International Journal of Cyber Warfare and Terrorism, 4(2), 1-22, April-June 2014 1 Copyright © 2014, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited. ABSTRACT Cyber-threats are one of the most signifcant problems faced by modern Industrial Control Systems (ICS), such as SCADA (Supervisory Control and Data Acquisition) systems, as the vulnerabilities of ICS technol- ogy become serious threats that can ultimately compromise human lives. This situation demands a domain- specifc approach to cyber threat detection within ICS, which is one of the most important contributions of the CockpitCI FP7 project (http://CockpitCI.eu). Specifcally, this paper will present the CockpitCI distributed Intrusion Detection System (IDS) for ICS, which provides its core cyber-detection and analysis capabilities, also including a description of its components, in terms of role, operation, integration, and remote manage- ment. Moreover, it will also introduce and describe new domain-specifc solutions for ICS security such as the SCADA Honeypot and the Shadow Security Unit, which are part of the CockcpitCI IDS framework. A Distributed IDS for Industrial Control Systems Tiago Cruz, University of Coimbra, Coimbra, Portugal Jorge Proença, University of Coimbra, Coimbra, Portugal Paulo Simões, University of Coimbra, Coimbra, Portugal Matthieu Aubigny, iTrust Consulting, Niederanven, Luxembourg Moussa Ouedraogo, Luxembourg Institute of Science and Technology, Kirchberg, Luxembourg Antonio Graziano, Selex ES, Roma, Italy Leandros Maglaras, University of Surrey, Guildford, UK Keywords: Critical Infrastructure Protection, ICS Security, Information Management, Information Operations, Perception Management INTRODUCTION SCADA (Supervisory Control and Data Acqui- sition) is the commonly designation which is used to refer a set of technologies, protocols, and platforms used in Industrial Control Sys- tems (ICS). Such systems are used in several scenarios, such as production line automation for controlling nuclear or thermoelectric plants, for distribution grids, and for many other ap- plications. DOI: 10.4018/ijcwt.2014040101