Book Image

Industrial Cybersecurity

By : Pascal Ackerman
Book Image

Industrial Cybersecurity

By: Pascal Ackerman

Overview of this book

With industries expanding, cyber attacks have increased significantly. Understanding your control system’s vulnerabilities and learning techniques to defend critical infrastructure systems from cyber threats is increasingly important. With the help of real-world use cases, this book will teach you the methodologies and security measures necessary to protect critical infrastructure systems and will get you up to speed with identifying unique challenges.Industrial cybersecurity begins by introducing Industrial Control System (ICS) technology, including ICS architectures, communication media, and protocols. This is followed by a presentation on ICS (in) security. After presenting an ICS-related attack scenario, securing of the ICS is discussed, including topics such as network segmentation, defense-in-depth strategies, and protective solutions. Along with practical examples for protecting industrial control systems, this book details security assessments, risk management, and security program development. It also covers essential cybersecurity aspects, such as threat detection and access management. Topics related to endpoint hardening such as monitoring, updating, and anti-malware implementations are also discussed.

Related Content you might be interested in

Current Title:

Small book image
Industrial Cybersecurity
Pascal Ackerman
Oct, 2017 | 456 pages
Small book image
Industrial Cybersecurity
Pascal Ackerman
Oct, 2021 | 800 pages
Small book image
Metasploit Penetration Testing Cookbook
Monika Agarwal | Abhinav Singh | Nipun Jaswal | Daniel Teixeira
Feb, 2018 | 426 pages
Small book image
Pentesting Industrial Control Systems
Paul Smith
Dec, 2021 | 450 pages
Table of Contents (19 chapters)
Title Page
Title Page
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Customer Feedback
Customer Feedback
Preface
Preface
Free Chapter
1
Industrial Control Systems
Industrial Control Systems
An overview of an Industrial control system
The Industrial control system architecture
The Purdue model for Industrial control systems
Industrial control system communication media and protocols
Summary
2
Insecure by Inheritance
Insecure by Inheritance
Industrial control system history
Modbus and Modbus TCP/IP
PROFINET
Common IT protocols found in the ICS
Summary
3
Anatomy of an ICS Attack Scenario
Anatomy of an ICS Attack Scenario
Setting the stage
The Slumbertown paper mill
Trouble in paradise
What can the attacker do with their access?
The cyber kill chain
Phase two of the Slumbertown Mill ICS attack
Other attack scenarios
Summary
4
Industrial Control System Risk Assessment
Industrial Control System Risk Assessment
Attacks, objectives, and consequences
Risk assessments
A risk assessment example
Summary
5
The Purdue Model and a Converged Plantwide Ethernet
The Purdue Model and a Converged Plantwide Ethernet
The Purdue Enterprise Reference Architecture
Summary
6
The Defense-in-depth Model
The Defense-in-depth Model
ICS security restrictions
How to go about defending an ICS?
The ICS is extremely defendable
The defense-in-depth model
Summary
7
Physical ICS Security
Physical ICS Security
The ICS security bubble analogy
Segregation exercise
Down to it – Physical security
Summary
8
ICS Network Security
ICS Network Security
Designing network architectures for security
Summary
9
ICS Computer Security
ICS Computer Security
Endpoint hardening
Configuration and change management
Patch management
Endpoint protection software
Summary
10
ICS Application Security
ICS Application Security
Application security
Application security testing
ICS application patching
ICS secure SDLC
Summary
11
ICS Device Security
ICS Device Security
ICS device hardening
ICS device patching
The ICS device life cycle
Summary
12
The ICS Cybersecurity Program Development Process
The ICS Cybersecurity Program Development Process
The NIST Guide to Industrial control systems  security
The ICS security program development process
Summary

Summary

As we saw in this chapter, a total system compromise can be a single vulnerability away. Playing out a scenario as presented here, where a single hole in the security leads to a targeted manipulations of temperatures, used in the PID loop that controls the steam supply of a digester with the purpose to cause a meltdown is a very hard thing to pull off. I takes skill, preparation, a deep understanding of ICS technologies in general and familiarity with the targeted ICS. More common consequences of Mark having a computer with a Java vulnerability going to a compromised website are drive-by downloads of malware like ransomware that will encrypt the victim's computer or  every computer on the victim's network. Also a devastating event with a high potential for production downtime and revenue loss that an ICS should be protected against.

In the next chapter we are going to discuss how hacker techniques like these are used for good as well, within risk assessments.

 

 

 

 

 

 

Previous Section
End of Chapter 3
Next Chapter