Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions - Clint Bodungen, Bryan Singer, Aaron Shbeeb, Kyle Wilhoit, Stephen Hilt

Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions

Buch | Softcover
416 Seiten
2016
McGraw-Hill Education (Verlag)
978-1-259-58971-3 (ISBN)
82,25 inkl. MwSt
Learn to defend crucial ICS/SCADA infrastructure from devastating attacks with the tried-and-true Hacking Exposed way
Learn to defend crucial ICS/SCADA infrastructure from devastating attacks the tried-and-true Hacking Exposed way

This practical guide reveals the powerful weapons and devious methods cyber-terrorists use to compromise the devices, applications, and systems vital to oil and gas pipelines, electrical grids, and nuclear refineries. Written in the battle-tested Hacking Exposed style, the book arms you with the skills and tools necessary to defend against attacks that are debilitating—and potentially deadly.

Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions explains vulnerabilities and attack vectors specific to ICS/SCADA protocols, applications, hardware, servers, and workstations. You will learn how hackers and malware, such as the infamous Stuxnet worm, can exploit them and disrupt critical processes, compromise safety, and bring production to a halt. The authors fully explain defense strategies and offer ready-to-deploy countermeasures. Each chapter features a real-world case study as well as notes, tips, and cautions.



Features examples, code samples, and screenshots of ICS/SCADA-specific attacks
Offers step-by-step vulnerability assessment and penetration test instruction
Written by a team of ICS/SCADA security experts and edited by Hacking Exposed veteran Joel Scambray

Clint Bodungen is a professional security researcher and penetration tester with more than 20 years in the “cyber” security industry, and has been focusing exclusively on Industrial Control Systems (ICS) security since 2003. He began learning to program and “hack” computers around the age of 11, and has been developing applications and tools for the UNIX and Linux operating systems since the early 1990’s. His professional cyber security career, however, began in 1995 when he was appointed the Computer Systems Security Officer (CSSO) and OPSEC Manager of his unit in the United States Air Force. After an honorable discharge from the Air Force, he worked for a small IT consulting firm as the network security specialist until he was independently contracted by a major antivirus product company to test their Intrusion Detection System (IDS) applications. This ultimately influenced his deep dive into security research and penetration testing. In 2003, he was introduced to ICS/SCADA when he was hired by an industrial automation consulting firm to help a major oil & gas company secure their SCADA system. Since then, Clint has lead ICS/SCADA security risk assessments (including vulnerability assessments and penetration testing) for many of the country’s top energy organizations, and he has developed dozens of ICS/SCADA security training courses. He continues his efforts in vulnerability research in collaboration with ICS vendors, and is frequently invited to speak at ICS/SCADA security conferences yearly. Bryan L. Singer, CISSP, CAP, (Montevallo, AL) is an industry-recognized industrial security expert currently in the position of Principal Investigator with Kenexis Security Corporation, specializing primarily in industrial control systems and SCADA security. Bryan began his professional career with the U.S. Army as a paratrooper and intelligence analyst. Since fulfillment of his military service, Bryan has designed, developed, and implemented large scale industrial networks, cybersecurity architectures, and conducted penetration tests and cybersecurity assessments worldwide across various critical infrastructure fields including power, oil and gas, food and beverage, nuclear, automotive, chemical, and pharmaceutical operations.  In 2002, Bryan became the founding chairman of the ISA-99/62443 standard, which he led up until 2012.  His areas of technical expertise are in software development, reverse engineering, forensics, network design, penetration testing, and cybersecurity vulnerability assessments.  He is a published author as well as frequent speaker and contributor to the ICS security field. Aaron Shbeeb (Houston, TX) became interested in programming and computer security in his early teenage years.  He graduated from Ohio State University with a Bachelor's of Science degree in computer science engineering.  He has worked for more than a decade in a variety of programming and security positions and has focused on secure programming practices.  Since 2008, he has worked as a penetration tester and security researcher focusing on ICS/SCADA systems, both professionally and personally. Kyle Wilhoit (Festus, MO) "Kyle Wilhoit is a Sr. Threat Researcher at Trend Micro on the Future Threat Research Team. Kyle focuses on original threat, malware, vulnerability discovery/analysis and criminal activity on the Internet. He also hunts for new malware like a rabid dog. Prior to joining Trend Micro, he was at Fireeye hunting badness and puttin' the bruising on cyber criminals and state sponsored entities as a Threat Intel guy. Prior to Fireeye, he was the lead incident handler and malware guy at a large energy company, focusing on ICS/SCADA security and targeted persistent threats. He has also worked at a Tier 1 ISP playing with malware. Kyle is also involved with several open source projects and actively enjoys reverse engineering things that shouldn't be." Stephen Hilt (Chattanooga, TN) Stephen Hilt has been in Information Security and Industrial Control Systems (ICS) Security for around 10 years. With a Bachelors Degree from Southern Illinois University, he started working for a large power utility in the South East of the United States. There Stephen gained an extensive background in Security Network Engineering, Incident Response, Forensics, Assessments and Penetration Testing. That is where Stephen started focusing on ICS Assessments, then moved to working as an ICS Security Consultant and Researcher for one of the most foremost ICS Security Consulting groups in the world. In 2014, Stephen was named as having one of the coolest hacks by dark reading for his PLCPwn, a weaponized PLC. As well, he has published numerous ICS Specific Nmap Scripts to Identify ICS protocols via native commands. Over the past 10 years, Stephen has learned how to build, defend and attack ICS networks.

Part 1: Setting the Stage: Putting ICS Penetration Testing in Context
Case Study 1: Recipe for Disaster
Chapter 1: Introduction to ICS [in] Security
Chapter 2: ICS Risk Assessment
Chapter 3: ICS Threat Intelligence/Threat Modeling
Case Study 2: The Emergence of a Threat

Part 2: Hacking Industrial Control Systems
Case Study 3: A Way In
Chapter 4: ICS Hacking (Penetration Testing) Strategies
Chapter 5: Hacking Industrial Protocols
Chapter 6: Hacking ICS Devices and Applications
Chapter 7: ICS "Zero Day" Vulnerability Research
Chapter 8: ICS Malware
Case Study 4: Foothold

Part 3: Putting It All Together: ICS Risk Mitigation
Case Study 5: How Will it End?
Chapter 9: ICS Cybersecurity Standards Primer
Chapter 10: ICS Risk Mitigation and Countermeasure Strategies

Part 4: Appendices
Appendix A: Glossary of Acronyms and Abbreviations
Appendix B: Glossary of Terminolog
Appendix C: ICS Risk Assessment and Penetration Testing Methodology Template

Erscheinungsdatum
Zusatzinfo 90 Illustrations
Verlagsort OH
Sprache englisch
Maße 216 x 231 mm
Gewicht 626 g
Themenwelt Schulbuch / Wörterbuch Lexikon / Chroniken
Sonstiges Geschenkbücher
Informatik Netzwerke Sicherheit / Firewall
Informatik Theorie / Studium Kryptologie
ISBN-10 1-259-58971-4 / 1259589714
ISBN-13 978-1-259-58971-3 / 9781259589713
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und …

von Norbert Pohlmann

Buch | Softcover (2022)
Springer Vieweg (Verlag)
34,99

von Chaos Computer Club

Buch | Softcover (2024)
KATAPULT Verlag
28,00