Smoky D. Bear, Canada

IT and OT.

Not as different as people think and getting closer every day.

ICS Risk Assessment

Slides from SANS DFIR Pipeline Forensics talk

For Robert

Yes, this is a very sparse web site. Don't expect changes very often.

Resources

Standards

CSA Z246.1:21 | Product | CSA Group - Security management for petroleum and natural gas industry systems

N290.7-14 (R2021) | Product | CSA Group - Cyber security for nuclear power plants and small reactor facilities

 

Frameworks

Cybersecurity Framework | NIST

CIS Critical Security Controls Version 8.1

Essential Eight | Cyber.gov.au

 

Policy Templates

Information Security Policy Templates | SANS Institute

 

Risk Assessment

Microsoft Word - 2007-HTRAM-Eng-Word2002-classroom-1023.doc - RCMPs Harmopnized Threat Risk Assesment (HTRA)

Course category : ASTRA - Threat Risk Assessment - Cyber Centre Learning Hub

Downloading and Installing CSET | CISA

From Zero to GRC in Minutes with SimpleRisk

Resources - Cyverity

Cybersecurity Risk Foundation | Home

Binary Risk Analysis

Posters and Cheat Sheets

Cyber Security Posters | SANS Institute

 

Digital Forensics and Incident Response (DFIR)

Improving Industrial Cybersecurity | ICS4ICS Program by ISAGCA - Also works very well for IT shops!

SIFT Workstation | SANS Institute

Drag Your Adolescent Incident-Response Program Into Adulthood - Dark Reading

CrowdStrike Services Releases Free Incident Response Tracker

Forensics - Start.me

Incident response planning: When to call in the lawyers

Make a Passive Network Tap : 7 Steps - Instructables

Google Cloud Blog
Public Incident Response Ressources / Public Playbooks · GitLab

 

Training

Free & Affordable Training - DFIR Diva

ICS Cybersecurity Training - Idaho National Laboratory

Education and community - Canadian Centre for Cyber Security

 

Communuications and Report Writing

4 Tips for a Strong Executive Summary of a Security Assessment Report

 

ICS

PLC: Towards Viable Cyber Extortion for Operational Technology

Control Loop: The OT Cybersecurity Podcast

Conpot

ControlThings.io - Platform

GitHub - wavestone-cdt/dyode: A low-cost, DIY data diode for ICS

Home - ICSSTRIVE

ModbusPal - Java MODBUS simulator

Autonomy – Open-source PLC Software

SCADA Hacking: The Most Important SCADA/ICS Attacks in History
infracritical

Techniques - ICS | MITRE ATT&CK®

 

Interesting People and Things

Caffeinated Risk

Mick Douglas 🇺🇦🌻 (@bettersafetynet) / X

Jake Williams (@MalwareJake) / X

Schneier on Security - Bruce Schneier

Father of modern-day password regrets original guidance - CBS News

Your Free URL Unshortener Tool | Check Short URL

D3FEND Matrix | MITRE D3FEND™

GitHub - decalage2/awesome-security-hardening: A collection of awesome security hardening guides, tools and other resources

Proactive Preparation and Hardening to Protect Against Destructive Attacks | Blog | Mandiant |

Ransom.Wiki - Check if your company or partner is in a ransom attack breach

What2Log - Home