Conception and Implementation of Professional Laboratory Exercises in the field of ICS/SCADA Security - Part I: Fundamentals

Abstract

Industrial control systems are essential for producing goods, electricity generation, infrastructure maintenance, and the transport of energy, water, and gas. They form the core of the critical infrastructure of modern industrial nations and are therefore of particular interest. Through the increased inter-connectivity of formerly isolated ICS process environments and standard IT technologies such as Ethernet, processes can be optimized and synergies leveraged. However, ICS/SCADA also becomes the target of the same cyber-attacks as conventional IT systems. Therefore, it is necessary to combine IT security has accumulated knowledge and experience with the classic Safety-First-mentality of ICS/SCADA environments to avoid significant problems in the foreseeable future. The new course was created for precisely this purpose. The investigation of the security of systems and organizations in Red and Blue Teams has long proven it is worth and is used worldwide. The first part of the Red Team side exercise deals specifically with finding and exploiting security vulnerabilities. Red Teaming refers to an independent group that acts as a counterpart to an organization to improve its operational effectiveness and enhance its security. It is the declared goal of the Red Team to detect security vulnerabilities. This work is intended to convey this interfacing knowledge; in the practical exercises for Red Teaming, these hybrid infrastructures and systems’ weak points are identified and exploited. Students will participate in numerous hands-on exercises throughout the course using the tools and techniques that form the basis for attacks on infrastructure, such as industrial control systems. A detailed accompanying theory precedes the exercises, and the course is structured as follows:Introduction <list list-type="bullet"> <list-item>ICS Cyber Kill Chain</list-item> <list-item>Types of information gathering</list-item> </list>Red Team Tools <list list-type="bullet"> <list-item>Nmap</list-item> <list-item>Maltego</list-item> <list-item>Shodan</list-item> <list-item>Google hacking</list-item> <list-item>The Harvester</list-item> <list-item>Wireshark</list-item> <list-item>GrassMarlin</list-item> <list-item>Metasploit Framework (MSF)</list-item> <list-item>John the Ripper</list-item> </list>Exercise 1 - Open Source Intelligence (OSINT) <list list-type="bullet"> <list-item>Gathering information with Maltego</list-item> <list-item>Find Remote Access with Google and Shodan</list-item> </list>Exercise 2 - Analysis of network recordings <list list-type="bullet"> <list-item>Analysis of ICS network recordings with Wireshark</list-item> <list-item>Analysis of ICS network recordings with GrassMarlin</list-item> </list>