Dragos Whitepapers

Read the latest ICS research and reports from the Dragos Team


Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE

Reviewing previously unavailable data covering log, forensics, and various incident data, this paper will outline the CRASHOVERIDE attack in its entirety, from breach of the ICS network through delivery and execution of ICS-specific payloads.

Joe Slowik - October 10, 2018

The Four Types of Threat Detection With Case-Studies in Industrial Control Systems (ICS)

There is a considerable amount of market confusion around the types of threat detection, how they are derived, and the uses for each. The purpose of this paper is to address those challenges by identifying the four types of threat detection and offering sample use-cases focused on industrial control system (ICS) and industrial internet of things (IIoT) environments.

Sergio Caltagirone and Robert M. Lee - July 31, 2018

Hunting with Rigor: Quantifying the Breadth, Depth and Threat Intelligence Coverage of a Threat Hunt in Industrial Control System Environments
The popularity of threat hunting as a form of proactive and reactive security has grown over the past few years. Threat hunting "is a focused and iterative approach to searching out, identifying and understanding adversaries that have entered the defender’s networks."

Dan Gunter - July 06, 2018

Senate Testimony: The Industrial Cyber Threat Landscape
Given my experience in the military and intelligence community, training the world’s defenders, and leading the world’s best against the world’s worst, I would like to make three points today that are most relevant for this committee.

Robert M. Lee - March 01, 2018

Solving a Brew Mystery: Digital Forensics With the Dragos Platform and OSIsoft PI System

This paper presents a modern challenge of defending an industrial system, using situational awareness to detect and understand if an attack exists against the environment.

Dragos Inc. & OSIsoft - April 24, 2018

Industrial Control Threat Intelligence

Modern network and asset defense require far greater visibility into the industrial control system threat landscape than in years past.

Dragos, Inc - January 09, 2018

Analyzing TRISIS

TRISIS is malware that was developed and deployed to at least one victim in the Middle East to target safety instrumented systems (SIS).

Robert M. Lee - December 14, 2017

CRASHOVERRIDE

CRASHOVERRIDE is a malware framework that has not been disclosed before today but is the capability used in the cyber-attack on the Ukraine electric grid in 2016 (not the 2015 attack).

Robert M. Lee - June 12, 2017

Insight into ICS SOC (pdf)

As industrial control systems (ICS) become more interconnected with each other and homogenous, there needs to be sufficient compensating controls put into place to ensure the safety and reliability of the operations.

Robert M. Lee - March 21, 2017

Contact Us

Industrial Control Systems

info@dragos.com