Secure your ICS and SCADA systems the battle-tested Hacking Exposed™ way
This hands-on guide exposes the devious methods cyber threat actors use to compromise the hardware and software central to petroleum pipelines, electrical grids, and nuclear refineries. Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets and Solutions shows, step-by-step, how to implement and maintain an ICS-focused risk mitigation framework that is targeted, efficient, and cost-effective. The book arms you with the skills necessary to defend against attacks that are debilitating―and potentially deadly. See how to assess risk, perform ICS-specific threat modeling, carry out penetration tests using “ICS safe” methods, and block malware. Throughout, the authors use case studies of notorious attacks to illustrate vulnerabilities alongside actionable, ready-to-deploy countermeasures.
Learn how to:
• Assess your exposure and develop an effective risk management plan
• Adopt the latest ICS-focused threat intelligence techniques
• Use threat modeling to create realistic risk scenarios
• Implement a customized, low-impact ICS penetration-testing strategy
• See how attackers exploit industrial protocols
• Analyze and fortify ICS and SCADA devices and applications
• Discover and eliminate undisclosed “zero-day” vulnerabilities
• Detect, block, and analyze malware of all varieties
|Publisher:||McGraw-Hill Professional Publishing|
|Edition description:||New Edition|
|Product dimensions:||7.40(w) x 9.00(h) x 0.90(d)|
About the Author
Bryan L. Singer, CISSP, CAP is an industry-recognized industrial security expert and principal investigator with Kenexis Security Corporation.
Aaron Shbeeb has worked for more than a decade in a variety of programming and security positions, including ICS/SCADA, and specializes in secure programming practices.
Kyle Wilhoit is a senior threat researcher at Trend Micro. He focuses on original threat, malware, vulnerability discovery/analysis, and criminal activity on the Internet.
Stephen Hilt is an Information Security and ICS Security expert and researcher who has published numerous ICS-Specific Nmap scripts that identify ICS protocols via native commands.
Table of ContentsPart 1: Setting the Stage: Putting ICS Penetration Testing in Context
Case Study 1: Recipe for Disaster
Chapter 1: Introduction to ICS [in] Security
Chapter 2: ICS Risk Assessment
Chapter 3: ICS Threat Intelligence/Threat Modeling
Case Study 2: The Emergence of a ThreatPart 2: Hacking Industrial Control Systems
Case Study 3: A Way In
Chapter 4: ICS Hacking (Penetration Testing) Strategies
Chapter 5: Hacking Industrial Protocols
Chapter 6: Hacking ICS Devices and Applications
Chapter 7: ICS "Zero Day" Vulnerability Research
Chapter 8: ICS Malware
Case Study 4: FootholdPart 3: Putting It All Together: ICS Risk Mitigation
Case Study 5: How Will it End?
Chapter 9: ICS Cybersecurity Standards Primer
Chapter 10: ICS Risk Mitigation and Countermeasure StrategiesPart 4: Appendices
Appendix A: Glossary of Acronyms and Abbreviations
Appendix B: Glossary of Terminolog
Appendix C: ICS Risk Assessment and Penetration Testing Methodology Template