Skip to main content

Search

Request Info Apply Now

Undergraduate Certificates
Begin or advance your cybersecurity career at any age with our hands-on certificate programs.
Bachelors Degree
Transfer your credits to SANS.edu and become one of the most job-ready candidates in cybersecurity.
Graduate Certificates
Gain job-specific skills in highly technical certificate programs designed for working professionals.
Master’s Degree
Take your InfoSec career to the highest levels—developing both hands-on technical skills and the ability to lead.
Single Courses
Start with a course, advance to a cybersecurity certificate or degree
All Academic Programs
Explore hands-on undergraduate and graduate programs for every stage of your cybersecurity career.

Featured Program

Hands typing on a laptop

Applied Cybersecurity Certificate (ACS)

Get Your Questions AnsweredJoin a free online info session to see which program is right for you.

Why SANS.edu?
How To Apply
Tuition & Funding

Join us for a free online info session to learn more.

Resources for Veterans

Learn how to get the most from your Veterans Education Benefits.

Women in Cybersecurity

Empowering women to thrive in cybersecurity.

Get Your Questions AnsweredJoin a free online info session to see which program is right for you.

Research Overview
Learn how SANS.edu research is strengthening the field of cybersecurity.
Cybersecurity Research Papers
Explore real-world solutions to pressing issues across AI, cloud security, digital forensics and more.
Internet Storm Center
Discover the world's largest global cyber threat detection network.

Featured Research

Research Review Journal Volume 5

Explore the latest research from SANS.edu graduate students—professionals on the front lines of cybersecurity—tackling today’s toughest threats across AI, cloud security, digital forensics, zero trust, malware detection, and more.

Download the Journal

Get Your Questions AnsweredJoin a free online info session to see which program is right for you.

About Us
Students
Alumni
- Alumni Resources Alumni Resources
- Alumni Outcomes Report Alumni Outcomes Report

Launch Your Cyber Career

Let SANS.edu guide you on a proven path to success.

Sentinels Referral Program

Get recognized for your impact on the SANS.edu community.

Get Your Questions AnsweredJoin a free online info session to see which program is right for you.

Search

Request Info Apply Now

Cyber Research Papers
/Mode Matters: Monitoring PLCs for Detecting Potential ICS/OT Incidents

Cyber Research Papers

Mode Matters: Monitoring PLCs for Detecting Potential ICS/OT Incidents

There is a blind spot regarding cyber security in many Industrial Control Systems (ICS)and Operational Technology (OT) networks that support the world around us -- in power plants for electricity, water treatment plants for safe drinking water, and railways for safe transportation.

SANS_Mode_Matters_Monitoring_PLCs_for_Detecting_Potential_ICS_OT_Incidents (PDF, 1.62MB)

28 Feb 2024

ByMichael Holcomb

Share

All papers are copyrighted

No re-posting of papers is permitted

Related Content

Code Modularity as a Heuristic for Malware Design

Malware targeting industrial control systems (ICS) and critical infrastructure often exhibits a modular architecture, using a central loader to execute interchangeable payload modules.

7 Nov 2025

Webs of Deception: Using the SANS ICS Kill Chain to Flip the Advantage to the Defender

Defending a small Industrial Control System (ICS) against sophisticated threats can seem futile. The...

14 Apr 2025

Industrial Control System Internal Network Security Monitoring with Open-Source Tools

Security vendors have made many advances in internal network security monitoring (INSM) in recent...

5 Dec 2024

False Data Injection Attacks Against Distribution Automation Systems

Utility companies increasingly rely on automated switching to provide their customers with a...

5 Dec 2024

Shedding Light on OT Anomalies: Parsing Proprietary OT Protocols with Zeek

Many traditional intrusion detection systems (IDS) may struggle with the unique devices and...

9 Oct 2024

SANS 2024 State of ICS/OT Cybersecurity

This white paper, SANS Certified Instructor Jason Christopher explores the growing trends in cyber...

9 Oct 2024
SANS Institute

Can Open-Source Tools Be Used to Safely Scan a Modern ICS Environment?

This research delves into the long-standing belief within the Operational Technology (OT) security...

27 Nov 2023

Private 5G, "Not as Private as You May Think"

Private 5G networks and the transition to Industry 4.0 are gaining traction as demand increases for...

10 Oct 2023

Implementing Scalable Security for Devices Without 802.1x Support

Enterprises often implement 802.1x to control access to wired and wireless networks by...

21 Dec 2022

Transparently Insecure Operational Technology: A Contextual Analysis

In cybersecurity, countering threats depends on an ability to see and respond to attacks. However,...

6 Jan 2022

You Cannot Defend What You Cannot See: Gaining Insight into Proprietary Protocols through Custom Parsers with Zeek

A vital component of any information security architecture is a network intrusion detection...

6 Jan 2022

Collection and Analysis of Serial-Based Traffic in Critical Infrastructure Control Systems

There is a blind spot the size of a 27-ton, 2.25-megawatt maritime diesel generator in the world's...

11 Feb 2021

Industrial Traffic Collection: Understanding the implications of Deploying visibility without impacting production

Due to the critical nature of industrial environments and the lifetime of deployed assets, many...

21 Sep 2020

Fashion Industry (Securely) 4.0ward

The fashion market segment is going through a significant technological upgrade. The need to meet...

9 Sep 2020

60870-5-104 protocol snort rule customization

OT Security emerges as a necessity due to its flat network implementation and criticality of systems...

10 Aug 2020

Vulnerabilities on the Wire: Mitigations for Insecure ICS Device Communication

Modbus TCP and other legacy ICS protocols ported over from serial communications are still widely...

12 Feb 2020
Michael Hoffman

Guarding the Modern Castle: Providing Visibility into the BACnet Protocol

Building automation devices are used to monitor and control HVAC, security, fire, lighting, and...

30 Oct 2019

Gaining Endpoint Log Visibility in ICS Environments

This paper examines WEF in the context of Windows ICS environments to determine if WEF is better suited for ICS environments than WMI pulling regarding bandwidth, security, and deployment considerations

11 Mar 2019
Michael Hoffman

Who's in the Zone? A Qualitative Proof-of-Concept for Improving Remote Access Least-Privilege in ICS-SCADA Environments

Remote access control in many ICS-SCADA environments is of limited effectiveness leading to...

4 Dec 2017

Man-In-The-Middle Attack Against Modbus TCP Illustrated with Wireshark

Though attacks on the industrial control system (ICS) and their protocols are not a new occurrence,...

20 Oct 2017

Cybersecurity is all we teach, and nobody does it better.

Research
Resources
Learn More

Privacy Policy
Terms and Conditions
Admissions
Do Not Sell/Share My Personal Information
Cookie Notice

© 2026 The Escal Institute of Advanced Technologies, Inc. d/b/a SANS Institute.

Our Terms and Conditions detail our trademark and copyright rights. Any unauthorized use is expressly prohibited.

SANS Institute
Internet Storm Center