Discover industrial security tips and learn about the latest news and developments in the industrial cybersecurity world.

Industrial Control Threat Intelligence

Modern network and asset defense require far greater visibility into the industrial control system threat landscape than in years past.

Dragos, Inc - January 09, 2018

Analyzing TRISIS

TRISIS is malware that was developed and deployed to at least one victim in the Middle East to target safety instrumented systems (SIS).

Robert M. Lee - December 14, 2017

Threat Hunting With Python Part 2

This week we will move away from hard-coded indicators and begin to look at behavioral indicators. Behavioral indicators allow identification of scanning in an environment beyond just that of Nmap.

Dan Gunter - Nov 28, 2017

Threat Hunting With Python Part 1

Over the next few weeks, we will look at basic analytic approaches that can be taken to examine some of the most common protocols found on typical networks. This week we will get started with basic HTTP analysis using Python and Jupyter notebooks.

Dan Gunter - Nov 20, 2017

Threat Hunting Part 2: Hunting on ICS Networks

In this edition of the Dragos Threat Hunting on ICS network series, we will compare threat hunting on industrial networks with concepts from the wider threat hunting community. We will also look at how the unique characteristics of industrial networks can be used to an advantage as network defense professionals

Dan Gunter - October 3, 2017

Threat Hunting Part 1: Improving Through Hunting

This post is a first in series that will describe hunting, discuss best practices and explain our approach and lessons. Because hunting in industrial infrastructure is important to all of us and with focus and effort we can accomplish it.

Ben Miller - August 31, 2017

Stop Breaches, Safeguard Civilization

Today Crowdstrike and Dragos issued a joint press release to finally announce the partnership we’ve developed over the course of the last year.

Ben Miller - July 19, 2017


This webcast explores what is known and not known about the CRASHOVERRIDE framework and how it affects our understanding of how grid operations can be impacted.

Dan Gunter, Ben Miller, Joe Slowik - June 19, 2017


CRASHOVERRIDE is a malware framework that has not been disclosed before today but is the capability used in the cyber-attack on the Ukraine electric grid in 2016 (not the 2015 attack).

Robert M. Lee - June 12, 2017

Project MIMICS - Stage One

What can the community learn in terms of realistic metrics and data points around malware in modern industrial control systems (MIMICS) from completely public datasets? That’s what project MIMICS sets out to do.

Robert M. Lee - April 2, 2017

Insight into ICS SOC (pdf)

As industrial control systems (ICS) become more interconnected with each other and homogenous, there needs to be sufficient compensating controls put into place to ensure the safety and reliability of the operations.

Robert M. Lee - March 21, 2017