Dragos Inc. “Crashoverride: Analyzing the threat to electric grid operations” Hanover, Maryland 2017
Symantec “Cyberespionage attacks against energy suppliers” Mountain View, California 2014
N. Nelson “The impact of dragonfly malware on industrial control systems” SANS Institute 2016
ICS-CERT “Ongoing sophisticated malware campaign compromising ICS” https://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-281-01B 2014
N. FalliereL. O. MurchuE. Chien “W32. stuxnet dossier” White paper, Symantec Corp., Security Response 5 2011
G. E. Cyberattacks “Night Dragon” McAfee Found-stone Professional Services and McAfee Labs 2011
Defense Use Case “Analysis of the cyber attack on the ukrainian power grid” Electricity Information Sharing and Analysis Center (E-ISAC) 2016
Accenture Security “Dealing with the threats posed by triton/trisis destructive malware” Industrial Control System Technical Report 2018
C. Wueest “Targeted attacks against the energy sector” Symantec Security Response Mountain View, CA 2014
A. HassanzadehS. ModiS. Mulchandani “Towards effective security control assignment in the industrial internet of things” in IEEE 2nd World Forum on Internet of Things (WF-IoT) IEEE 2015 795 800
A. Torres “Building a world-class security operations center: A roadmap” SANS Institute May 2015
Ponemon Institute “Challenges to achieving SIEM optimization” Ponemon Institute LLC 2017
E. M. HutchinsM. J. CloppertR. M. Amin “Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains” Leading Issues in Information Warfare & Security Research 1 no. 1 p. 80 2011
B. E. StromJ. A. BattagliaM. S. KemmererW. KupersaninD. P. MillerC. WamplerS. M. WhitleyR. D. Wolf “Finding cyber threats with ATT&CK-based analytics” Mitre 2017
Mandiant Intelligence Center “APT1: Exposing one of China’s cyber espionage units” Mandiant 2013
B. D. Bryant and H. Saiedian “A novel kill-chain framework for remote security log analysis with SIEM software” computers & security 67 198 210 2017
M. J. Assante and R. M. Lee “The industrial control system cyber kill chain” SANS Institute InfoSec Reading Room 1 2015
A. CookH. JanickeR. SmithL. Maglaras “The industrial control system cyber defence triage process” Computers & Security 70 467 481 2017
US-CERT “Russian government cyber activity targeting energy and other critical infrastructure sectors” https://www.us-cert.gov/ncas/alerts/TA18-074A 2018
L. Obregon “Secure architecture for industrial control systems” SANS Institute InfoSec Reading Room 2015
FireEye “M-trends 2016” http://www2.fireeye.com/M-Trends-2016.html 2016
Microsoft “What threats does ATA look for?” https://docs.microsoft.com/en-us/advanced-threatanalytics/ata-threats 2015
Sean Malone “Using an expanded cyber kill chain model to increase attack resiliency” Blackhat 2016
T. J. GrantH. VenterJ. H. Eloff “Simulating adversarial interactions between intruders and system administrators using OODA-RR” in Proceedings of the 2007 annual research conference of the South African institute of computer scientists and information technologists on IT research in developing countries ACM 2007 46 55
A. RegeZ. ObradovicN. AsadiB. SingerN. Masceri “A temporal assessment of cyber intrusion chains using multidisciplinary frameworks and methodologies” in International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) IEEE 2017 1 7
C. FengS. WuN. Liu “A user-centric machine learning framework for cyber security operations center” in Intelligence and Security Informatics (ISI), 2017 IEEE International Conference on IEEE 2017 173 175
S. McElweeJ. HeatonJ. FraleyJ. Cannady “Deep learning for prioritizing and responding to intrusion detection alerts” in Military Communications Conference (MILCOM), MILCOM 2017-2017 IEEE IEEE 2017 1 5