You're reading from Industrial Cybersecurity Efficiently monitor the cybersecurity posture of your ICS environment

Product type Paperback

Published in Oct 2021

Publisher Packt

ISBN-13 9781800202092

Length 800 pages

Edition 2nd Edition

Tools

Kali Linux

Concepts

Cybersecurity

Author (1):

Pascal Ackerman

View More author details

Table of Contents (26) Chapters

Preface

1. Section 1: ICS Cybersecurity Fundamentals

2. Chapter 1: Introduction and Recap of First Edition FREE CHAPTER

3. Chapter 2: A Modern Look at the Industrial Control System Architecture

4. Chapter 3: The Industrial Demilitarized Zone

5. Chapter 4: Designing the ICS Architecture with Security in Mind

6. Section 2:Industrial Cybersecurity – Security Monitoring

7. Chapter 5: Introduction to Security Monitoring

8. Chapter 6: Passive Security Monitoring

9. Chapter 7: Active Security Monitoring

10. Chapter 8: Industrial Threat Intelligence

11. Chapter 9: Visualizing, Correlating, and Alerting

12. Section 3:Industrial Cybersecurity – Threat Hunting

13. Chapter 10: Threat Hunting

14. Chapter 11: Threat Hunt Scenario 1 – Malware Beaconing

15. Chapter 12: Threat Hunt Scenario 2 – Finding Malware and Unwanted Applications

16. Chapter 13: Threat Hunt Scenario 3 – Suspicious External Connections

17. Section 4:Industrial Cybersecurity – Security Assessments and Intel

18. Chapter 14: Different Types of Cybersecurity Assessments

19. Chapter 15: Industrial Control System Risk Assessments

20. Chapter 16: Red Team/Blue Team Exercises

21. Chapter 17: Penetration Testing ICS Environments

22. Section 5:Industrial Cybersecurity – Incident Response for the ICS Environment

23. Chapter 18: Incident Response for the ICS Environment

24. Chapter 19: Lab Setup

25. Other Books You May Enjoy

What this book covers

Chapter 1, Introduction and Recap of the First Edition, will be a recap of the first edition of this book. We will set the stage for the rest of the book and cover important concepts, tools, and techniques so that you can follow along with this second edition of the book.

Chapter 2, A Modern Look at the Industrial Control System Architecture, takes an overview of ICS security, explaining how I implement plant-wide architectures with some years of experience under my belt. The chapter will cover new concepts, techniques, and best practice recommendations

Chapter 3, The Industrial Demilitarized Zone, is where I will discuss an updated IDMZ design that is the result of years of refinement, updating and adjusting the design to business needs, and revising and updating industry best practice recommendations.

Chapter 4, Designing the ICS Architecture with Security in Mind, is where I will outline key concepts, techniques, tools, and methodologies around designing for security. How to architect a network so that it allows the easy implementation of security techniques, tools, and concepts will be discussed in the rest of the book.

Chapter 5, Introduction to Security Monitoring, is where we will discuss the ins and outs of cybersecurity monitoring as it pertains to the ICS environment. I will present the three main types of cybersecurity monitoring, passive, active, and threat hunting, which are explained in detail throughout the rest of the book.

Chapter 6, Passive Security Monitoring, is where we will look at the tools, techniques, activities, and procedures involved in passively monitoring industrial cybersecurity posture.

Chapter 7, Active Security Monitoring, looks at tools, techniques, activities, and procedures involved in actively monitoring industrial cybersecurity posture.

Chapter 8, Industrial Threat Intelligence, looks at tools, techniques, and activities that help to add threat intelligence to our security monitoring activities. Threat intelligence will be explained and common techniques and tools to acquire and assemble intelligence will be discussed.

Chapter 9, Visualizing, Correlating, and Alerting, explores how to combine all the gathered information and data, discussed in the previous chapters, into an interactive visualization, correlation, and alerting dashboard, built around the immensely popular ELK (Elasticsearch, Kibana, Logstash) stack, which is part of the Security Onion appliance.

Chapter 10, Threat Hunting, is a general introduction to threat hunting principles, tools, techniques, and methodology. This chapter will revisit Security Onion and how to use it for threat hunting exercises.

Chapter 11, Threat Hunt Scenario 1 – Malware Beaconing, presents the first threat hunt use case, where we suspect malware beaconing or data is being exfiltrated from our systems, and so we will use logs, events, data, and other information to prove the hunch and show the what, where, how, and who behind the attack.

Chapter 12, Threat Hunt Scenario 2 – Finding Malware and Unwanted Applications, presents the second threat hunt use case, built around the assumption that there is executable code running on assets on the ICS network that is performing malicious actions (malware) or is just using up (wasting) resources. These would be Potentially Unwanted Programs (PUPs), such as spyware, bitcoin miners, and so on.

Chapter 13, Threat Hunt Scenario 3 – Suspicious External Connections, presents a third threat hunt use case: we suspect that external entities are connecting to our systems. We will use logs, events, data, and other information to prove the hunch and show the what, where, how, and who behind things.

Chapter 14, Different Types of Cybersecurity Assessments, outlines the types of security assessments that exist to help you assess the risk to an ICS environment.

Chapter 15, Industrial Control System Risk Assessments, will detail the tools, techniques, methodologies, and activities used in performing risk assessments for an ICS environment. You will get hands-on experience with the most common tools and software used during assessment activities.

Chapter 16, Red Team/Blue Team Exercises, will detail the tools, techniques, methodologies, and activities used in performing red team and blue team exercises in an ICS environment. You will get hands-on experience with the most common tools and software used during assessment activities.

Chapter 17, Penetration Testing ICS Environments, will detail the tools, techniques, methodologies, and activities used in performing penetration testing activities in an ICS environment. You will get hands-on experience with the most common tools and software used during assessment activities.

Chapter 18, Incident Response for the ICS Environment, takes you through the phases, activities, and processes of incident response as it relates to the industrial environment: