Book Image

Industrial Cybersecurity

By : Pascal Ackerman
Book Image

Industrial Cybersecurity

By: Pascal Ackerman

Overview of this book

With industries expanding, cyber attacks have increased significantly. Understanding your control system’s vulnerabilities and learning techniques to defend critical infrastructure systems from cyber threats is increasingly important. With the help of real-world use cases, this book will teach you the methodologies and security measures necessary to protect critical infrastructure systems and will get you up to speed with identifying unique challenges.Industrial cybersecurity begins by introducing Industrial Control System (ICS) technology, including ICS architectures, communication media, and protocols. This is followed by a presentation on ICS (in) security. After presenting an ICS-related attack scenario, securing of the ICS is discussed, including topics such as network segmentation, defense-in-depth strategies, and protective solutions. Along with practical examples for protecting industrial control systems, this book details security assessments, risk management, and security program development. It also covers essential cybersecurity aspects, such as threat detection and access management. Topics related to endpoint hardening such as monitoring, updating, and anti-malware implementations are also discussed.
Table of Contents (19 chapters)
Title Page
About the Author
About the Reviewers
Customer Feedback

The cyber kill chain

The concept of the cyber kill chain was created by analysts at Lockheed Martin Corporation in 2011. The concept describes the stages of the process of compromising a victim. It is referred to as a chain because all stages rely on each other, and they need to be performed in succession. The idea is that if the chain gets broken somewhere in the process, the process gets halted. The kill chain is applied to a corporate environment, and it includes the following seven stages:

  • Reconnaissance
  • Weaponization
  • Delivery
  • Exploitation
  • Installation
  • Command and control
  • Actions and objectives

If you look back at the chapter's attack scenario, the stages can be seen by the following actions:

  1. The attacker finds out about the victim's friends and hobbies.
  2. The attacker uses this information to craft an enticing email, aimed at getting the victim to click on a malicious link.
  3. The link in the email directs the victim's browser to a booby-trapped website, allowing the delivery of the exploit code.
  4. The...