Additional resources can be found at the following links:
- Introduction to Recommended Practices: https://ics-cert.us-cert.gov/Introduction-Recommended-Practices
- Cyber Threats: https://ics-cert.us-cert.gov/content/cyber-threat-source-descriptions
- Control System Vulnerabilities and Attack Paths: https://ics-cert.us-cert.gov/content/overview-cyber-vulnerabilities
- Secure Architecture Design: https://ics-cert.us-cert.gov/Secure-Architecture-Design
- Updating Antivirus Software in an Industrial Control System: https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/Recommended%20Practice%20Updating%20Antivirus%20in%20an%20Industrial%20Control%20System_S508C.pdf
- Improving Industrial Control Systems' Cybersecurity with Defence-in-Depth Strategies: https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
- Creating Cyber Forensics Plans for Control Systems: https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/Forensics_RP.pdf
- Developing an Industrial Control Systems' Cybersecurity Incident-response Plan: https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/final-RP_ics_cybersecurity_incident_response_100609.pdf
- Patch Management for Control Systems: https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/RP_Patch_Management_S508C.pdf
- Securing Control-system Modems: https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/RP_SecuringModems_S508C.pdf
- Remote Access for Industrial Control Systems: https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/RP_Managing_Remote_Access_S508NC.pdf
- Cybersecurity Procurement Language Guidance: https://ics-cert.us-cert.gov/sites/default/files/documents/Procurement_Language_Rev4_100809_S508C.pdf
- Mitigations for Vulnerabilities in Control System Networks: https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/MitigationsForVulnerabilitiesCSNetsISA_S508C.pdf
- Undirected Attacks Against Critical Infrastructure: Case Study for Improving ICS Security: https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/CaseStudy-002.pdf
- Backdoors and Holes in Network Perimeters: Case Study for Improving ICS Security: https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/CSSC-CaseStudy-001_S508C.pdf
- Understanding OPC and How it is Deployed: https://www.tofinosecurity.com/professional/opc-security-white-paper-1-understanding-opc-and-how-it-deployed
- OPC Exposed: https://www.tofinosecurity.com/professional/opc-security-white-paper-2-opc-exposed
- Guidelines for Hardening OPC Hosts: https://www.tofinosecurity.com/professional/opc-security-white-paper-3-hardening-guidelines-opc-hosts
- Security Implications of OPC, OLE, DCOM, and RPC in Control Systems: https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/Security%20Implications%20for%20OPC-OLE-DCOM-RPC%20in%20ICS_S508C.pdf