Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions

سیستم‌های كنترل صنعتی ICS) Industrial Control System) که شامل: SCADA) Supervisory Control and Data Acquisition) و سیستم های DCS) Distributed Control System) و سایر سیستم های کنترلی کوچکتر نظیر PLC) Programmable logic controller) می باشند به منزله هسته مرکزی كنترل و مانیتورینگ، زیرساخت حیاتی نظیر شبكه‌های انتقال و توزیع برق، نیروگاه‌های هسته‌ای، پالایشگاه‌ها، شبكه‌های آب، کارخانه‌های نفت و گاز می‌باشند. اما با توجه به قدیمی بودن این سیستم‌ها، به امنیت آنها توجه چندانی نشده است. همچنین امروزه با ادغام سیستم های IT) Information technology) به سیستم های کنترل صنعتی باعث شده است که سیستم های کنترل صنعتی بیشتر از سیستم های پیشین از دنیای خارج خود جدا شوند و در نتیجه حفظ امنیت این سیستم ها در مقابل مخاطرات خارجی و از راه دور، ضرورت بیشتری پیدا می کند.

Title: Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions
Author: Aaron Shbeeb, Bryan Singer, Clint Bodungen, Kyle Wilhoit, Stephen Hilt
Length: 416 pages
Edition: 1
Language: English
Publisher: McGraw-Hill Education
Publication Date: 2016-09-13
ISBN-10: 1259589714
ISBN-13: 9781259589713

This hands-on guide exposes the devious methods cyber threat actors use to compromise the hardware and software central to petroleum pipelines, electrical grids, and nuclear refineries. Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets and Solutions shows, step-by-step, how to implement and maintain an ICS-focused risk mitigation framework that is targeted, efficient, and cost-effective. The book arms you with the skills necessary to defend against attacks that are debilitating―and potentially deadly. See how to assess risk, perform ICS-specific threat modeling, carry out penetration tests using “ICS safe” methods, and block malware. Throughout, the authors use case studies of notorious attacks to illustrate vulnerabilities alongside actionable, ready-to-deploy countermeasures.

Learn how to:
Assess your exposure and develop an effective risk management plan
Adopt the latest ICS-focused threat intelligence techniques
Use threat modeling to create realistic risk scenarios
Implement a customized, low-impact ICS penetration-testing strategy
See how attackers exploit industrial protocols
Analyze and fortify ICS and SCADA devices and applications
Discover and eliminate undisclosed “zero-day” vulnerabilities
Detect, block, and analyze malware of all varieties

Table of Contents
Part I Setting the Stage: Putting ICS Penetration Testing in Context
Chapter 1 Introduction To Industrial Control Systems [In]Security
Chapter 2 Ics Risk Assessment
Chapter 3 Actionable Ics Threat Intelligence Through Threat Modeling

Part II Hacking Industrial Control Systems
Chapter 4 Ics Hacking (Penetration Testing) Strategies
Chapter 5 Hacking Ics Protocols
Chapter 6 Hacking Ics Devices And Applications
Chapter 7 Ics “Zero-Day” Vulnerability Research
Chapter 8 Ics Malware

Part III Putting It All Together: Risk Mitigation
Chapter 9 Ics Security Standards Primer
Chapter 10 Ics Risk Mitigation Strategies

Part IV Appendixes
Appendix A Glossary Of Acronyms And Abbreviations
Appendix B Glossary Of Terminology
Appendix C Ics Risk Assessment And Penetration Testing Methodology Flowcharts