Martem RTU Vulnerability Analysis
ENCS’s opinion on the recent Martem TELEM-GW6/GWM vulnerability and its impact on the DSOs
OT Security Monitoring Requirements
Requirements for procuring security monitoring products and services
OT Security Sensors Market Survey
Specialized market survey for network sensors designed for Operational Technology (OT) systems
Risk-based use cases for OT security monitoring
A catalogue of monitoring use cases for OT systems linked to threats.
This document proposes a risk-based approach to OT security monitoring. Use are presented to detect different stages of an attack:
- Vulnerability management use cases find and fix vulnerabilities before attackers can exploit them
- Misuse detection use cases look for signs of the exploits.
- Access monitoring use cases look for unauthorized access by attackers once they have gained valid access.
- Reviewing access logs use cases look for unauthorized steps taken by attackers once they have accessed a system.
Each of the use cases is linked to the threats it can detect. In this way, grid operators can select the most effective use cases based on a risk assessment. Use cases can be chosen to mitigate the highest risks and complement preventive measures.
Organizing OT Security Operations Best Practices
Best practices for organizing a security operations team for Operational Technology (OT) systems
This document gathers best practices on organizing a security operations team from different ENCS members. The security operations team is the team responsible for:
- vulnerability management,
- intrusion detection and security monitoring,
- and incident analysis and response.
The document gives advice on the mission and capabilities of the team, its place in the organization, and the possibilities for outsourcing.
Crashoverride / Industroyer Analysis
Analysis of the Industroyer / Crashoverride malware, the first malware targeted at grid operators.