Having full access to the IT network and having taken control of a computer that has a network interface card for both the IT as well as the OT network, the Slumbertown Mill attacker can now start phase 2 of the ICS attack. This is the part where the real objective of the attack is accomplished. Were this a more commonplace drive-by attack or a mass email malware campaign, phase 2 would most likely not have been the objective. The fact that the attacker spent time targeting one specific victim and prepared the attack meticulously shows the skillset and the motivation of the attacker. Their objective wasn't to grab credit cards or personal information databases. Using the MES client PC as a pivot point and finding a way into the ICS network, the attacker clearly shows that their intentions are to somehow disrupt control system functionality or steal some sort of valuable information, such as a proprietary recipe or custom build control program...
Industrial Cybersecurity
By :
Industrial Cybersecurity
By:
Overview of this book
With industries expanding, cyber attacks have increased significantly. Understanding your control system’s vulnerabilities and learning techniques to defend critical infrastructure systems from cyber threats is increasingly important. With the help of real-world use cases, this book will teach you the methodologies and security measures necessary to protect critical infrastructure systems and will get you up to speed with identifying unique challenges.Industrial cybersecurity begins by introducing Industrial Control System (ICS) technology, including ICS architectures, communication media, and protocols. This is followed by a presentation on ICS (in) security. After presenting an ICS-related attack scenario, securing of the ICS is discussed, including topics such as network segmentation, defense-in-depth strategies, and protective solutions. Along with practical examples for protecting industrial control systems, this book details security assessments, risk management, and security program development. It also covers essential cybersecurity aspects, such as threat detection and access management. Topics related to endpoint hardening such as monitoring, updating, and anti-malware implementations are also discussed.
Related Content you might be interested in
Current Title:
Industrial Cybersecurity
Table of Contents (19 chapters)
Title Page
Credits
About the Author
About the Reviewers
www.PacktPub.com
Customer Feedback
Preface
Free Chapter
Industrial Control Systems
Insecure by Inheritance
Anatomy of an ICS Attack Scenario
Industrial Control System Risk Assessment
The Purdue Model and a Converged Plantwide Ethernet
The Defense-in-depth Model
Physical ICS Security
ICS Network Security
ICS Computer Security
ICS Application Security
ICS Device Security
The ICS Cybersecurity Program Development Process
Customer Reviews