Preface

• Who this book is for
• What this book covers
• To get the most out of this book
• Download the color images
• Conventions used
• Get in touch
• Share Your Thoughts

1. Section 1: ICS Cybersecurity Fundamentals

2. Chapter 1: Introduction and Recap of First Edition FREE CHAPTER

• Industrial Cybersecurity – second edition
• Recap of the first edition
• What is an ICS?
• Summary

3. Chapter 2: A Modern Look at the Industrial Control System Architecture

• Why proper architecture matters
• Industrial control system architecture overview
• Summary

4. Chapter 3: The Industrial Demilitarized Zone

• The IDMZ
• What makes up an IDMZ design?
• Example IDMZ broker-service solutions
• Summary

5. Chapter 4: Designing the ICS Architecture with Security in Mind

• Typical industrial network architecture designs
• Designing for security
• Security monitoring
• Summary

6. Section 2:Industrial Cybersecurity – Security Monitoring

7. Chapter 5: Introduction to Security Monitoring

• Security incidents
• Passive security monitoring
• Active security monitoring
• Threat-hunting exercises
• Security monitoring data collection methods
• Putting it all together – introducing SIEM systems
• Summary

8. Chapter 6: Passive Security Monitoring

• Technical requirements
• Passive security monitoring explained
• Security Information and Event Management – SIEM
• Common passive security monitoring tools
• Setting up and configuring Security Onion
• Exercise 1 – Setting up and configuring Security Onion
• Exercise 2 – Setting up and a configuring a pfSense firewall
• Exercise 3 – Setting up, configuring, and using Forescout's eyeInsight (formerly known as SilentDefense)
• Summary

9. Chapter 7: Active Security Monitoring

• Technical requirements
• Understanding active security monitoring
• Exercise 1 – Scanning network-connected devices
• Exercise 2 – Manually inspecting an industrial computer
• Summary

10. Chapter 8: Industrial Threat Intelligence

• Technical requirements
• Threat intelligence explained
• Using threat information in industrial environments
• Acquiring threat information
• Creating threat intelligence data out of threat information
• Exercise – Adding an AlienVault OTX threat feed to Security Onion
• Summary

11. Chapter 9: Visualizing, Correlating, and Alerting

• Technical requirements
• Holistic cybersecurity monitoring
• Exercise 1 – Using Wazuh to add Sysmon logging
• Exercise 2 – Using Wazuh to add PowerShell Script Block Logging
• Exercise 3 – Adding a Snort IDS to pfSense
• Exercise 4 – Sending SilentDefense alerts to Security Onion syslog
• Exercise 5 – Creating a pfSense firewall event dashboard in Kibana
• Exercise 6 – Creating a breach detection dashboard in Kibana
• Summary

12. Section 3:Industrial Cybersecurity – Threat Hunting

13. Chapter 10: Threat Hunting

• What is threat hunting?
• Threat hunting in ICS environments
• What is needed to perform threat hunting exercises?
• Threat hunting is about uncovering threats
• Correlating events and alerts for threat hunting purposes
• Summary

14. Chapter 11: Threat Hunt Scenario 1 – Malware Beaconing

• Forming the malware beaconing threat hunting hypothesis
• Detection of beaconing behavior in the ICS environment
• Investigating/forensics of suspicious endpoints
• Using indicators of compromise to uncover additional suspect systems
• Summary

15. Chapter 12: Threat Hunt Scenario 2 – Finding Malware and Unwanted Applications

• Technical requirements
• Forming the malicious or unwanted applications threat hunting hypothesis
• Detection of malicious or unwanted applications in the ICS environment
• Investigation and forensics of suspicious endpoints
• Using discovered indicators of compromise to search the environment for additional suspect systems
• Summary

16. Chapter 13: Threat Hunt Scenario 3 – Suspicious External Connections

• Forming the suspicious external connections threat hunting hypothesis
• Ingress network connections
• Summary

17. Section 4:Industrial Cybersecurity – Security Assessments and Intel

18. Chapter 14: Different Types of Cybersecurity Assessments

• Understanding the types of cybersecurity assessments
• Risk assessments
• Red team exercises
• Blue team exercises
• Penetration testing
• How do ICS/OT security assessments differ from IT?
• Summary

19. Chapter 15: Industrial Control System Risk Assessments

20. Chapter 16: Red Team/Blue Team Exercises

• Red Team versus Blue Team versus pentesting
• Red Team/Blue Team example exercise, attacking Company Z
• Summary

21. Chapter 17: Penetration Testing ICS Environments

• Practical view of penetration testing
• Why ICS environments are easy targets for attackers
• Typical risks to an ICS environment
• Modeling pentests around the ICS Kill Chain
• Pentesting results allow us to prioritize cybersecurity efforts
• Pentesting industrial environments requires caution
• Exercise – performing an ICS-centric penetration test
• Summary

22. Section 5:Industrial Cybersecurity – Incident Response for the ICS Environment

23. Chapter 18: Incident Response for the ICS Environment

• What is an incident?
• What is incident response?
• Incident response processes
• Incident response procedures
• Example incident report form
• Summary

24. Chapter 19: Lab Setup

• Discussing the lab architecture
• Details about the enterprise environment lab setup
• Details about the industrial environment – lab setup
• How to simulate (Chinese) attackers
• Discussing the role of lab firewalls
• How to install the malware for the lab environment
• Configuring packet capturing for passive security tools
• Summary
• Why subscribe?

25. Other Books You May Enjoy

• Packt is searching for authors like you
• Share Your Thoughts