O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Industrial Cybersecurity

Industrial Cybersecurity

by Pascal Ackerman
Publisher: Packt Publishing
Release Date: October 2017
ISBN: 9781788395151
View table of contents
Start reading

Book Description

Your one-step guide to understanding industrial cyber security, its control systems, and its operations.

About This Book

  • Learn about endpoint protection such as anti-malware implementation, updating, monitoring, and sanitizing user workloads and mobile devices
  • Filled with practical examples to help you secure critical infrastructure systems efficiently
  • A step-by-step guide that will teach you the techniques and methodologies of building robust infrastructure systems

Who This Book Is For

If you are a security professional and want to ensure a robust environment for critical infrastructure systems, this book is for you. IT professionals interested in getting into the cyber security domain or who are looking at gaining industrial cyber security certifications will also find this book useful.

What You Will Learn

  • Understand industrial cybersecurity, its control systems and operations
  • Design security-oriented architectures, network segmentation, and security support services
  • Configure event monitoring systems, anti-malware applications, and endpoint security
  • Gain knowledge of ICS risks, threat detection, and access management
  • Learn about patch management and life cycle management
  • Secure your industrial control systems from design through retirement

In Detail

With industries expanding, cyber attacks have increased significantly. Understanding your control system’s vulnerabilities and learning techniques to defend critical infrastructure systems from cyber threats is increasingly important. With the help of real-world use cases, this book will teach you the methodologies and security measures necessary to protect critical infrastructure systems and will get you up to speed with identifying unique challenges.Industrial cybersecurity begins by introducing Industrial Control System (ICS) technology, including ICS architectures, communication media, and protocols. This is followed by a presentation on ICS (in) security. After presenting an ICS-related attack scenario, securing of the ICS is discussed, including topics such as network segmentation, defense-in-depth strategies, and protective solutions. Along with practical examples for protecting industrial control systems, this book details security assessments, risk management, and security program development. It also covers essential cybersecurity aspects, such as threat detection and access management. Topics related to endpoint hardening such as monitoring, updating, and anti-malware implementations are also discussed.

Style and approach

A step-by-step guide to implement Industrial Cyber Security effectively.

Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.

Table of Contents

  1. Preface
    1. What this book covers
    2. What you need for this book
    3. Who this book is for
    4. Conventions
    5. Reader feedback
    6. Customer support
      1. Errata
      2. Piracy
      3. Questions
  2. Industrial Control Systems
    1. An overview of an Industrial control system
      1. The view function
      2. The monitor function
      3. The control function
    2. The Industrial control system architecture
      1. Programmable logic controllers
      2. Human Machine Interface
      3. Supervisory Control and Data Acquisition
      4. Distributed control system
      5. Safety instrumented system
    3. The Purdue model for Industrial control systems
      1. The enterprise zone
        1. Level 5 - Enterprise network
        2. Level 4 - Site business planning and logistics
      2. Industrial Demilitarized Zone
      3. The manufacturing zone
        1. Level 3 - Site operations
        2. Level 2 - Area supervisory control
        3. Level 1 - Basic control
        4. Level 0 - Process
    4. Industrial control system communication media and protocols
      1. Regular information technology network protocols
      2. Process automation protocols
      3. Industrial control system protocols
      4. Building automation protocols
      5. Automatic meter reading protocols
        1. Communication protocols in the enterprise zone
          1. Communication protocols in the Industrial zone
    5. Summary
  3. Insecure by Inheritance
    1. Industrial control system history
    2. Modbus and Modbus TCP/IP
      1. Breaking Modbus
      2. Using Python and Scapy to communicate over Modbus
      3. Replaying captured Modbus packets
    3. PROFINET
      1. PROFINET packet replay attacks
      2. S7 communication and the stop CPU vulnerability
      3. EtherNet/IP and the Common Industrial Protocol
      4. Shodan: The scariest search engine on the internet
    4. Common IT protocols found in the ICS
      1. HTTP
      2.  File Transfer Protocol
      3. Telnet
      4. Address Resolution Protocol
      5. ICMP echo request
    5. Summary
  4. Anatomy of an ICS Attack Scenario
    1. Setting the stage
    2. The Slumbertown paper mill
    3. Trouble in paradise
      1. Building a virtual test network
      2. Clicking our heels
    4. What can the attacker do with their access?
    5. The cyber kill chain
    6. Phase two of the Slumbertown Mill ICS attack
    7. Other attack scenarios
    8. Summary
  5. Industrial Control System Risk Assessment
    1. Attacks, objectives, and consequences
    2. Risk assessments
    3. A risk assessment example
      1. Step 1 - Asset identification and system characterization
      2. Step 2 - Vulnerability identification and threat modeling
        1. Discovering vulnerabilities
        2. Threat modeling
      3. Step 3 - Risk calculation and mitigation
    4. Summary
  6. The Purdue Model and a Converged Plantwide Ethernet
    1. The Purdue Enterprise Reference Architecture
      1. The Converged Plantwide Enterprise
      2. The safety zone
      3. Cell/area zones
        1. Level 0 – The process
        2. Level 1 – Basic control
        3. Level 2 – Area supervisory control
      4. The manufacturing zone
        1. Level 3 – Site manufacturing operations and control
      5. The enterprise zone
        1. Level 4 – Site business planning and logistics
        2. Level 5 – Enterprise
        3. Level 3.5 – The Industrial Demilitarized Zone
      6. The CPwE industrial network security framework
    2. Summary
  7. The Defense-in-depth Model
    1. ICS security restrictions
    2. How to go about defending an ICS?
    3. The ICS is extremely defendable
    4. The defense-in-depth model
      1. Physical security
      2. Network security
      3. Computer security
      4. Application security
      5. Device security
      6. Policies, procedures, and awareness
    5. Summary
  8. Physical ICS Security
    1. The ICS security bubble analogy
    2. Segregation exercise
    3. Down to it – Physical security
    4. Summary
  9. ICS Network Security
    1. Designing network architectures for security
      1. Network segmentation
        1. The Enterprise Zone
        2. The Industrial Zone
          1. Cell Area Zones
          2. Level 3 site operations
        3. The Industrial Demilitarized Zone
        4. Communication conduits
      2. Resiliency and redundancy
      3. Architectural overview
      4. Firewalls
        1. Configuring the active-standby pair of firewalls
      5. Security monitoring and logging
      6. Network packet capturing
      7. Event logging
      8. Security information and event management
        1. Firewall logs
          1. Configuring the Cisco ASA firewall to send log data to the OSSIM server
          2. Setting the syslog logging level for Cisco devices
        2. Network intrusion detection logs
          1. Why not intrusion prevention?
          2. Configuring the Cisco Sourcefire IDS to send log data to the OSSIM server
        3. Router and switch logs
          1. Configuring Cisco IOS to log to the syslog service of the OSSIM server
        4. Operating system logs
          1. Collecting logs from a Windows system
          2. Installing and configuring NXLog CE across your Windows hosts
        5. Application logs
          1. Reading an application log file with an HIDS agent on Windows
        6. Network visibility
    2. Summary
  10. ICS Computer Security
    1. Endpoint hardening
      1. Narrowing the attack surface
      2. Limiting the impact of a compromise
        1. Microsoft Enhanced Mitigation Experience Toolkit 
        2. Configuring EMET for a Rockwell Automation application server
        3. Microsoft AppLocker
        4. Microsoft AppLocker configuration
    2. Configuration and change management
    3. Patch management
      1. Configuring Microsoft Windows Server Update Services for the industrial zone
        1. Configuring the Cisco ASA firewall
          1. Creating the Windows Server Update Services server
          2. Configuring Windows client computers to get updates from the WSUS server
    4. Endpoint protection software
      1. Host-based firewalls
      2. Anti-malware software
        1. Types of malware
      3. Application whitelisting software
        1. Application whitelisting versus blacklisting
        2. How application whitelisting works
        3. Symantec's Embedded Security: Critical system protection
          1. Building the Symantec's Embedded Security: Critical System Protection management server
          2. Monitoring and logging
    5. Summary
  11. ICS Application Security
    1. Application security
      1. Input validation vulnerabilities
      2. Software tampering 
      3. Authentication vulnerabilities
      4. Authorization vulnerabilities
      5. Insecure configuration vulnerabilities
      6. Session management vulnerabilities
      7. Parameter manipulation vulnerabilities
    2. Application security testing
      1. OpenVAS security scan
    3. ICS application patching
    4. ICS secure SDLC
      1. The definition of secure SDLC
    5. Summary
  12. ICS Device Security
    1. ICS device hardening
    2. ICS device patching
    3. The ICS device life cycle
      1. ICS device security considerations during the procurement phase
      2. ICS device security considerations during the installation phase
      3. ICS device security considerations during the operation phase
      4. ICS device security considerations for decommissioning and disposal
    4. Summary
  13. The ICS Cybersecurity Program Development Process
    1. The NIST Guide to Industrial control systems  security
      1. Obtaining senior management buy-in
      2. Building and training a cross-functional team
      3. Defining charter and scope
      4. Defining ICS-specific security policies and procedures
      5. Implementing an ICS security risk-management framework
        1. Categorizing ICS systems and network assets
        2. Selecting ICS security controls
        3. Performing (initial) risk assessment
        4. Implementing the security controls
    2. The ICS security program development process
      1. Security policies, standards, guidelines, and procedures
      2. Defining ICS-specific security policies, standards, and procedures
      3. Defining and inventorying the ICS assets
      4. Performing an initial risk assessment on discovered ICS assets
        1. The Slumbertown Paper Mill initial risk assessment
      5. Defining and prioritizing mitigation activities
      6. Defining and kicking off the security improvement cycle
    3. Summary