Skip to main content

Search

Request Info Apply Now

Undergraduate Certificates
Begin or advance your cybersecurity career at any age with our hands-on certificate programs.
Bachelors Degree
Transfer your credits to SANS.edu and become one of the most job-ready candidates in cybersecurity.
Graduate Certificates
Gain job-specific skills in highly technical certificate programs designed for working professionals.
Master’s Degree
Take your InfoSec career to the highest levels—developing both hands-on technical skills and the ability to lead.
Single Courses
Start with a course, advance to a cybersecurity certificate or degree
All Academic Programs
Explore hands-on undergraduate and graduate programs for every stage of your cybersecurity career.

Featured Program

Hands typing on a laptop

Applied Cybersecurity Certificate (ACS)

Get Your Questions AnsweredJoin a free online info session to see which program is right for you.

Why SANS.edu?
How To Apply
Tuition & Funding

Join us for a free online info session to learn more.

Resources for Veterans

Learn how to get the most from your Veterans Education Benefits.

Women in Cybersecurity

Empowering women to thrive in cybersecurity.

Get Your Questions AnsweredJoin a free online info session to see which program is right for you.

Research Overview
Learn how SANS.edu research is strengthening the field of cybersecurity.
Cybersecurity Research Papers
Explore real-world solutions to pressing issues across AI, cloud security, digital forensics and more.
Internet Storm Center
Discover the world's largest global cyber threat detection network.

Featured Research

Research Review Journal Volume 5

Explore the latest research from SANS.edu graduate students—professionals on the front lines of cybersecurity—tackling today’s toughest threats across AI, cloud security, digital forensics, zero trust, malware detection, and more.

Download the Journal

Get Your Questions AnsweredJoin a free online info session to see which program is right for you.

About Us
Students
Alumni
- Alumni Resources Alumni Resources
- Alumni Outcomes Report Alumni Outcomes Report

Launch Your Cyber Career

Let SANS.edu guide you on a proven path to success.

Sentinels Referral Program

Get recognized for your impact on the SANS.edu community.

Get Your Questions AnsweredJoin a free online info session to see which program is right for you.

Search

Request Info Apply Now

Cyber Research Papers
/SANS 2024 State of ICS/OT Cybersecurity

Cyber Research Papers

SANS 2024 State of ICS/OT Cybersecurity

This white paper, SANS Certified Instructor Jason Christopher explores the growing trends in cyber threats, vulnerabilities, and risks across industrial environments, including actionable recommendations for how organizations can improve their security posture.

SANS-Survey-2024-ICS-OT-Cybersecurity-edit (PDF, 2.31MB)

9 Oct 2024

BySANS Institute

Share

All papers are copyrighted

No re-posting of papers is permitted

Related Content

Sanitized in the Source: Removing Embedded Objects from PLC Projects with CDR

This research seeks to outline a methodology to sanitize supported PLC project files for security while also confirming their operational reliability.

16 Apr 2026

ICS Asset Inventory: Passive, or Active? Siemens S7-1200 PLCs

This research builds on previous research to determine what information can and cannot be gleaned solely from passive traffic analysis, specifically for a Siemens S7-1200 PLC.

12 Mar 2026

Protecting OT’s Inherent Front-End Vulnerabilities: Legacy SQL Dependencies in Building Automation Systems Through the Lens of the SANS ICS Five Critical Controls

This research presents a practical method for building a Software Bill of Materials (SBOM) for BAS front ends, augmenting it with Shodan exposure analysis, classifying it in a risk heat map, and mitigating using the SANS ICS Five Controls, with an emphasis on Risk-Based Vulnerability Management and Defensible Architecture.

9 Feb 2026

Code Modularity as a Heuristic for Malware Design

Malware targeting industrial control systems (ICS) and critical infrastructure often exhibits a modular architecture, using a central loader to execute interchangeable payload modules.

7 Nov 2025

Structural Vulnerability: Autodesk Revit Server WAN Exposure Versus Cost of Autodesk Construction Cloud

Autodesk Revit Server, a critical collaboration tool in the architecture, engineering, and construction (AEC) industry, was designed to operate within trusted networks.

7 Nov 2025

Privacy Protections: Are Stronger Laws Changing What We Reveal?

As U.S. states enact privacy laws aimed at giving consumers more control over their personal data, little is known about whether privacy legislation influences individuals’ willingness to disclose their identity on public platforms.

26 Sep 2025

Forensic Investigation of Bluetooth-Based Credit Card Skimmers

Hidden Bluetooth Low Energy (BLE) credit skimmers are a growing threat to credit card fraud. Criminals can set up practical and inexpensive systems built on top of modules, such as the HM-19, to collect and transmit stolen data covertly across wireless channels.

3 Sep 2025

A Pebble In the Ocean: Maximizing Log Fidelity In Container Environments

Log fidelity is crucial for Incident Response Teams to investigate and contain cyber incidents but...

17 Apr 2025

Webs of Deception: Using the SANS ICS Kill Chain to Flip the Advantage to the Defender

Defending a small Industrial Control System (ICS) against sophisticated threats can seem futile. The...

14 Apr 2025

Unveiling the Dependency on Network Telemetry: Optimizing Lateral Movement Detection

This study investigates the dependency on network and endpoint telemetry for identifying lateral...

17 Jan 2025

Beyond Detection: Using Real Phishing Data to Gauge Security Training Program Success

Identification of phishing emails can be cumbersome, accomplished by rule-based filters, machine...

7 Jan 2025

Revolutionizing Enterprise Security: The Exciting Future of Passkeys Beyond Passwords

As digital threats grow increasingly sophisticated, traditional password-based authentication...

23 Dec 2024
Rich Greene

Protecting the Poor: A Deep Dive into EBT Skimming and Solutions to Combat It

Electronic Benefits Transfer (EBT) cards provide individuals receiving government assistance for...

23 Dec 2024

Industrial Control System Internal Network Security Monitoring with Open-Source Tools

Security vendors have made many advances in internal network security monitoring (INSM) in recent...

5 Dec 2024

The Open-Source Trap: Unraveling Open-Source Threats in the Software Supply Chain

The risk to the software supply chain is increasingly clear, as breaches like SolarWinds, Equifax,...

5 Dec 2024

False Data Injection Attacks Against Distribution Automation Systems

Utility companies increasingly rely on automated switching to provide their customers with a...

5 Dec 2024

Hook, Line, and Sinker: The Best Free Tools to Catch Phishing

Phishing has become a widespread threat that organizations and IT security teams face daily. As...

5 Dec 2024

Shedding Light on OT Anomalies: Parsing Proprietary OT Protocols with Zeek

Many traditional intrusion detection systems (IDS) may struggle with the unique devices and...

9 Oct 2024

Mode Matters: Monitoring PLCs for Detecting Potential ICS/OT Incidents

There is a blind spot regarding cyber security in many Industrial Control Systems (ICS)and...

28 Feb 2024

Shining a Light on AI: Ensuring Vendor Transparency in Data Sourcing and Delivery

Amidst the proliferation of AI solutions, the focus lies in evaluating transparency, undisclosed...

29 Jan 2024

Cybersecurity is all we teach, and nobody does it better.

Research
Resources
Learn More

Privacy Policy
Terms and Conditions
Admissions
Do Not Sell/Share My Personal Information
Cookie Notice

© 2026 The Escal Institute of Advanced Technologies, Inc. d/b/a SANS Institute.

Our Terms and Conditions detail our trademark and copyright rights. Any unauthorized use is expressly prohibited.

SANS Institute
Internet Storm Center