ordered items.
4) Invoice verification to check prices, quantities, and approvals.
5) Payment to vendors according to terms after all verification is complete.
The procure to pay process aims to efficiently obtain necessary items at the right time and cost while ensuring accurate payment for goods and services received.
The document outlines the preliminary phase of an enterprise architecture framework implementation. It involves reviewing the organizational context, identifying existing frameworks and processes, establishing architecture maturity targets, and defining requirements for architecture work. Key outputs include an organizational model, tailored architecture framework, architecture principles, and request for architecture work.
This document discusses lean management in the pharmaceutical industry. It provides background on the pharmaceutical industry and trends toward lean manufacturing principles. Key lean tools described include identifying value-added versus non-value added work, lean house, 5S, visual controls, workstation design, and standard work. The document recommends that pharmaceutical companies effectively apply lean management principles to improve operational efficiency while navigating regulatory requirements.
MRP is a computerized inventory control and production planning system that determines what components are needed and when based on orders and capacities. It schedules components, tracks inventory, and helps reduce costs and improve customer service, production, and other business aspects.
Presentation I gave on Theory of Constraints - Management paradigm that views any manageable system as being limited in achieving more of its goals by a very small number of constraints» – wikipedia.
Introduced by Eliyahu M. Goldratt in his 1984 book titled «The Goal».
Constraint – anything that prevents system from achieving its goal. External or internal.
TOGAF is een belangrijke standaard voor enterprise-architectuur en beschrijft onder meer een methode en te ontwikkelen producten. De standaard is alleen niet erg toegankelijk beschreven en bevat daarnaast ook allerlei zaken die niet altijd belangrijk zijn. Danny Greefhorst zal daarom een praktische invulling van TOGAF beschrijven die ervoor zorgt dat het eenvoudiger wordt deze standaard toe te passen. Hij zal laten zien welke activiteiten, technieken en producten het meest belangrijk zijn en bij elkaar de essentie van TOGAF en enterprise-architectuur weergeven. Aan de hand van concrete voorbeelden uit de praktijk wordt het voor de deelnemers ook duidelijk hoe zij dit zelf zouden kunnen doen in hun eigen organisatie.
MRP System Structure (Input and Output)
Master Production Schedule (MPS)
Bill of Material (BOM)
Inventory Records File
MRP Terminology
MRP Explosion Process
MRP Management
MRP and JIT
Oracle Product Hub Cloud: A True Enterprise Product Master SolutionKPIT
Thermo Fisher Scientific is looking to implement an enterprise product master solution to manage their large and growing product data in a centralized and scalable way. They were facing challenges with synchronization between their PLM and ERP systems and inconsistent product data models across business units. Oracle Product Hub Cloud was selected as it provides comprehensive product data management functionality including BOM and where-used capabilities needed to support their supply chain. It also enables supplier collaboration and integration with various Oracle and non-Oracle systems. The presentation discusses Thermo Fisher's vision and drivers for the solution as well as lessons learned from Pella Corporation's implementation.
MRP (Material Requirements Planning) is a system used to plan for materials needs based on production schedules and inventory levels. It was developed in the 1960s and helps ensure availability of materials for production and delivery to customers while maintaining low inventory levels. The MRP process involves using a master production schedule, bill of materials, and inventory records to generate reports showing what materials are needed, how many, and when to support production needs. It aims to balance optimizing service levels and minimizing costs and capital tied up in inventory.
The document provides information about master scheduling, including:
1) Master scheduling is the process of producing a supply plan to schedule specific items or services within a given time period to meet demand.
2) It balances demand and supply at a detailed level through a master production schedule, which anticipates the build schedule for products and customer orders.
3) The master scheduling process involves calculating projected on-hand inventory, determining production quantities and timing to meet demand while satisfying resource constraints, and revising the schedule until a feasible plan is developed.
The document discusses the ISA 95 standards for integrating business systems with manufacturing systems. It provides an overview of the ISA 95 models including the four levels of the manufacturing hierarchy and the four object models for resources, capabilities, products, and production performance. The standards define the information that crosses the boundary between business and manufacturing systems. Implementations of the standards at various companies are also discussed.
This document provides an agenda and overview for an online seminar on Oracle's Master Data Management Solution, the PIM Data Hub. The agenda covers topics like PIM Data Hub Overview, Implementation Options for both EBS and non-EBS customers, new R12 features, upgrade options for 11.5.10 customers, a system demo, and information about the presenter and company. The document provides details on the capabilities and benefits of the PIM Data Hub for managing master product data across the enterprise.
Information security management guidance for discrete automationjohnnywess
This document summarizes guidance for establishing an information security management program for industrial automation departments. It finds that while standards and guidance are now readily available, implementing a comprehensive security program requires extensive cross-functional collaboration. None of the publications can be implemented alone by automation departments due to their complexity and need for interdepartmental expertise in areas like risk assessment and network segmentation. Effectively addressing vulnerabilities will require integrating security practices with existing organizational processes and acquiring new technical knowledge across roles.
How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...Schneider Electric
Federal agencies are moving their industrial control systems (ICS) from operational business networks to separate, dedicated networks in order to enhance security. However, without a system to test the new equipment and software coming into these separate networks, security risks will persist. This paper explores the impact on security of instituting a sanctioned ICS test lab and recommends best practices for setting up and operating these labs.
This presentation discusses why cybersecurity is an issue for safety instrumented systems and will examine example architectures when communicating with the SIS.
This document discusses three methods of software assurance: kernel separation, desktop virtualization, and the Trusted Platform Module (TPM).
Kernel separation (also known as MILS) isolates operating system processes and partitions hardware to separate developer code, system resources, and data objects. This aims to reduce vulnerabilities by compartmentalizing different functions.
Desktop virtualization stores the desktop environment on centralized servers rather than individual devices. This allows for easier maintenance, troubleshooting, and access controls. All user data and customizations can be removed when logging off.
TPMs create encryption keys during the boot process to validate that critical software and firmware have not been modified. This helps detect malware early and takes a proactive approach to
This document discusses industrial control system (ICS) cybersecurity. It begins with an introduction to ICS, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and programmable logic controllers (PLC). It then compares ICS and IT security, discussing risks specific to ICS. The document outlines the risk management process and describes ICS security architecture, including network segmentation. It also covers authentication, firewall implementation, and applying the six steps of the NIST risk management framework to implement security controls for ICS.
Maintaining Continuous Compliance with HCL BigFixHCLSoftware
The rise in security threats affecting endpoints and the changing landscape of mobile and cloud-driven work environments has created new challenges for IT teams. BigFix Compliance offers a unified endpoint management solution that provides real-time visibility and policy enforcement to safeguard complex and widely distributed IT environments. It significantly reduces the administrative burden of compliance reporting and ensures adherence to standards, helping organizations protect their endpoints and minimize attack surfaces with minimal effort.
Augmentation of a SCADA based firewall against foreign hacking devices IJECEIAES
This document summarizes a research paper that implemented a SCADA-based firewall to protect data transmission from external hacking devices. The paper first discusses a case study where an industrial control system was hacked 46 times. It then provides an overview of industrial firewalls and the differences between industrial and IT firewalls. The paper describes configuring a Tofino industrial firewall with SCADA-HMI and PLC assets. It tests the firewall by simulating scenarios without and with the firewall, showing the firewall prevents an attacker from accessing the PLC simulator based on communication protocols. The paper concludes customized industrial firewalls are needed and protocols must be regularly updated as cyber attacks evolve.
The session with highlight Intel’s vision for IoT Security and the fundamental building blocks and capabilities Intel and the ecosystem are providing to organizations to build security in from design through deployment and maintenance.
Standards based security for energy utilitiesNirmal Thaliyil
The document discusses standards for cybersecurity in the energy sector. It notes that threats are increasing as energy infrastructure becomes more connected and data-driven. The document outlines some key cybersecurity standards for the energy industry including NERC CIP, IEEE1686, and IEC 62351. It maps these standards based on their level of technical detail and completeness. The document also discusses best practices for cybersecurity including technological and operational controls and how standards relate to controls for protection, detection and response.
This document discusses computer security aspects in industrial instrumentation and measurements. It begins by explaining how industrial control systems were once isolated but are now highly connected using common operating systems and network protocols, opening them up to security threats. It then covers basic security concepts like confidentiality, integrity and availability. It also discusses security vulnerabilities, attacks, and infrastructure. Specific security aspects for industrial control systems are explored, like SCADA, DCS and PLC systems. Potential incidents on these systems are explained and approaches to overcome them, like network architecture, authentication, and maintaining functionality during adverse conditions. It concludes that as these systems evolve, traditional computer security threats now also threaten industrial systems.
This document provides an overview of how Fortinet solutions can help secure industrial control systems (ICS) in accordance with IEC 62443 standards. It describes common ICS vulnerabilities and challenges, and recommends implementing network segmentation, access controls, and multi-layered security using Fortinet products to monitor traffic and enforce security policies across different ICS zones. Specific Fortinet products mentioned include the FortiGate firewall, FortiAuthenticator for authentication, and FortiAnalyzer for logging and reporting.
Computer integrated manufacturing systems have changed the interaction of industrial manufacturing equipment with different systems within and outside the manufacturing environment. The increase in the sophistication of the manufacturing equipment, along with increased connectivity with internal and external systems has changed the way that manufacturing security is designed. As manufacturers move towards a more connected collaborative environment in order to compete in global businesses and geographically disparate facilities, concerns that their proprietary manufacturing processes and intellectual property could be exposed to damaging compromise on a worldwide scale are increasing. The US government has also passed several regulations so that companies take into account general concerns like physical and logical security. Biometrics can solidify the authority checks and operator entry checks since the authentication is no longer based only on passwords or security cards/tokens. This paper proposes a unique application of biometrics and computer integrated technology as part of providing an applied solution for the problems of security and auditability in the manufacturing environment. The design of the prototype will integrate facial recognition and fingerprint recognition into the existing infrastructure of the manufacturing environment to provide strong authentication and non-repudiation of audit trails. The prototype of the system will also examine the feasibility of using fingerprint recognition for remote operation of manufacturing systems.
Reports on Industrial Control Systems’ Cyber SecurityA. V. Rajabahadur
During the many years of my association with industrial control and plant automation systems, I, like my most other professional colleagues, have worked on the assumption that controller systems must meet industrial companies’ functional requirements; accuracy, safety & reliability, and robustness & repeatability. Industrial companies invest in control & instrumentation systems not only to secure health, safety, and environment (HSE) protection, but also to improve plant asset performance, plant availability, and profitability.
The recent advent of Stuxnet, Flame, Duqu, Havex, and such other malwares have exposed the vulnerability of industrial control systems to cyber-attacks, and thus have opened the Pandora’s Box. Cyberthreats, posing serious challenges not only to industries but also to nation states, are a reality.
In my report “Reports on Industrial Control Systems’ Cyber Security,” I have compiled few articles that are written to create the necessary awareness among the critical infrastructure industries about the real nature of the threats and to provide some suggestions both to industrial control and plat automation vendors and end-users to initiate countermeasures.
Integrated Control and Safety - Assessing the Benefits; Weighing the RisksSchneider Electric
While best practice has leaned toward keeping control and
safety isolated from each other, recent enterprise data integration
and cost control initiatives are providing incentive to
achieve some level of integration. This paper describes three
basic integration models, including an “interfaced” approach,
in which separate control and safety communicate via a
custom built software bridge; an “integrated but separate”
approach, in which the disparate systems sit on the same
network, but share information only across isolated network
channels; and a “common” approach, in which both control
and safety systems share a common operating system. The
authors then compare the three approaches according to
compliance with safety standards and cost efficiencies.
This document provides an overview of cyber security challenges for industrial control systems (ICS) and introduces Darktrace's Industrial Immune System as an innovative solution. The key points are:
1) ICS networks face growing threats as they increasingly connect to corporate IT networks and the internet, but existing defenses like firewalls are inadequate. Attacks have caused damage at facilities like power plants and a German steel mill.
2) Darktrace's system implements a real-time "immune system" that analyzes network behavior to establish a baseline and detect anomalies, allowing threats to be identified early before they cause disruption.
3) Unlike rule-based systems, Darktrace adapts over time and can detect "unknown unknown"
The document analyzes the cybersecurity of 5 building management system (BMS) components from 4 vendors. It finds that a significant number of BMS devices are directly accessible from the internet, and the components share common design flaws like default credentials, lack of input sanitization, and insecure firmware updates. The research uncovered over 100 vulnerabilities in total, demonstrating how an attacker could achieve unauthenticated remote code execution on the systems and potentially impact over 10 million people. It recommends vendors improve security standards for BMS products.
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...Dhana Raj Markandu
Conference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia
(Accepted for presentation but not published due to unforeseen withdrawal of author)
Darktrace's Industrial Immune System provides continuous threat monitoring for critical infrastructure organizations like oil and gas, energy, and manufacturing plants. It uses advanced machine learning and behavioral analytics to establish a baseline of normal activity on industrial control systems (ICS) networks. This allows it to detect abnormal and potentially malicious behavior in real-time, even from unknown threats, and flag them for investigation before they can cause major issues. As ICS networks increasingly connect to corporate IT networks and the internet, they become more vulnerable to cyber attacks but existing defenses like firewalls have proven inadequate, making a solution like Darktrace's important for enhanced protection.
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresIJRES Journal
Virtualization continues to take center stage at IT industry, yet many organizations are finding it difficult to secure virtualized environments. Security is a critical component in the growing IT system surrounding virtualization. Many organizations find the security challenges associated with virtualization to be a major hurdle, companies of all kinds across all industries are looking towards addressing business and security needs in the virtual infrastructure. There are many research work done before about how to check the compliance status of the cloud platform, not of the virtual machines running on the platform. This paper proposes the security framework for multiple heterogeneous virtual machines which assess the compliance security of the virtual machines. In this paper we make use of REST APIs, using which we create remote session on the virtual machines and fetch the machine values which will be parsed to get the required values for assessment.
Similar to Secure architecture-industrial-control-systems-36327 (20)
Tarun Gaur On Data Breaches and Privacy FearsTarun Gaur
Tarun Gaur On Data Breaches and Privacy Fears https://www.cbs19news.com/story/50764645/tarun-gaur-on-data-breaches-and-privacy-fears-navigating-the-minefield-of-modern-internet-safety
The advent of social media has revolutionized communication, transforming the way people connect, share, and interact globally. At the forefront of this digital revolution are visionary entrepreneurs who recognized the potential of the internet to foster social connections and create communities. This essay explores the founders of some of the most influential social media platforms, their journeys, and the lasting impact they have made on society.
Mark Zuckerberg, along with his college roommates Eduardo Saverin, Andrew McCollum, Dustin Moskovitz, and Chris Hughes, founded Facebook in 2004. Initially created as a social networking site for Harvard University students, Facebook rapidly expanded to other universities and eventually to the general public. Zuckerberg's vision was to create an online directory that connected people through their real-life social networks.
Twitter, founded in 2006 by Jack Dorsey, Biz Stone, and Evan Williams, brought a new dimension to social media with its microblogging platform. Dorsey envisioned a service that allowed users to share short, real-time updates, limited to 140 characters (now 280). This concise format encouraged rapid sharing of information and fostered a culture of brevity and immediacy.
Kevin Systrom and Mike Krieger co-founded Instagram in 2010, focusing on photo and video sharing. Systrom, who studied photography, wanted to create an app that made mobile photos look professional. The app's unique filters and easy-to-use interface quickly gained popularity, amassing over a million users within two months of its launch.
Instagram's emphasis on visual content has had a significant cultural impact. It has popularized the concept of influencers, giving rise to a new industry where individuals can monetize their popularity and reach. The platform has also revolutionized digital marketing, enabling brands to connect with consumers in more authentic and engaging ways. Acquired by Facebook in 2012, Instagram continues to be a dominant force in social media, shaping trends and cultural norms.
Reid Hoffman founded LinkedIn in 2002 with the goal of creating a professional networking platform. Unlike other social media sites focused on personal connections, LinkedIn was designed to connect professionals, facilitate job searches, and foster business relationships. The platform allows users to create professional profiles, network with colleagues, and share industry insights.
LinkedIn has become an indispensable tool for job seekers, recruiters, and businesses. It has transformed the job market by making it easier to find and connect with potential employers and employees. LinkedIn's influence extends beyond job searches; it has become a hub for professional development, thought leadership, and industry news. Hoffman's vision has significantly impacted how professionals manage their careers and build their networks.
Jan Koum and Brian Acton co-founded WhatsApp in 2009, aiming to create a simple, reliable..
Book dating , international dating phgrathomaskurtha9
International dating programhttps: please register here and start to meet new people todayhttps://www.digistore24.com/redir/384521/godtim/.
get started. https://www.digistore24.com/redir/384521/godtim/
1. Interested in learning
more about security?
SANS Institute
InfoSec Reading Room
This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission.
Secure Architecture for Industrial Control Systems
Industrial Control Systems (ICS) have migrated from stand-alone isolated systems to interconnected systems
that leverage existing communication platforms and protocols to increase productivity, reduce operational
costs and further improve an organization s support model. ICS are responsible for a vast amount of critical
processes necessitating organizations to adequately secure their infrastructure. Creating strong boundaries
between business and process control networks can reduce the number of vulnerabilities and att...
Copyright SANS Institute
Author Retains Full Rights
AD
2. Secure Architecture for Industrial Control Systems
GIAC (GSEC) Gold Certification
Author: Luciana Obregon, lucianaobregon@hotmail.com
Advisor: Barbara Filkins
Accepted: September 23, 2015
Template Version September 2014
Abstract
Industrial Control Systems (ICS) have migrated from stand-alone isolated systems to
interconnected systems that leverage existing communication platforms and protocols to
increase productivity, reduce operational costs and further improve an organization’s
support model. ICS are responsible for a vast amount of critical processes necessitating
organizations to adequately secure their infrastructure. Creating strong boundaries
between business and process control networks can reduce the number of vulnerabilities
and attack pathways that an intruder may exploit to gain unauthorized access into these
critical systems.
This paper provides guidance to those organizations that must secure their ICS systems
and networks through a defense-in-depth approach to security, achieved through the
identification of key security patterns and controls that apply to critical information
security domains. The goal is a visual explanation that allows stakeholders to understand
how to reduce information risk while preserving the confidentiality, integrity and
availability of critical infrastructure resources in the industrial control environment.
3. Secure Architecture for Industrial Control Systems 2
Luciana Obregon, lucianaobregon@hotmail.com
1. Introduction
Industrial Control Systems command a large percentage of the world’s critical
infrastructure, such as air traffic control, electrical and nuclear power plants, waste water
treatment plants, refineries, pipelines and dams. ICS have traditionally been developed
using specialized hardware and software and deployed as stand-alone platforms
employing vendor proprietary communication protocols to interact amongst like systems.
In the past, this compartmentalized architecture met manufacturing and business goals
while eliminating the risk of cyber intrusions that could arise from the exploitation of
well-known vulnerabilities found in commercial systems and applications. The majority
of ICS were confined to a particular physical plant and detached from external computer
networks. As a result, organizations had to strengthen their physical security to ensure
that the systems were accessed and operated by only those individuals that had
authorization to do so.
The increasing need to reduce manufacturing and operational costs, enhance
productivity and provide access to real-time information have been some of the key
drivers for organizations to evolve towards utilizing modern networking systems to
interconnect ICS with business and external networks. This new trend has reduced the
isolation previously found in ICS networks, exposing the critical infrastructure to a wide
array of external and internal threats as well as misconfigurations and computing errors.
Different organizations have different information security goals which are
determined and driven by their business objectives. Generally speaking, information
security organizations aim to protect the confidentiality, integrity and availability of
critical information assets. In an ICS environment the availability of control systems,
safety of human life and the integrity of the data that is processed is of paramount
importance.
ICS have distinctive performance and reliability requirements. Their system
lifecycle is usually 10 to 20 years and they are typically not built with security in mind.
Most often than not, these systems are maintained by outside vendors, are not routinely
patched or upgraded, and are deployed with default configuration settings. Because ICS
4. Secure Architecture for Industrial Control Systems 3
Luciana Obregon, lucianaobregon@hotmail.com
need to be highly available at all times, it becomes extremely difficult to get authorization
from the business to take these systems offline for security related maintenance. Given
these challenges, it is important for organizations to develop and implement a security
program for the protection of their critical infrastructure that follows a defense-in-depth
strategy. Defense-in-depth defines the implementation of layered security controls to
defend a system against different types of attacks. The goal is to reduce information risk
while preserving the availability and integrity of ICS environments and, above all, to
protect human life.
This paper establishes the fundamental concepts behind ICS using the Purdue
Model for Control Hierarchy, mapping these logical concepts into a reference
architecture for ICS. This reference architecture will be used as the basis for presenting
the architectural patterns defined in four security domains deemed critical in ICS: access
control, log management, network security, and remote access. This will allow
information security professionals and process control engineers that are responsible for
protecting an organization's most valuable assets to visualize how to protect against a
security breach, whether involving confidentiality, integrity and/or availability.
2. ICS Security Architecture
This section introduces the logical architecture for an ICS network that will be
used to identify the security controls and patterns. The Purdue Model for Control
Hierarchy logical framework, developed by the International Society of Automation ISA-
99 Committee for Manufacturing and Control Systems Security, forms the baseline for
the ICS reference architecture presented in Figure 2.
2.1. Purdue Model for Control Hierarchy
The Purdue logical framework identifies five zones and six levels of operations as shown
in Figure 1 (ISA99 Committee, 2004):
5. Secure Architecture for Industrial Control Systems 4
Luciana Obregon, lucianaobregon@hotmail.com
Figure 1 - Purdue Model for Control Hierarchy logical framework
The Purdue model uses the concept of zones to subdivide an Enterprise and ICS network
into logical segments comprised of systems that perform similar functions or have similar
requirements.
Enterprise Zone - Level 5: Enterprise
Level 5 is where corporate IT infrastructure systems and applications exist.
Typically, VPN remote access and corporate Internet access services live in this level, to
name a few. Direct communication between systems in the enterprise zones and the ICS
environment is usually discouraged based on the level of risk that this would expose the
organization to. A better approach is to manage access into the ICS environment through
a Demilitarized Zone (DMZ) (Cisco and Rockwell Automation, 2011).
Enterprise Zone - Level 4: Site Business Planning and Logistics
Level 4, often seen as an extension of Level 5, houses IT systems that deal with
reporting, scheduling, inventory management, capacity planning, operational and
maintenance management, e-mail, phone and printing services. The services, systems and
applications in Levels 4 and 5 are normally managed and operated by the IT organization
(Cisco and Rockwell Automation, 2011).
6. Secure Architecture for Industrial Control Systems 5
Luciana Obregon, lucianaobregon@hotmail.com
Manufacturing Zone - Level 3: Site Manufacturing Operations and Control
The systems in Level 3 are often responsible for managing control plant
operations to produce the desired end product. Applications, services, and systems that
are found at this level include:
Plant historian
Production reporting system
Production scheduling systems
Reliability assurance
Engineering workstations
Network File servers
IT services such as DNS, DHCP, Active Directory, and NTP
Remote access services
Staging area
The systems and applications in Level 3 communicate with the systems in
Enterprise Zone through a DMZ. Direct communication between systems in
Manufacturing and Enterprise zones is discouraged. Additionally, systems in Level 3
may communicate with systems in Levels 1 and 0 (Cisco and Rockwell Automation,
2011).
Cell/Area Zone - Level 0: Process
Level 0 includes the sensors and instrumentation elements that directly connect to
and control the manufacturing process. These devices are controlled by devices found in
Level 1 (Cisco and Rockwell Automation, 2011).
Cell/Area Zone - Level 1: Basic Control
Level 1 includes process control equipment that receives input from sensors,
processes the inputted data by using control algorithms, and sends the outputted data to a
final element. Devices in this level are responsible for continuous, sequence, batch and
7. Secure Architecture for Industrial Control Systems 6
Luciana Obregon, lucianaobregon@hotmail.com
discrete control. Some devices that exist in the level are Distributed Control Systems
(DCS), Programmable Logic Controllers (PLC), and Remote Terminal Units (RTU).
These devices run vendor-specific operating systems and are programmed and configured
from engineering workstations (Cisco and Rockwell Automation, 2011).
Cell/Area Zone - Level 2: Area Supervisory Control
Level 2 systems include the manufacturing operations equipment for an individual
production area. Level 2 typically includes:
Human Machine Interfaces (HMI)
Alarms/Alert systems
Control room workstations
These systems may communicate with systems in Level 1. Additionally, they may
also interface with systems in the Manufacturing and Enterprise zones through the DMZ
(Cisco and Rockwell Automation, 2011).
Safety Zone
Systems in the safety zone monitor processes for anomalies, automatically return
processes to safety if they exceed a defined threshold and alert the operators of unsafe
conditions. These systems are usually air-gapped from the rest of the control systems
(Cisco and Rockwell Automation, 2011).
2.2. Practical Implementation of an ICS Network
Given the disparate security requirements of ICS and IT systems coupled with the
criticality of control systems, a rigorous risk assessment should be conducted prior to
interconnecting ICS and business networks. The majority of IT systems are concerned
with achieving high performance and throughput while control systems focus on high
availability and integrity of the data for continuity of operations. The ICS risk assessment
should take into account industry best practices and regulatory standards that the
8. Secure Architecture for Industrial Control Systems 7
Luciana Obregon, lucianaobregon@hotmail.com
organization must comply with. The risk assessment process should identify the threats
and vulnerabilities that are most likely to impact the organization; it should assess the
likelihood and business impact of those threats and recommend the implementation of
security controls that will reduce the risk to a level that is acceptable to the organization.
If ICS and IT business networks must be connected, it is recommended that the
number of entry points into the ICS environment be kept to a minimum. This will reduce
the number of attack pathways that could lead an intruder into the ICS environment.
Direct communication between IT business and ICS networks should be prohibited
unless absolutely necessary for business operations.
Figure 2 illustrates an ICS reference architecture. The architecture uses the
concept of zones to split the network into smaller, more focused environments where
security controls can be consistently applied. A zone is a logical network segment within
a networking environment that has a well-defined perimeter.
In the reference architecture, Level 5 is divided into an enterprise DMZ and an
internal enterprise sub-zone. The enterprise DMZ is where systems that need to be
directly exposed to the Internet live, such as VPN and e-mail gateways, Web and
FTP/SFTP servers. The VPN gateway in the enterprise DMZ should be the only access
point into the ICS environment for remote users. The internal enterprise sub-zone is
where enterprise applications, business-to-business, and business-to-customer services
live. For instance, if the organization has a business requirement to share records with a
partner company, the server storing those records would exist in this sub-zone.
Systems containing ICS data that need to be accessed by systems or users in the
enterprise network should be placed in a DMZ and the connections between the
Enterprise network and the DMZ must be scrutinized by a stateful inspection firewall.
Similarly, ICS systems that need to communicate with the enterprise network should do
so through the DMZ. These connections must also be inspected by a stateful inspection
firewall. The firewall should follow a “deny all” security policy, allowing only those
connections that are authorized.
9. Secure Architecture for Industrial Control Systems 8
Luciana Obregon, lucianaobregon@hotmail.com
As shown in Figure 2, pair of firewalls are used to create a DMZ between the
Enterprise and ICS environments. The first firewall blocks inbound attacks destined to
systems in the ICS network and inspects traffic into and out of the DMZ. The second
firewall controls traffic into and out of the ICS environment and contains attacks
originated inside the ICS network. The two-firewalled architecture increases the
organization’s security posture by adding additional layers of security that would need to
be penetrated in order to compromise systems in the ICS environment. Security can be
greatly increased by using firewalls from different manufacturers. These two firewalls
would have different sets of vulnerabilities and in order for an attacker to tamper with
both firewalls he/she would have to find and exploit a vulnerability that is common to
both devices. Another benefit of implementing dual firewall architecture is separation of
duties. One set of firewalls can be managed by the IT department while the process
control group can be responsible for the other firewall.
Figure 2 includes two additional zones, a monitoring zone and a database zone.
The purpose of the monitoring zone is to isolate systems that store and process security-
related and system event data. Security-related events contain valuable information that
an attacker could use to create a blueprint of the network to launch an attack. On the other
hand, following an attack an intruder may want to cover their tracks and delete security-
related events so that forensics investigation is unsuccessful.
The purpose of the database zone is to isolate database servers that contain
sensitive records. Databases can store employee's username and passwords, trade secrets,
personal identifiable information, human resources information, to name a few. Database
servers should be isolated to their own zone protected by a stateful inspection firewall.
The firewall should only allow access into the zone to those systems and users that have
been authorized. Although Figure 2 only shows a database zone inside the Enterprise
zone, the database servers in the ICS environment can be further isolated to their own
database zone inside the Manufacturing zone. ICS databases can be high-value targets for
attacks because they store command and control and historical data that are used for
reporting and decision making.
10. Secure Architecture for Industrial Control Systems 9
Luciana Obregon, lucianaobregon@hotmail.com
Figure 2 – Modified Purdue Model for Control Hierarchy architecture (NIST special publication 800-82.)
11. Secure Architecture for Industrial Control Systems 1
0
Luciana Obregon, lucianaobregon@hotmail.com
2.3. Architecture Security Patterns for ICS
The Open Security Architecture defines security patterns as “a general reusable
solution to a commonly occurring problem in creating and maintaining secure
information systems” (Open Security Architecture, n.d.). This paper will identify security
patterns in the following domains and explain how they apply ICS networks:
Access Control
o Access control mechanisms guarantee that the person who is
attempting access to a system or application is who she/he says it is.
Access control involves a user submitting a unique identifier, such as a
user ID, and the corresponding authenticating information, such as a
password.
Network Security
o Network security protects the confidentiality, integrity, and availability of
information systems against internal and external threats using a variety of
security controls.
Log Management
o Critical applications and systems should generate important security-
related events to assist in identifying threats to information,
troubleshooting network or system-related issues, and comply with
regulatory requirements.
Remote Access
o Remote users and vendors seek access into the ICS environment for
remote maintenance and support.
Note: The four domains listed above are not all-inclusive as it relates to ICS
environments, but are those most commonly seen in these environments.
12. Secure Architecture for Industrial Control Systems 1
1
Luciana Obregon, lucianaobregon@hotmail.com
2.3.1. Access Control
To prevent unauthorized access into the ICS environment users must be uniquely
identified, authenticated, and authorized before gaining access. User authorization should
follow the principle of least privilege which grants users with sufficient privileges to
enable them to fulfill defined roles.
Users must be assigned a unique user ID and should use strong passwords
enforced by a security policy that ensures that:
Passwords are comprised of a minimum number of characters
Passwords use a combination of alphanumeric and special characters
Passwords are changed regularly
Passwords do not contain dictionary words
Password are not reused
Increased security can be achieved by using two-factor authentication
mechanisms for all access into the ICS environment. Two-factor authentication prevents
credential reuse and thwarts password guessing attacks. Two-factor authentication
involves using two out of three possible factors to authenticate users:
Something you know, such as a password, passphrase or PIN.
Something you have, such as a token or digital certificate.
Something you are, such as biometrics.
Some place you are, such as country code.
Access privileges into the ICS environment should be subject to approval by
senior management and should be reviewed on a regular basis. An automated way to
revoke access into the ICS environment should exist in response to threats and
vulnerabilities or information security incidents.
13. Secure Architecture for Industrial Control Systems 1
2
Luciana Obregon, lucianaobregon@hotmail.com
Figure 3 identifies the security patterns for the access control information security
domain. The yellow tags in Figure 3 represent the access control security patterns that
can be consistently applied across the ICS network.
14. Secure Architecture for Industrial Control Systems 1
3
Luciana Obregon, lucianaobregon@hotmail.com
Figure 3 - Access Control Security Patterns for ICS
15. Secure Architecture for Industrial Control Systems 1
4
Luciana Obregon, lucianaobregon@hotmail.com
2.3.2. Log Management
Most Enterprise and ICS systems and applications generate large volumes of
events on a daily basis and should have mechanisms to forward security-related events to
a centralized log collection server. The log collection server stores critical data, such as
failed and successful login attempts, system boots and escalation of privileges that must
be protected against unauthorized access and modification. The log collection server must
be properly sized with enough space to store the event logs from all critical systems and
applications for a stated retention period. The retention period must be documented in a
policy and must take into consideration industry regulations.
Log messages should contain relevant system attributes such as IP addresses,
ports and protocols used, day and time, username, method of access such as FTP, SSH, or
HTTP. When correlating event logs from different systems time becomes an important
factor. Systems and applications that generate event logs must use a consistent time
source, such as a corporate Network Time Protocol (NTP), so that the event logs contain
accurate time-stamps.
In the security architecture, depicted in Figure 2, the log collection server and
SIEM tool are placed in their own zone named “Monitoring Zone”. There are two
Monitoring Zones. The first is part of the enterprise zone and it receives and analyses
security-related events from systems and applications inside the enterprise zone. The
second is part of the manufacturing zone and it receives and analyzes security-related
events from systems in the ICS environment. Both Monitoring Zones are firewalled. Only
authorized source IP addresses are allowed to access this zone. Furthermore, access to the
log collection server and SIEM tool requires a valid username and password.
At a minimum, network security hardware, such as VPN gateways, firewalls, intrusion
prevention and detection systems, critical servers, such as domain controllers and
database servers, and critical applications, such as historian applications should generate
and forward security-related events to the corresponding log collection server in the zone
16. Secure Architecture for Industrial Control Systems 1
5
Luciana Obregon, lucianaobregon@hotmail.com
for analysis. Figure 4 identifies the security patterns for the log management information
security domain.
Internet
Packet Filtering Firewall/Router
Level 5: Enterprise (DMZ)
VPN
Web Servers FTP/SFTP Servers
Level 4: Site Business Planning and Logistics
E-Mail Scheduling SystemsPrint Servers Inventory Systems
Level 5: Enterprise
Accounting systems Business Applications
Firewall
IT Services
(DNS, DHCP,
, etc)
DMZ
Firewall
Shared
Historian
FTP/SFTP Servers Patch/AV Servers Shared Application
Servers
Firewall
Level 3: Site Manufacturing Operations and Control
Plant Historian Production/
Scheduling
Systems
Engineering
Workstations
IT Services
(DNS, DHCP,
LDAP, etc)
File Servers
Level 2: Area Supervisory Control
Level 1: Basic Control
Level 0: Process
HMI
Control Room
Workstations Alarms/Alert Systems
Sensors Actuators Valves
PLC DCS RTU
Cell/Area Zone
Manufacturing Zone
Demilitarized Zone
Enterprise Zone
IDS
IDS
IDS
IDS
IPS
IDS
IDS
IDS
E-Mail Gateway
Log Collector SIEM
Monitoring Zone
Log Collector SIEM
Monitoring Zone
Remote Access
Servers
Firewall
Database Zone
User auth. database
Remote access event logging
IDS event logging
Server event logging
Application event loggingIPS event logging
Firewall event logging
Firewall event logging
IDS event logging
Server event logging
Application event logging
Server event logging
Application event logging
Database event logging
Firewall event logging
Server event logging
Application event logging
Firewall event logging
Remote access event logging
IDS event logging
Server event logging
Application event logging
Firewall event logging
Firewall event logging
Server event logging
Application event logging
Firewall event logging
IDS event logging
Server event logging
Application event logging
Database event logging
Firewall event logging
IDS event logging
Server event logging
Application event logging
Figure 4 – Log Management Security Patterns for ICS
17. Secure Architecture for Industrial Control Systems 1
6
Luciana Obregon, lucianaobregon@hotmail.com
2.3.3. Network Security
This section focuses on the following network security controls:
Network Segmentation or Zoning
Firewalls
Network Intrusion Detection and Protection Systems
Network segmentation is typically achieved by placing a filtering device, such as
a packet filtering or stateful inspection firewall at the zone’s point of entry. A network
zone should always have one entry point as depicted in Figure 5; all traffic entering and
leaving the zone (also referred to as inter-zone traffic) should be subject to inspection by
a firewall.
Figure 5 – Network segmentation or zoning
Systems can be segmented into network zones based on their functionality,
criticality to the business, risk levels, or other requirements defined by the organization.
Regardless of the segmentation scheme the systems within a given zone will be
susceptible to common threats and vulnerabilities. It is therefore important for each zone
to have a well-defined security baseline that is applied consistently across all systems
within the zone. The security baseline will define the minimum level of protection
required to achieve certain security level within the zone.
18. Secure Architecture for Industrial Control Systems 1
7
Luciana Obregon, lucianaobregon@hotmail.com
The purpose of the firewall is to control traffic flow amongst network zones while
preventing unauthorized network traffic from entering or leaving a particular zone.
Firewalls should be configured to deny all traffic by default and explicitly allow those
connections that are authorized to enter or leave a zone. There are many different types of
firewalls, such as stateful inspection firewalls, application proxy firewalls and packet
filtering firewalls.
In the reference architecture, depicted in Figure 2, stateful inspection firewalls are
placed amongst the defined zones to ensure that:
Authorized traffic is able to cross between zones
Unauthorized traffic is denied, inbound and outbound
Authorized traffic is directed to specific systems within a zone
Additionally, a packet filtering firewall is placed at the network perimeter between the
Internet and the first border firewall. The purpose of this firewall is to stop the most basic
type of attacks and filter out noisy protocols, such as inbound ICMP, syslog, and SNMP.
Any traffic that gets past the perimeter packet filtering firewall will be further inspected
by the stateful inspection firewall.
Application proxy firewalls can be placed at the perimeter behind the packet
filtering firewall. These types of firewalls introduce latency that decreases network
performance and are not widely used in ICS networks.
Additional layer of security can be achieved by requiring the firewall to
authenticate users prior to accessing a zone. The firewall can be configured to forward
authentication requests to an external user database and grant access into the zone if the
user is authenticated.
19. Secure Architecture for Industrial Control Systems 1
8
Luciana Obregon, lucianaobregon@hotmail.com
Figure 6 – Firewall acting as authenticator- Login successful
Figure 7 – Firewall acting as authenticator – Login failed
Intrusion detection and prevention sensors should be strategically deployed across
the network and configured to detect those attacks that are most likely to succeed against
systems in the environment. The biggest problem with intrusion detection systems are
false positive alerts. When legitimate network traffic is identified as malicious or
anomalous a false positive alert is triggered. If an IDS is not tuned for the environment in
which it is installed it can generate hundreds of false positives and irrelevant alerts. This
can easily overwhelm the security analyst causing him/her to miss the real attacks.
In the reference architecture, depicted in Figure 2, IDSs are placed inside each
zone. The IDS detects inter-zone attacks (attacks amongst different zones) and intra-zone
attacks (attacks amongst systems within a zone). The zone IDS should be deployed as a
focused sensor; its signature set should be configure so that it only detects those attacks
20. Secure Architecture for Industrial Control Systems 1
9
Luciana Obregon, lucianaobregon@hotmail.com
that are relevant to the systems that are being monitored. For instance, if only Windows
systems are being monitored it would only be necessary to enable Windows-based
attacks.
In the architecture, depicted in Figure 2, an IPS is placed at the network
perimeter. The job of this IPS is to filter out any inbound malicious traffic that may have
gotten past the perimeter firewall. Additionally, this IPS detects malicious outbound
traffic such as C&C, and it can block outbound traffic from unauthorized applications,
such as P2P and anonymous proxy applications.
Figure 9 identifies the security patterns for the network security information
security domain.
21. Secure Architecture for Industrial Control Systems 2
0
Luciana Obregon, lucianaobregon@hotmail.com
Internet
Packet Filtering Firewall/Router
Level 5: Enterprise (DMZ)
VPN
Web Servers FTP/SFTP Servers
Level 4: Site Business Planning and Logistics
E-Mail Scheduling SystemsPrint Servers Inventory Systems
Level 5: Enterprise
Accounting systems Business Applications
Firewall
IT Services
(DNS, DHCP,
, etc)
DMZ
Firewall
Shared
Historian
FTP/SFTP Servers Patch/AV Servers Shared Application
Servers
Firewall
Level 3: Site Manufacturing Operations and Control
Plant Historian Production/
Scheduling
Systems
Engineering
Workstations
IT Services
(DNS, DHCP,
LDAP, etc)
File Servers
Level 2: Area Supervisory Control
Level 1: Basic Control
Level 0: Process
HMI
Control Room
Workstations Alarms/Alert Systems
Sensors Actuators Valves
PLC DCS RTU
Cell/Area Zone
Manufacturing Zone
Demilitarized Zone
Enterprise Zone
IDS
IDS
IDS
IDS
IPS
IDS
IDS
IDS
E-Mail Gateway
Log Collector SIEM
Monitoring Zone
Log Collector SIEM
Monitoring Zone
Remote Access
Servers
Firewall
Database Zone
User auth.
database
Intrusion prevention System
Packet filtering firewall
Stateful inspection firewall
Network zoning
Intrusion detection systems
Stateful inspection firewall
Network Zoning
IDS
Intrusion detection system
Intrusion detection systems Stateful inspection firewall
Network zoning
Intrusion detection system
IDS
Stateful inspection firewall
Network zoning
Intrusion detection system
IDS
Stateful inspection firewall
Network zoning
Intrusion detection system
Intrusion detection system
Network zoning
Stateful inspection firewall
Network zoning
Stateful inspection firewall
Intrusion detection systems
Figure 9 – Network Security Patterns for ICS
22. Secure Architecture for Industrial Control Systems 2
1
Luciana Obregon, lucianaobregon@hotmail.com
2.3.4. Remote Access
Access to the ICS environment should control by two-factor authentication
mechanisms. In the reference architecture, depicted in Figure 2, a VPN gateway is placed
in the Enterprise zone DMZ. Users attempting to gain access to the organization’s
network will first be required to establish an encrypted VPN tunnel to the organization’s
VPN gateway. The VPN gateway will authenticate the user by requiring a valid username
and password combination as well as a second form of authentication, usually a one-time
password (OTP) generated by a token device. The VPN gateway will act as the
authenticator forwarding the authentication requests to an external user database. If the
authentication is successful the user will be authorized to access a remote access server in
the DMZ between the enterprise and manufacturing zones. Authorization should follow
the principle of “least privilege.”
To gain further access into the ICS environment the user will be required to
connect to a remote access server located in the DMZ. The connection between the user
and the remote access server should be encrypted to prevent sending sensitive data in
clear-text. The user will then be required to provide a valid username and password as
well as a second form of authentication. If the user is successfully authenticated he/she
should only be authorized to access those systems in the ICS environment that are
required to perform a specific job function.
Figure 10 identifies the security patterns for the remote access information
security domain.
23. Secure Architecture for Industrial Control Systems 2
2
Luciana Obregon, lucianaobregon@hotmail.com
Figure 10 – Remote Access Security Patterns for ICS
3. Conclusion
This paper presents an overview of ICS and the components that make up an ICS
environment. This overview is not meant to be all encompassing; it is meant to provide
the reader with the necessary basic foundation and enough context to understand the
sections which follow.
The Purdue Model for Control Hierarchy is briefly discussed and defined as a
logical framework that organizations can use to understand how to build a secure ICS
environment. We present a reference architecture built using the Purdue Model as a
24. Secure Architecture for Industrial Control Systems 2
3
Luciana Obregon, lucianaobregon@hotmail.com
baseline, and modify it to include additional security zones and controls to show the
reader how to reduce common risks that organizations face.
Security patters are identified in four core information security domains: access
control, log management, network security and remote access. While there are many
more information security domains, such as host security, vulnerability management and
wireless security that apply to ICS environments, deploying appropriate security
measures around these four domains can greatly reduce an organization’s attack surface
while increasing its security posture.
It is important to point out that a rigorous risk assessment should be performed
prior to making architectural changes or introducing new systems into the environment
that could potentially negatively affect an organization’s security posture. The risk
assessment should identify the potential risks that interconnecting ICS and enterprise
networks can present to an organization.
Finally, information security requirements and controls should not negatively
affect the company’s ability to operate. Information security goals should always align to
the company’s strategic priorities and should create business value by protecting
confidentiality, integrity and availability of the company’s most critical assets and as a
result, reduce the overall risk exposure.
25. Secure Architecture for Industrial Control Systems 2
4
Luciana Obregon, lucianaobregon@hotmail.com
4. References
Baseline Security Requirements for Network Security Zones in the Government of
Canada (ITSG-22). Retrieved from https://www.cse-cst.gc.ca
Boyer, S. A. (2004). SCADA: Supervisory control and data acquisition. Research
Triangle Park, NC: ISA-The Instrumentation, Systems, and Automation Society.
Cisco and Rockwell Automation (2011). Converged Plantwide Ethernet (CPwE) Design
and Implementation Guide. Cisco Systems, Inc. (n.d.). Retrieved from
http://www.cisco.com/
Homeland Security (2009). Recommended Practice: Improving Industrial Control
Systems Cybersecurity with Defense-in-Depth Strategies.
Information Security Forum (2014). The Standard of Good Practice for Information
Security. Retrieved from http://isflive.org
ISA99 Committee (2004). Manufacturing and Control Systems Security Part 1: Models
and Terminology. Retrieved from http://isa99.isa.org/
Krutz, R. L. (2006). Securing SCADA systems. Indianapolis, IN: Wiley Pub.
NIST (2014). NIST Cybersecurity Framework Core: Informative Reference Standards.
ISA 62443-3-3:2-13.
Open Security Architecture. (n.d.). Retrieved from
http://www.opensecurityarchitecture.org/
Shaw, W. T. (2006). Cybersecurity for SCADA systems. Tulsa, OK: PennWell Corp.
Stouffer, K., Falco, J., & Kent, K. (2006). Guide to Supervisory Control and Data
Acquisition (SCADA) and Industrial Control Systems Security.
26. Secure Architecture for Industrial Control Systems 2
5
Luciana Obregon, lucianaobregon@hotmail.com
Stouffer, K., Falco, J., & Scarfone, K. (2011). Guide to and Industrial Control Systems
Security (ICS) Security. NIST special publication 800-82.
27. Last Updated: June 27th, 2018
Upcoming SANS TrainingClick Here for a full list of all Upcoming SANS Events by Location
SANS Cyber Defence Singapore 2018 Singapore, SG Jul 09, 2018 - Jul 14, 2018 Live Event
SANS Charlotte 2018 Charlotte, NCUS Jul 09, 2018 - Jul 14, 2018 Live Event
SANSFIRE 2018 Washington, DCUS Jul 14, 2018 - Jul 21, 2018 Live Event
SANS Cyber Defence Bangalore 2018 Bangalore, IN Jul 16, 2018 - Jul 28, 2018 Live Event
SANS Pen Test Berlin 2018 Berlin, DE Jul 23, 2018 - Jul 28, 2018 Live Event
SANS Riyadh July 2018 Riyadh, SA Jul 28, 2018 - Aug 02, 2018 Live Event
Security Operations Summit & Training 2018 New Orleans, LAUS Jul 30, 2018 - Aug 06, 2018 Live Event
SANS Pittsburgh 2018 Pittsburgh, PAUS Jul 30, 2018 - Aug 04, 2018 Live Event
SANS August Sydney 2018 Sydney, AU Aug 06, 2018 - Aug 25, 2018 Live Event
SANS Hyderabad 2018 Hyderabad, IN Aug 06, 2018 - Aug 11, 2018 Live Event
SANS San Antonio 2018 San Antonio, TXUS Aug 06, 2018 - Aug 11, 2018 Live Event
SANS Boston Summer 2018 Boston, MAUS Aug 06, 2018 - Aug 11, 2018 Live Event
Security Awareness Summit & Training 2018 Charleston, SCUS Aug 06, 2018 - Aug 15, 2018 Live Event
SANS New York City Summer 2018 New York City, NYUS Aug 13, 2018 - Aug 18, 2018 Live Event
SANS Northern Virginia- Alexandria 2018 Alexandria, VAUS Aug 13, 2018 - Aug 18, 2018 Live Event
SANS Virginia Beach 2018 Virginia Beach, VAUS Aug 20, 2018 - Aug 31, 2018 Live Event
SANS Krakow 2018 Krakow, PL Aug 20, 2018 - Aug 25, 2018 Live Event
Data Breach Summit & Training 2018 New York City, NYUS Aug 20, 2018 - Aug 27, 2018 Live Event
SANS Chicago 2018 Chicago, ILUS Aug 20, 2018 - Aug 25, 2018 Live Event
SANS Prague 2018 Prague, CZ Aug 20, 2018 - Aug 25, 2018 Live Event
SANS San Francisco Summer 2018 San Francisco, CAUS Aug 26, 2018 - Aug 31, 2018 Live Event
SANS Copenhagen August 2018 Copenhagen, DK Aug 27, 2018 - Sep 01, 2018 Live Event
SANS SEC504 @ Bangalore 2018 Bangalore, IN Aug 27, 2018 - Sep 01, 2018 Live Event
SANS Tokyo Autumn 2018 Tokyo, JP Sep 03, 2018 - Sep 15, 2018 Live Event
SANS Wellington 2018 Wellington, NZ Sep 03, 2018 - Sep 08, 2018 Live Event
SANS Amsterdam September 2018 Amsterdam, NL Sep 03, 2018 - Sep 08, 2018 Live Event
SANS Tampa-Clearwater 2018 Tampa, FLUS Sep 04, 2018 - Sep 09, 2018 Live Event
SANS MGT516 Beta One 2018 Arlington, VAUS Sep 04, 2018 - Sep 08, 2018 Live Event
Threat Hunting & Incident Response Summit & Training 2018 New Orleans, LAUS Sep 06, 2018 - Sep 13, 2018 Live Event
SANS Baltimore Fall 2018 Baltimore, MDUS Sep 08, 2018 - Sep 15, 2018 Live Event
SANS Alaska Summit & Training 2018 Anchorage, AKUS Sep 10, 2018 - Sep 15, 2018 Live Event
SANS Munich September 2018 Munich, DE Sep 16, 2018 - Sep 22, 2018 Live Event
SANS London July 2018 OnlineGB Jul 02, 2018 - Jul 07, 2018 Live Event
SANS OnDemand Books & MP3s OnlyUS Anytime Self Paced