A list of references, resources, and other items of interest for Industrial Control System (ICS) cybersecurity.

General ICS Resources

• A Collection of Resources for Getting Started in ICS/SCADA Cybersecuritty – Robert M. Lee
• Understanding Industrial Control Systems Security Basics
• NIST 800-82 Guide tto Industrial Control Systems Security
• Cyber-security in Industrial Control Systems
• Purdue Enterprise Reference Architecture
• SCADAhacker

Glossary and Terms

• Industrial Control System (ICS)
• Programmable Logic Controller (PLC)
• Human Machine Interface (HMI)
• Data Historian
• Engineering Workstation
• Remote Terminal Unit (RTU)
• Supervisory Control and Data Acquisition (SCADA)
  • TeePublic SCADA shirt from BinaryBrewWorks
• Distributed Control System (DCS)
• Safety Instrumented System (SIS)

ICS-Related Threat Intelligence

• The Industriral Control System Cyber Kill Chain
• MITRE ICS ATT&CK
• Evolution of ICS Attacks and the Prospects for Future Disruptive Events
• Stuxnet to CRASHOVERRIDE to TRISIS: Evaluating the History and Future of Integrity-Based Attacks on Industrial Environments
• Crouching Yeti (Energetic Bear) Malware
• Energetic Bear – Crouching Yeti
• ICS Focused Malware (Havex)
• The Baffling Berserk Bear
• Exorcising the Ghost in the Machine: Debunking Myths Around Supply Chain Intrusions
• Pre-OT Intrusions
  • LookBack Malware Targets the United States Utility Sector with Phishing Attacks Impersonating Engineering Licensing Boards
  • LookBack Forges Ahead: Continued Targeting of the United States’ Utilities Sector Reveals Additional Adversary TTPs
  • PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors
  • Volt Typhoon
    • Volt Typhoon targets US critical infrastructure with living-off-the-land techniques
    • PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure
    • Determining Volt Typhoon Next Steps & Defensive Responses
    • Chinese Cyberespionage Group BRONZE SILHOUETTE Targets U.S. Government and Defense Organizations
• Electric Sector Events
  • Analysis of the Cyber Attack on the Ukrainian Power Grid
  • WIN32/INDUSTROYER: A New Threat for Industrial Control Systems
  • CRASHOVERRIDE: Reassessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack
  • Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors
  • Industroyer2: Industroyer reloaded
  • Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology
  • Inside a New OT/IoT Cyberweapon: IOCONTROL
  • December 2025 Attempted Disruption in Poland
• Oil & Gas Events
  • Attackers Deploy New ICS Attack Framework “TRITON” and Casue Operational Disruption to Critical Infrastructure
  • TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping
  • TRISIS Malware
  • Analyzing the TRITON Industrial Malware
  • Zeroing in on XENOTIME: Analysis of the Entities Responsible for the Triton Event
  • Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
• Manufacturing Events
  • W32.Stuxnet Dossier
  • To Kill a Centrifuge
  • EKANS Ransomware and ICS Operations
  • Spyware, Stealer, Locker, Wiper: LockerGoga Revisited
• Other Events
  • INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems
  • PIPEDREAM: CHERNOVITE’s Emerging Malware Targeting Industrial Control Systems
  • IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
  • Impact of FrostyGoop ICS Malware on Connected OT Systems
  • AI in the Breach: How an Adversary Leveraged AI to Target a Water Utility’s OT