Learn to defend crucial ICS/SCADA infrastructure from devastating attacks the tried-and-true Hacking Exposed way
This practical guide reveals the powerful weapons and devious methods cyber-terrorists use to compromise the devices, applications, and systems vital to oil and gas pipelines, electrical grids, and nuclear refineries. Written in the battle-tested Hacking Exposed style, the book arms you with the skills and tools necessary to defend against attacks that are debilitating-and potentially deadly.
Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions explains vulnerabilities and attack vectors specific to ICS/SCADA protocols, applications, hardware, servers, and workstations. You will learn how hackers and malware, such as the infamous Stuxnet worm, can exploit them and disrupt critical processes, compromise safety, and bring production to a halt. The authors fully explain defense strategies and offer ready-to-deploy countermeasures. Each chapter features a real-world case study as well as notes, tips, and cautions.
Features examples, code samples, and screenshots of ICS/SCADA-specific attacks
Offers step-by-step vulnerability assessment and penetration test instruction
Written by a team of ICS/SCADA security experts and edited by Hacking Exposed veteran Joel Scambray
Clint Bodungen is a professional security researcher and penetration tester with more than 20 years in the cyber security industry, and has been focusing exclusively on Industrial Control Systems (ICS) security since 2003. He began learning to program and hack computers around the age of 11, and has been developing applications and tools for the UNIX and Linux operating systems since the early 1990s. His professional cyber security career, however, began in 1995 when he was appointed the Computer Systems Security Officer (CSSO) and OPSEC Manager of his unit in the United States Air Force. After an honorable discharge from the Air Force, he worked for a small IT consulting firm as the network security specialist until he was independently contracted by a major antivirus product company to test their Intrusion Detection System (IDS) applications. This ultimately influenced his deep dive into security research and penetration testing. In 2003, he was introduced to ICS/SCADA when he was hired by an industrial automation consulting firm to help a major oil & gas company secure their SCADA system. Since then, Clint has lead ICS/SCADA security risk assessments (including vulnerability assessments and penetration testing) for many of the countrys top energy organizations, and he has developed dozens of ICS/SCADA security training courses. He continues his efforts in vulnerability research in collaboration with ICS vendors, and is frequently invited to speak at ICS/SCADA security conferences yearly.
Part 1: Setting the Stage: Putting ICS Penetration Testing in Context Case Study 1: Recipe for Disaster Chapter 1: Introduction to ICS [in] Security Chapter 2: ICS Risk Assessment Chapter 3: ICS Threat Intelligence/Threat Modeling Case Study 2: The Emergence of a Threat Part 2: Hacking Industrial Control Systems Case Study 3: A Way In Chapter 4: ICS Hacking (Penetration Testing) Strategies Chapter 5: Hacking Industrial Protocols Chapter 6: Hacking ICS Devices and Applications Chapter 7: ICS "Zero Day" Vulnerability Research Chapter 8: ICS Malware Case Study 4: Foothold Part 3: Putting It All Together: ICS Risk Mitigation Case Study 5: How Will it End? Chapter 9: ICS Cybersecurity Standards Primer Chapter 10: ICS Risk Mitigation and Countermeasure Strategies Part 4: Appendices Appendix A: Glossary of Acronyms and Abbreviations Appendix B: Glossary of Terminolog Appendix C: ICS Risk Assessment and Penetration Testing Methodology Template