Book Image

Industrial Cybersecurity - Second Edition

By : Pascal Ackerman
Book Image

Industrial Cybersecurity - Second Edition

By: Pascal Ackerman

Overview of this book

With Industrial Control Systems (ICS) expanding into traditional IT space and even into the cloud, the attack surface of ICS environments has increased significantly, making it crucial to recognize your ICS vulnerabilities and implement advanced techniques for monitoring and defending against rapidly evolving cyber threats to critical infrastructure. This second edition covers the updated Industrial Demilitarized Zone (IDMZ) architecture and shows you how to implement, verify, and monitor a holistic security program for your ICS environment. You'll begin by learning how to design security-oriented architecture that allows you to implement the tools, techniques, and activities covered in this book effectively and easily. You'll get to grips with the monitoring, tracking, and trending (visualizing) and procedures of ICS cybersecurity risks as well as understand the overall security program and posture/hygiene of the ICS environment. The book then introduces you to threat hunting principles, tools, and techniques to help you identify malicious activity successfully. Finally, you'll work with incident response and incident recovery tools and techniques in an ICS environment. By the end of this book, you'll have gained a solid understanding of industrial cybersecurity monitoring, assessments, incident response activities, as well as threat hunting.
Table of Contents (26 chapters)
Section 1: ICS Cybersecurity Fundamentals
Section 2:Industrial Cybersecurity – Security Monitoring
Section 3:Industrial Cybersecurity – Threat Hunting
Section 4:Industrial Cybersecurity – Security Assessments and Intel
Chapter 15: Industrial Control System Risk Assessments
Section 5:Industrial Cybersecurity – Incident Response for the ICS Environment

Designing for security

In the previous section, we saw how industrial network architecture and the (inherent) insecurity associated with certain design decisions evolved over time. I am not trying to generalize every ICS owner, but in my experience, the bulk of them will have the Swiss-cheese architecture in place in some shape or form. I have worked with companies that implemented a far more secure architecture and I have also seen some that implemented way less, but typically this is what you find out there.

In this section, we will be exploring the proper process and methodologies around designing a security-focused and resilient industrial network architecture that incorporates cybersecurity right from the start as a foundational design goal and allows for expanding on our cybersecurity efforts in the future.

Network architecture with security in mind

I typically explain the design and implementation of industrial cybersecurity as the process of shielding off the most...