You are previewing Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions.
O'Reilly logo
Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions

Book Description

Learn to defend crucial ICS/SCADA infrastructure from devastating attacks the tried-and-true Hacking Exposed way

This practical guide reveals the powerful weapons and devious methods cyber-terrorists use to compromise the devices, applications, and systems vital to oil and gas pipelines, electrical grids, and nuclear refineries. Written in the battle-tested Hacking Exposed style, the book arms you with the skills and tools necessary to defend against attacks that are debilitating—and potentially deadly.

Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions explains vulnerabilities and attack vectors specific to ICS/SCADA protocols, applications, hardware, servers, and workstations. You will learn how hackers and malware, such as the infamous Stuxnet worm, can exploit them and disrupt critical processes, compromise safety, and bring production to a halt. The authors fully explain defense strategies and offer ready-to-deploy countermeasures. Each chapter features a real-world case study as well as notes, tips, and cautions.

  • Features examples, code samples, and screenshots of ICS/SCADA-specific attacks
  • Offers step-by-step vulnerability assessment and penetration test instruction
  • Written by a team of ICS/SCADA security experts and edited by Hacking Exposed veteran Joel Scambray

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. Contents
  6. Acknowledgments
  7. Introduction
  8. Part I Setting the Stage: Putting ICS Penetration Testing in Context
    1. CASE STUDY, PART 1: Recipe for Disaster
    2. 1 Introduction to Industrial Control Systems [In]Security
      1. Cyberphysical Systems: The Rise of the Machines
        1. New Vectors to Old Threats
        2. The Consequences: What Could Happen?
        3. Understanding Realistic Threats and Risks to ICS
      2. Overview of Industrial Control Systems
        1. View
        2. Monitor
        3. Control
        4. Purdue Reference Model for ICS
        5. Types of Common Control Systems, Devices, and Components
      3. Summary
      4. References for Further Reading
    3. 2 ICS Risk Assessment
      1. ICS Risk Assessment Primer
        1. The Elusive ICS “Risk Metric”
        2. Risk Assessment Standards
        3. What Should an ICS Risk Assessment Evaluate and Measure?
        4. ICS Risk Assessment Process Overview
      2. ICS Risk Assessment Process Steps
        1. Stage 1: System Identification & Characterization
        2. Stage 2: Vulnerability Identification & Threat Modeling
        3. Next Steps
      3. Summary
      4. References for Further Reading
    4. 3 Actionable ICS Threat Intelligence through Threat Modeling
      1. Threat Information vs. Threat Intelligence
      2. Threat Modeling: Turning ICS Threat Information into “Actionable” Threat Intelligence
        1. The ICS Kill Chain
        2. The ICS Threat Modeling Process
        3. Information Collection
      3. Summary
      4. References for Further Reading
      5. CASE STUDY, PART 2: The Emergence of a Threat
  9. Part II Hacking Industrial Control Systems
    1. CASE STUDY, PART 3: A Way In
    2. 4 ICS Hacking (Penetration Testing) Strategies
      1. The Purpose of a Penetration Test
      2. Black Box, White Box, Gray Box
      3. Special Considerations: ICS Penetration Testing Is Not IT Penetration Testing
      4. Setting Up a Lab
        1. Sampling “Like” Configured Systems
        2. Virtualization
        3. Equipment
      5. Rules of Engagement
      6. Using Risk Scenarios
      7. ICS Penetration-Testing Strategies
        1. Reconnaissance (“Footprinting”)
        2. External Testing
        3. Pivoting
        4. Thinking Outside of the Network: Asymmetric and Alternative Attack Vectors
        5. Internal Testing: On the ICS Network
      8. Summary
      9. Resources for Further Reading
    3. 5 Hacking ICS Protocols
      1. Modbus
      2. EtherNet/IP
      3. DNP3
      4. Siemens S7comms
      5. BACnet
      6. Other Protocols
      7. Protocol Hacking Countermeasures
      8. Summary
      9. References for Further Reading
    4. 6 Hacking ICS Devices and Applications
      1. Exploiting Vulnerabilities in Software
        1. Some Basic Principles
        2. Buffer Overflows
        3. Integer Bugs: Overflows, Underflows, Trunction, and Sign Mismatches
        4. Pointer Manipulation
        5. Exploiting Format Strings
        6. Directory Traversal
        7. DLL Hijacking
        8. Cross-Site Scripting
        9. Cross-Site Request Forgery (CSRF)
        10. Exploiting Hard-Coded Values
        11. Brute-Force
      2. All Software Has Bugs
      3. Summary
      4. References for Further Reading
    5. 7 ICS “Zero-Day” Vulnerability Research
      1. Thinking Like a Hacker
      2. Step 1: Select Target
      3. Step 2: Study the Documentation
      4. Step 3: List and Prioritize Accessible Interfaces
      5. Step 4: Analyze/Test Each Interface
        1. Fuzzing
        2. Static Binary Analysis
        3. Dynamic Binary Analysis
      6. Step 5: Exploit Vulnerabilities
      7. Putting It All Together: MicroLogix Case Study
        1. Research Preparation
        2. Before Diving In
        3. Creating a Custom Firmware
      8. Summary
      9. References for Further Reading
        1. Tools
        2. General References
    6. 8 ICS Malware
      1. ICS Malware Primer
        1. Dropper
        2. Rootkits
        3. Viruses
        4. Adware and Spyware
        5. Worms
        6. Trojan Horses
        7. Ransomware
        8. Infection Vectors
      2. Analyzing ICS Malware
        1. Lab Environment
      3. Summary
      4. References for Further Reading
      5. CASE STUDY, PART 4: Foothold
  10. Part III Putting It All Together: Risk Mitigation
    1. CASE STUDY, PART 5: How Will It End?
    2. 9 ICS Security Standards Primer
      1. Compliance vs. Security
      2. Common ICS Cybersecurity Standards
        1. NIST SP 800-82
        2. ISA/IEC 62443 (formerly ISA-99)
        3. NERC CIP
        4. API 1164
        5. CFATS
        6. NRC Regulations 5.71
      3. General Cybersecurity Standards
        1. NIST Cybersecurity Framework
        2. ISO/IEC 27002:2013
      4. Summary
      5. References for Further Reading
    3. 10 ICS Risk Mitigation Strategies
      1. Addressing Risk
      2. Special ICS Risk Factors
        1. Confidentiality, Integrity, and Availability (CIA)
        2. Defense-in-Depth
        3. Safety
      3. General ICS Risk Mitigation Considerations
        1. ICS Network Considerations
        2. ICS Host-Based Considerations
        3. ICS Physical Access Considerations
      4. Exploits, Threats, and Vulnerabilities
        1. Eliminating Exploits
        2. Eliminating Threats
        3. Eliminating Vulnerabilities
      5. Additional ICS Risk Mitigation Considerations
        1. System Integration Issues
        2. Compliance vs. Security
        3. Insurance
        4. Honeypots
      6. The Risk Mitigation Process
        1. Integrating the Risk Assessment Steps
        2. Integrating the Risk Scenarios
        3. Performing a Cost-Benefit Analysis
        4. Establishing the Risk Mitigation Strategy
      7. Summary
      8. References for Further Reading
  11. Part IV Appendixes
    1. A Glossary of Acronyms and Abbreviations
    2. B Glossary of Terminology
    3. C ICS Risk Assessment and Penetration Testing Methodology Flowcharts
  12. Index