Industrial Cybersecurity (2nd Edition)

Industrial Cybersecurity (2nd Edition)

By applying a variety of tools, techniques, and technologies, in this book, we will visualize and track security posture and identify threats in an Industrial Control System (ICS) environment. Industrial Cybersecurity, Second Edition looks at implementing a comprehensive and solid security program for the ICS environment and should be read by those who are new to industrial security or are extending their industrial security posture.

With IT industries expanding to the cloud, cyberattacks have increased significantly. Understanding your control system’s vulnerabilities and learning techniques to defend critical infrastructure systems from cyber threats is becoming increasingly important.

You will begin this book by looking at how to design for security and exploring how to create an architecture that allows all the tools, techniques, and activities discussed in the book to be implemented effectively and easily. You will also learn about activities, tools, procedures, and concepts around the monitoring, tracking, and trending (visualizing) of ICS cybersecurity risks, as well as learning about the overall security program and posture/hygiene. You will also be introduced to threat hunting principles, tools, techniques, and methodology. Toward the end of the book, you will work with incident response and incident recovery tools, techniques, activities, and procedures as they relate to the ICS environment.

By the end of the book, you will be adept at industrial cybersecurity monitoring, assessments, incident response activities, and threat hunting.

Who this book is for

If you are an ICS security professional or are ICS cybersecurity-curious and want to ensure a robust ICS environment for your (critical infrastructure) systems, or if you want to extend/improve/monitor/validate your ICS cybersecurity posture, then this book is for you. Information Technology as well as Operational Technology (IT/OT) professionals interested in getting into the ICS cybersecurity monitoring domain or who are looking for additional/supporting learning material for a variety of industry-leading cybersecurity certifications will also find this book useful.

What this book covers

Chapter 1, Introduction and Recap of the First Edition, will be a recap of the first edition of this book. We will set the stage for the rest of the book and cover important concepts, tools, and techniques so that you can follow along with this second edition of the book.

Chapter 2, A Modern Look at the Industrial Control System Architecture, takes an overview of ICS security, explaining how I implement plant-wide architectures with some years of experience under my belt. The chapter will cover new concepts, techniques, and best practice recommendations

Chapter 3, The Industrial Demilitarized Zone, is where I will discuss an updated IDMZ design that is the result of years of refinement, updating and adjusting the design to business needs, and revising and updating industry best practice recommendations.

Chapter 4, Designing the ICS Architecture with Security in Mind, is where I will outline key concepts, techniques, tools, and methodologies around designing for security. How to architect a network so that it allows the easy implementation of security techniques, tools, and concepts will be discussed in the rest of the book.

Chapter 5, Introduction to Security Monitoring, is where we will discuss the ins and outs of cybersecurity monitoring as it pertains to the ICS environment. I will present the three main types of cybersecurity monitoring, passive, active, and threat hunting, which are explained in detail throughout the rest of the book.

Chapter 6, Passive Security Monitoring, is where we will look at the tools, techniques, activities, and procedures involved in passively monitoring industrial cybersecurity posture.

Chapter 7, Active Security Monitoring, looks at tools, techniques, activities, and procedures involved in actively monitoring industrial cybersecurity posture.

Chapter 8, Industrial Threat Intelligence, looks at tools, techniques, and activities that help to add threat intelligence to our security monitoring activities. Threat intelligence will be explained and common techniques and tools to acquire and assemble intelligence will be discussed.

Chapter 9, Visualizing, Correlating, and Alerting, explores how to combine all the gathered information and data, discussed in the previous chapters, into an interactive visualization, correlation, and alerting dashboard, built around the immensely popular ELK (Elasticsearch, Kibana, Logstash) stack, which is part of the Security Onion appliance.

Chapter 10, Threat Hunting, is a general introduction to threat hunting principles, tools, techniques, and methodology. This chapter will revisit Security Onion and how to use it for threat hunting exercises.

Chapter 11, Threat Hunt Scenario 1 Malware Beaconing, presents the first threat hunt use case, where we suspect malware beaconing or data is being exfiltrated from our systems, and so we will use logs, events, data, and other information to prove the hunch and show the what, where, how, and who behind the attack.

Chapter 12, Threat Hunt Scenario 2 Finding Malware and Unwanted Applications, presents the second threat hunt use case, built around the assumption that there is executable code running on assets on the ICS network that is performing malicious actions (malware) or is just using up (wasting) resources. These would be Potentially Unwanted Programs (PUPs), such as spyware, bitcoin miners, and so on.

Chapter 13, Threat Hunt Scenario 3 Suspicious External Connections, presents a third threat hunt use case: we suspect that external entities are connecting to our systems. We will use logs, events, data, and other information to prove the hunch and show the what, where, how, and who behind things.

Chapter 14, Different Types of Cybersecurity Assessments, outlines the types of security assessments that exist to help you assess the risk to an ICS environment.

Chapter 15, Industrial Control System Risk Assessments, will detail the tools, techniques, methodologies, and activities used in performing risk assessments for an ICS environment. You will get hands-on experience with the most common tools and software used during assessment activities.

Chapter 16, Red Team/Blue Team Exercises, will detail the tools, techniques, methodologies, and activities used in performing red team and blue team exercises in an ICS environment. You will get hands-on experience with the most common tools and software used during assessment activities.

Chapter 17, Penetration Testing ICS Environments, will detail the tools, techniques, methodologies, and activities used in performing penetration testing activities in an ICS environment. You will get hands-on experience with the most common tools and software used during assessment activities.

Chapter 18, Incident Response for the ICS Environment, takes you through the phases, activities, and processes of incident response as it relates to the industrial environment:

  • Preparation
  • Identification
  • Containment
  • Investigation
  • Eradication
  • Recovery
  • Follow-up

Chapter 19, Lab Setup, will help you set up a lab environment to be used for the exercises in the book.

电子书说明:

  • 关于本书的内容介绍、目录、详情等请在 AmazonGoolge Books 等售书网站搜索查看,本站仅展示封面作为参考。
  • 如无特殊说明,本站提供的所有pdf均为文字版(aka True PDF or Digitally Created PDF)。
  • 本站已经列出的所有图书均可以找到。
  • 收到PDF链接之后建议尽快下载或者保存到自己的百度网盘,防止链接过期失效。

免费获取本书PDF

扫描下方二维码添加微信号 bookyage 回复本书编号 261564 即可,我们会尽快(一般24小时之内)将本书PDF文件以百度网盘链接的形式发送给您。

注意:每位用户只能免费获取1本书的pdf,超过1本之后需要以微信转账方式每本支付9.9元人民币代找费用才能继续收到相应的pdf。

如果看不到二维码,请按F5刷新本网页!或者直接添加微信号:bookyage