O'Reilly logo
live online training icon Live Online training

IoT Security

Securing Internet of Things and Critical infrastructure Industrial Control (ICS) Systems

Aamir Lakhani

Welcome to the connected world. Everything from our smartwatches, refrigerators, thermostats, and clocks are connected to the Internet. Recent security vulnerabilities and attacks have proven these are the some of the most vulnerable assets and most valuable targets to attackers.

Surprisingly, IoT devices are used extensively in critical infrastructure from smart meters, grids, water plants, and many other government services. The Department of Homeland Security defines 16 sectors of industry that are so vital, that their incapacitation would affect a country’s security, economy, and public safety. These industries have been the targets of cyberattacks.

Hackers are trying to gain notoriety as well as nation states attempting to harm and attack IoT devices that are now used in all industries and sectors. This course will introduce you to cybersecurity concepts and concerns around major critical infrastructure components and IoT attacks. We will examine how attackers take advantage of IoT and Critical Infrastructure to attack organizations, spread ransomware, and cause havoc to organizations. You will gain an understanding of the motivation behind the attackers and learn how they exploit systems.

We will then use cybersecurity and Pen Testing tools to explore vulnerabilities in these systems and how they can be exploited. You will understand how hackers find and attack IoT systems for enterprise, consumer, and even government industrial control systems by exposing their vulnerabilities.

Lastly, we will review the major cybersecurity defense strategies that cybersecurity practitioners use to defend IoT devices without compromising the availability and functionality of critical infrastructure devices.

What you'll learn-and how you can apply it

  • Learn the fundamentals of IoT Cybersecurity systems and their components
  • Learn about the ICS/SCADA threats and the threat actors
  • Get an inside look at the most popular and successful attacks against IoT devices.
  • Review tools and techniques you can use to test and audit IoT devices across different industries systems
  • Gain an understanding of theoretical defensive frameworks used to protect IoT and critical infrastructure.
  • Explore tools you can use to implement in your environment to secure IoT systems.

This training course is for you because...

This course is intended for cybersecurity professionals who want to get exposed to critical infrastructure OT (operational security) and cybersecurity. It will give you an understanding and introduction around one of the most concerning topics in cybersecurity today.

Prerequisites

A solid understanding of cybersecurity and familiarity of IoT devices and basic concepts.

Course Set-up

Recommended Preparation

Recommended Follow-up

About your instructor

  • Aamir Lakhani is a leading senior security strategist. He is responsible for providing IT security solutions to major enterprises and government organizations.

    Mr. Lakhani creates technical security strategies and leads security implementation projects for Fortune 500 companies. Industries of focus include healthcare providers, educational institutions, financial institutions and government organizations. Aamir has designed offensive counter-defense measures for the Department of Defense and national intelligence agencies. He has also assisted organizations with safeguarding IT and physical environments from attacks perpetrated by underground cybercriminal groups. Mr. Lakhani is considered an industry leader for creating detailed security architectures within complex computing environments. His areas of expertise include cyber defense, mobile application threats, malware management, Advanced Persistent Threat (APT) research, and investigations relating to the Internet’s dark security movement. He is the author or contributor of several books, and has appeared on FOX Business News, National Public Radio, and other media outlets as an expert on cybersecurity.

    Writing under the pseudonym Dr. Chaos, Mr. Lakhani also operates the popular security social media blog which is hosted at DrChaos.com. In its recent list of 46 Federal Technology Experts to Follow on Twitter, Forbes magazine described Aamir Lakhani as “a blogger, InfoSec specialist, super hero…and all around good guy.”

Schedule

The timeframes are only estimates and may vary according to how the class is progressing

Introduction to IoT Infrastructure (1 hour)

  • Why are IoT devices extremely valuable to organizations
  • The types of threats and vulnerabilities they introduce
  • A look at recent attacks against IoT Infrastructure
  • Understanding the Internet of very vulnerable Things
  • Introduction into basic critical infrastructure IoT devices
  • Common Components of Systems
  • Introduction into industrial control systems
  • Introduction into SCADA
  • Cybersecurity risks and concerns into IoT critical infrastructure
  • OPSEC
  • Deployment Methodologies and Segmentation Concerns

Break – 10 mins

Cybersecurity and Critical Infrastructure (1.25 hour)

  • IoT Threat Landscape and Threat Actors targeting systems
  • Historic look at significant and modern threats
  • Modern attacks against systems using Pen Testing tools
  • Exploiting systems and gaining access against systems

Break – 10 mins

Securing IoT (1.25 minutes)

  • Using IoT Honeypots
  • Using network segmentation services
  • Auditing networks

Putting It All Together (15 minutes)

  • Review of lessons
  • Next Steps
  • Conclusion