Attacks, objectives, and consequences
If you remember from the kill chain discussion in the previous chapter, most ICS networks are not directly connected to the internet. For that reason, most ICS attacks can be divided into two stages:
- Stage 1 involves gaining access to the ICS network by all means possible, with the objective of starting stage 2 of the attack. Stage 1 activities include getting a foothold into the business or enterprise network of an organization and from there finding a pivot point to jump to the ICS network. The objective of stage 1 in an ICS cyber attack will almost always be to get into the ICS network
- Stage 2 starts the ICS exploitation part of the attack, where activities necessary to achieve the stage 2 objectives are carried out. Typical stage 2 activities include securing of access to the ICS network, probing and mapping of the ICS network, creating of backdoors in ICS devices and applications and exfiltration of data. The objective of stage 2 of an ICS cyber...