Publications Library
Repository of documents, listed by topic. (Some of the documents in this section require Adobe Acrobat Reader. You can download a free copy of the Reader by visiting Adobe.)
- VULNERABILITY REPORTS
- PERIODICAL ARTICLES
- ENERGY SECTOR ROADMAP AND ROADMAP IMPLEMENTATION
- DOE NSTB PROGRAM PLANNING AND RESOURCE DOCUMENTS
- PROJECT FACT SHEETS
- TRAINING MATERIALS AND RECOMMENDED PRACTICES
- ASSESSMENT AND TECHNICAL PUBLICATIONS
- FEDERAL GUIDANCE AND POLICY DOCUMENTS
- INL Common Vulnerabilities Report – 2008
- NERC Top 10 Vulnerabilities of Control Systems and Their Associated Mitigations – 2007
(NSTB researchers provide recommended mitigation strategies to NERC for this publication.) - NERC Top 10 Vulnerabilities of Control Systems and Their Associated Mitigations – 2006
[ Back to Top ]
PERIODICAL ARTICLES- The CIP Report article: "Faced with Cyber Threat, the Energy Sector Responds" – January 2009
- EnergyBiz article: "Strengthening Cyber Security" – December 2008
- Automation World article: "On the Road to Cyber Security" – June 2008
- Transmission and Distribution World article: "DOE Focuses on Cyber Security" – March 2007
[ Back to Top ]
ENERGY SECTOR ROADMAP AND ROADMAP IMPLEMENTATION- Roadmap to Achieve Energy Delivery Systems Cybersecurity – September 2011
- Roadmap to Acheive Energy Delivery Systems Cybersecurity Update Workshop Summaries – January 2011
- Presentation at ieRoadmap Workshop: Energy Roadmap Implementation & Working Group – May 28-29, 2008
- Roadmap to Secure Control Systems in the Energy Sector – January 2006
- Roadmap to Secure Control Systems in the Energy Sector: Executive Summary – January 2006
[ Back to Top ]
DOE NSTB PROGRAM PLANNING AND RESOURCE DOCUMENTS- Fact Sheet: DOE National SCADA Test Bed – September 2009
- DOE National SCADA Test Bed FY 2009 Work Plan – July 2009
- DOE National SCADA Test Bed Program Multi-Year Plan – January 2008
- Press Release: DOE OE Industry Projects – October 2007
[ Back to Top ]
PROJECT FACT SHEETS- Cyber Security Audit Fact Sheet - March 2010
- Hallmark Cryptographic Serial Communication – March 2010
- Lemnos Interoperable Security – March 2010
- Integrated Security System (ISS) – March 2010
- Detection and Analysis of Threats to the Energy Sector (DATES) – March 2010
- Trust Anchor Lifecycle Attack Protection – March 2010
- Open PCS Security Architecture for Interoperable Design (OPSAID) – June 2008
- Cyber Security Audit and Attack Detection Toolkit – May 2008
- Detection and Analysis of Threats to the Energy Sector (DATES) – May 2008
- Protecting Intelligent Distributed Power Grids Against Cyber Attacks – May 2008
- Hallmark Project – May 2008
- Lemnos Interoperable Security Program – May 2008
[ Back to Top ]
TRAINING MATERIALS AND RECOMMENDED PRACTICES- AMI System Security Requirements – December 2008
- Introduction to SCADA Security for Managers and Operators
- Intermediate SCADA Security Training Course Slides – September 2006
- Cyber Security Procurement Language for Control Systems – February 2008
- Securing Control System Modems – January 2008
- Hardening Guidelines for OPC Hosts – November 2007
- Securing ZigBee Wireless Networks in Process Control System Environments (Draft) – April 2007
- Securing WLANs Using 802.11i (Draft Recommended Practice) – February 2007
- Using Operational Security (OPSEC) to Support a Cyber Security Culture in Control Systems Environments (Draft) – February 2007
- Control Systems Cyber Security Defense in Depth Strategies – May 2006
- Mitigations for Security Vulnerabilities Found in Control System Networks – 2006
- Good Practice Guide on Firewall Deployment – February 2005
- Wireless System Considerations When Implementing NERC Critical Infrastructure Protection Standards – February 2009
[ Back to Top ]
ASSESSMENT AND TECHNICAL PUBLICATIONS- Vulnerability Analysis of Energy Delivery Control Systems – Septemeber 2011
- Lessons Learned from Cyber Security Assessments of SCADA and EMS – September 2006
- Mitigations for Security Vulnerabilities Found in Control System Networks – 2006
- Summary of Control System Security Standards Activities in the Energy Sector – October 2005
- Cyber Assessment Methods for SCADA Security – 2005
- 21 Steps to Improve Cyber Security of SCADA Networks
- Lemnos Security Core Function and Definition Report – May 2008
Sandia National Laboratories Reports for NSTB
- Control Systems Security Standards Accomplishments and Impacts – November 2007
- OPSAID Initial Design and Testing Report – November 2007
- Advanced Metering Infrastructure Security Considerations – November 2007
- Guide to Critical Infrastructure Protection Cyber Vulnerability Assessment – November 2007
- Categorizing Threat: Building and Using a Generic Threat Matrix – September 2007
- Threat Analysis Framework – September 2007
- Impacts of IPv6 on Infrastructure Control Systems – September 2007
- Security Metrics for Process Control Systems – September 2007
- Security Framework for Control System Data Classification and Protection – July 2007
- Secure ICCP Integration Considerations and Recommendations – June 2007
- Reference Model for Control and Automation Systems in Electrical Power – October 2005
- Framework for SCADA Security Policy – 2005
Pacific Northwest National Laboratory Reports for NSTB
- Secure SCADA Communication Protocol Performance Test Results – August 2007
- AGA-12, Part 2 Performance Test Results – August 2007
- Securing Wide Area Measurement Systems – June 2007
- Descriptive Model of Generic WAMS – June 2007
- AGA 12, Part 2 Performance Test Plan – November 2006
Idaho National Laboratory Reports for NSTB
- ABB SCADA/EMS System INEEL Baseline Summary Test Report – November 2004
[ Back to Top ]
FEDERAL GUIDANCE AND POLICY DOCUMENTS- NITRD Supplement to President's Budget – February 2010
- GAO Control System Security Challenges Remain – September 2007
- DOE Office of Science Report of Cyber Security Research Needs for Open Science – July 2007
- NIPP Energy Sector-Specific Plan (Public) – May 2007
- NIAC Convergence of Physical and Cyber Technologies Report – January 16, 2007
- GAO Coordination of Federal Cyber Security Research and Development – September 2006
- National Infrastructure Protection Plan – 2006
- GAO Challenges and Efforts to Secure Control Systems – March 2004
- Homeland Security Presidential Directive 7 – December 2003
- National Strategy to Secure Cyberspace – February 2003
[ Back to Top ]