book

Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions

Name: Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions
ISBN: 9781259589720

by Clint Bodungen, Bryan Singer, Aaron Shbeeb, Kyle Wilhoit, Stephen Hilt

September 2016

Intermediate to advanced

544 pages

11h 48m

English

McGraw-Hill

Read now

Unlock full access

Cover
Title Page
Copyright Page
Dedication
Contents
Acknowledgments
Introduction
Part I Setting the Stage: Putting ICS Penetration Testing in Context
CASE STUDY, PART 1: Recipe for Disaster
1 Introduction to Industrial Control Systems [In]Security
Cyberphysical Systems: The Rise of the MachinesNew Vectors to Old ThreatsThe Consequences: What Could Happen?Understanding Realistic Threats and Risks to ICSOverview of Industrial Control SystemsViewMonitorControlPurdue Reference Model for ICSTypes of Common Control Systems, Devices, and ComponentsSummaryReferences for Further Reading
2 ICS Risk Assessment
ICS Risk Assessment PrimerThe Elusive ICS “Risk Metric”Risk Assessment StandardsWhat Should an ICS Risk Assessment Evaluate and Measure?ICS Risk Assessment Process OverviewICS Risk Assessment Process StepsStage 1: System Identification & CharacterizationStage 2: Vulnerability Identification & Threat ModelingNext StepsSummaryReferences for Further Reading

3 Actionable ICS Threat Intelligence through Threat Modeling
Threat Information vs. Threat IntelligenceThreat Modeling: Turning ICS Threat Information into “Actionable” Threat IntelligenceThe ICS Kill ChainThe ICS Threat Modeling ProcessInformation CollectionSummaryReferences for Further ReadingCASE STUDY, PART 2: The Emergence of a Threat
Part II Hacking Industrial Control Systems
CASE STUDY, PART 3: A Way In
4 ICS Hacking (Penetration Testing) Strategies
The Purpose of a Penetration TestBlack Box, White Box, Gray BoxSpecial Considerations: ICS Penetration Testing Is Not IT Penetration TestingSetting Up a LabSampling “Like” Configured SystemsVirtualizationEquipmentRules of EngagementUsing Risk ScenariosICS Penetration-Testing StrategiesReconnaissance (“Footprinting”)External TestingPivotingThinking Outside of the Network: Asymmetric and Alternative Attack VectorsInternal Testing: On the ICS NetworkSummaryResources for Further Reading
5 Hacking ICS Protocols
ModbusEtherNet/IPDNP3Siemens S7commsBACnetOther ProtocolsProtocol Hacking CountermeasuresSummaryReferences for Further Reading
6 Hacking ICS Devices and Applications
Exploiting Vulnerabilities in SoftwareSome Basic PrinciplesBuffer OverflowsInteger Bugs: Overflows, Underflows, Trunction, and Sign MismatchesPointer ManipulationExploiting Format StringsDirectory TraversalDLL HijackingCross-Site ScriptingCross-Site Request Forgery (CSRF)Exploiting Hard-Coded ValuesBrute-ForceAll Software Has BugsSummaryReferences for Further Reading
7 ICS “Zero-Day” Vulnerability Research
Thinking Like a HackerStep 1: Select TargetStep 2: Study the DocumentationStep 3: List and Prioritize Accessible InterfacesStep 4: Analyze/Test Each InterfaceFuzzingStatic Binary AnalysisDynamic Binary AnalysisStep 5: Exploit VulnerabilitiesPutting It All Together: MicroLogix Case StudyResearch PreparationBefore Diving InCreating a Custom FirmwareSummaryReferences for Further ReadingToolsGeneral References
8 ICS Malware
ICS Malware PrimerDropperRootkitsVirusesAdware and SpywareWormsTrojan HorsesRansomwareInfection VectorsAnalyzing ICS MalwareLab EnvironmentSummaryReferences for Further ReadingCASE STUDY, PART 4: Foothold
Part III Putting It All Together: Risk Mitigation
CASE STUDY, PART 5: How Will It End?
9 ICS Security Standards Primer
Compliance vs. SecurityCommon ICS Cybersecurity StandardsNIST SP 800-82ISA/IEC 62443 (formerly ISA-99)NERC CIPAPI 1164CFATSNRC Regulations 5.71General Cybersecurity StandardsNIST Cybersecurity FrameworkISO/IEC 27002:2013SummaryReferences for Further Reading
10 ICS Risk Mitigation Strategies
Addressing RiskSpecial ICS Risk FactorsConfidentiality, Integrity, and Availability (CIA)Defense-in-DepthSafetyGeneral ICS Risk Mitigation ConsiderationsICS Network ConsiderationsICS Host-Based ConsiderationsICS Physical Access ConsiderationsExploits, Threats, and VulnerabilitiesEliminating ExploitsEliminating ThreatsEliminating VulnerabilitiesAdditional ICS Risk Mitigation ConsiderationsSystem Integration IssuesCompliance vs. SecurityInsuranceHoneypotsThe Risk Mitigation ProcessIntegrating the Risk Assessment StepsIntegrating the Risk ScenariosPerforming a Cost-Benefit AnalysisEstablishing the Risk Mitigation StrategySummaryReferences for Further Reading
Part IV Appendixes
A Glossary of Acronyms and Abbreviations
B Glossary of Terminology
C ICS Risk Assessment and Penetration Testing Methodology Flowcharts
Index

Content preview from Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions

PART I

SETTING THE STAGE: PUTTING ICS PENETRATION TESTING IN CONTEXT

CASE STUDY, PART 1: Recipe for Disaster

Wednesday, 9:45 AM

Bob sat down at the display terminal with his second morning cup of coffee and continued to scan over the Human-Machine Interface (HMI). On the desk in front of him were three 23-inch monitors, connected and placed side by side. He scoffed, annoyed at the login prompt.

“IT security...,” he thought sarcastically.

He remembered when things were much simpler—and much more convenient. He used to be able to walk away from his terminal, go out for a smoke, get a fresh cup of coffee, and when he returned, there were his displays waiting for him, just the way he left them. Now he had to come back to an annoying password ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Industrial Network Security, 3rd Edition

Publisher Resources

ISBN: 9781259589720

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions

by Clint Bodungen, Bryan Singer, Aaron Shbeeb, Kyle Wilhoit, Stephen Hilt

PART I