Protecting OT’s Inherent Front-End Vulnerabilities: Legacy SQL Dependencies in Building Automation Systems Through the Lens of the SANS ICS Five Critical Controls
This research presents a practical method for building a Software Bill of Materials (SBOM) for BAS front ends, augmenting it with Shodan exposure analysis, classifying it in a risk heat map, and mitigating using the SANS ICS Five Controls, with an emphasis on Risk-Based Vulnerability Management and Defensible Architecture.
SANS-Protecting-OTs-Inherent-Front-End-Vulnerabilities-020926 (PDF, 0.73MB)
9 Feb 2026Related Content
Sanitized in the Source: Removing Embedded Objects from PLC Projects with CDR
Research PaperThis research seeks to outline a methodology to sanitize supported PLC project files for security while also confirming their operational reliability.
- 16 Apr 2026
ICS Asset Inventory: Passive, or Active? Siemens S7-1200 PLCs
Research PaperThis research builds on previous research to determine what information can and cannot be gleaned solely from passive traffic analysis, specifically for a Siemens S7-1200 PLC.
- 12 Mar 2026
Inside the Five Most Dangerous New Attack Techniques
Research PaperThis e-book represents the next evolution of that effort. Here, we take the five key topics presented from the keynote stage and expand them into four full-length chapters.
- 8 Dec 2025
- Heather Barnhart, Rob T. Lee, Joshua Wright, Tim Conway
Code Modularity as a Heuristic for Malware Design
Research PaperMalware targeting industrial control systems (ICS) and critical infrastructure often exhibits a modular architecture, using a central loader to execute interchangeable payload modules.
- 7 Nov 2025
Webs of Deception: Using the SANS ICS Kill Chain to Flip the Advantage to the Defender
Research PaperDefending a small Industrial Control System (ICS) against sophisticated threats can seem futile. The...
- 14 Apr 2025
Industrial Control System Internal Network Security Monitoring with Open-Source Tools
Research PaperSecurity vendors have made many advances in internal network security monitoring (INSM) in recent...
- 5 Dec 2024
False Data Injection Attacks Against Distribution Automation Systems
Research PaperUtility companies increasingly rely on automated switching to provide their customers with a...
- 5 Dec 2024
Shedding Light on OT Anomalies: Parsing Proprietary OT Protocols with Zeek
Research PaperMany traditional intrusion detection systems (IDS) may struggle with the unique devices and...
- 9 Oct 2024
SANS 2024 State of ICS/OT Cybersecurity
Research PaperThis white paper, SANS Certified Instructor Jason Christopher explores the growing trends in cyber...
- 9 Oct 2024
- SANS Institute
Mode Matters: Monitoring PLCs for Detecting Potential ICS/OT Incidents
Research PaperThere is a blind spot regarding cyber security in many Industrial Control Systems (ICS)and...
- 28 Feb 2024
Can Open-Source Tools Be Used to Safely Scan a Modern ICS Environment?
Research PaperThis research delves into the long-standing belief within the Operational Technology (OT) security...
- 27 Nov 2023
Private 5G, "Not as Private as You May Think"
Research PaperPrivate 5G networks and the transition to Industry 4.0 are gaining traction as demand increases for...
- 10 Oct 2023
Implementing Scalable Security for Devices Without 802.1x Support
Research PaperEnterprises often implement 802.1x to control access to wired and wireless networks by...
- 21 Dec 2022
Transparently Insecure Operational Technology: A Contextual Analysis
Research PaperIn cybersecurity, countering threats depends on an ability to see and respond to attacks. However,...
- 6 Jan 2022
You Cannot Defend What You Cannot See: Gaining Insight into Proprietary Protocols through Custom Parsers with Zeek
Research PaperA vital component of any information security architecture is a network intrusion detection...
- 6 Jan 2022
Collection and Analysis of Serial-Based Traffic in Critical Infrastructure Control Systems
Research PaperThere is a blind spot the size of a 27-ton, 2.25-megawatt maritime diesel generator in the world's...
- 11 Feb 2021
Industrial Traffic Collection: Understanding the implications of Deploying visibility without impacting production
Research PaperDue to the critical nature of industrial environments and the lifetime of deployed assets, many...
- 21 Sep 2020
Fashion Industry (Securely) 4.0ward
Research PaperThe fashion market segment is going through a significant technological upgrade. The need to meet...
- 9 Sep 2020
60870-5-104 protocol snort rule customization
Research PaperOT Security emerges as a necessity due to its flat network implementation and criticality of systems...
- 10 Aug 2020
Vulnerabilities on the Wire: Mitigations for Insecure ICS Device Communication
Research PaperModbus TCP and other legacy ICS protocols ported over from serial communications are still widely...
- 12 Feb 2020
- Michael Hoffman