Book Image

Industrial Cybersecurity - Second Edition

By : Pascal Ackerman
Book Image

Industrial Cybersecurity - Second Edition

By: Pascal Ackerman

Overview of this book

With Industrial Control Systems (ICS) expanding into traditional IT space and even into the cloud, the attack surface of ICS environments has increased significantly, making it crucial to recognize your ICS vulnerabilities and implement advanced techniques for monitoring and defending against rapidly evolving cyber threats to critical infrastructure. This second edition covers the updated Industrial Demilitarized Zone (IDMZ) architecture and shows you how to implement, verify, and monitor a holistic security program for your ICS environment. You'll begin by learning how to design security-oriented architecture that allows you to implement the tools, techniques, and activities covered in this book effectively and easily. You'll get to grips with the monitoring, tracking, and trending (visualizing) and procedures of ICS cybersecurity risks as well as understand the overall security program and posture/hygiene of the ICS environment. The book then introduces you to threat hunting principles, tools, and techniques to help you identify malicious activity successfully. Finally, you'll work with incident response and incident recovery tools and techniques in an ICS environment. By the end of this book, you'll have gained a solid understanding of industrial cybersecurity monitoring, assessments, incident response activities, as well as threat hunting.
Table of Contents (26 chapters)
Section 1: ICS Cybersecurity Fundamentals
Section 2:Industrial Cybersecurity – Security Monitoring
Section 3:Industrial Cybersecurity – Threat Hunting
Section 4:Industrial Cybersecurity – Security Assessments and Intel
Chapter 15: Industrial Control System Risk Assessments
Section 5:Industrial Cybersecurity – Incident Response for the ICS Environment

Understanding active security monitoring

As the name implies, active security monitoring is aimed at actively interrogating the monitored environment for security incidents and other relevant security-related information. It is about rolling up our sleeves and actively interacting with the environment to see how well our security program is holding up, or to even get a feel for our security posture.

Some forms of active security monitoring include the following:

  • Network scanning to interrogate and examine network-connected devices
  • Host-based agents that can scan the host for security-related issues and malicious content
  • Manually examining endpoints for signs of malicious activity and content

Let's look at each of them in detail.

Network scanning

In this section, we will discuss the various methods around network scanning. We will look at common tools and techniques and discuss the applicability of those tools and techniques to uncover certain types...