Getting Started in SIS Cybersecurity (Part 2)

In part 1 of this article, we covered the various standards and guidelines that are available to inform the design and operation of Industrial Control System Cybersecurity. We also provided links to a variety of free training resources in both general cybersecurity and ICS cybersecurity.

Free training courses and snazzy certificates are great, but the best way to learn is by doing. Luckily, many of the most popular cybersecurity tools are free and open source. In a matter of minutes, a motivated student can download a state-of-the-art tool and begin exploring!

Great PLC Hacking Demo

Before we get into the tools, I wanted to share this amazing video with you. It’s on the long side (37 minutes), but it is a live demonstration of hacking a SCADA network, including spoofing the HMI and taking control of the PLC. It is breathtaking.

Hopefully that video provides motivation to learn hands-on skills and protect your systems!

Hands-on Learning with Security Tools

An excellent place to get started with hands-on learning is at SecTools.org. This site lists and reviews the top 125 network security tools available today, along with links to download.

For this post, I will just highlight a few of the most popular tools that are relevant to typical ICS security concerns. Several of these tools are covered in popular (and expensive) commercial ICS cybersecurity courses. All of these tools are free and open source and can be safely installed and run on a home PC for testing and learning. Don’t install them on your ICS network until you know what you are doing, and don’t test your IT department’s servers without permission. ?

Snort

Metasploit

Wireshark

Spiderfoot

  • Spiderfoot is a free and open source “footprinting” tool that gathers data from public sources to profile a target prior to penetration testing.
  • Intro Video: Spiderfoot

Shodan

  • Sometimes called “Google for Hackers”, Shodan is a search engine that lets users search for specific types of computers, such as PLCs.
  • Intro Video: Shodan Search Engine Tutorial

For the more adventurous, many of the most popular security tools have been pre-packaged in the Kali Linux distribution, which provides an ideal platform for exploring cybersecurity and penetration testing.

Cybersecurity Games

A recent NIST report states that the U.S. needs immediate and sustained improvements in its cybersecurity workforce. In a separate report, it notes that there is a consensus that cybersecurity competitions (aka wargames) will play a key role in raising the bar for cybersecurity skills. In an appendix, the report lists a large number of such competitions already available to students and professionals.

In this post, we will just give a taste of what’s available by highlighting a few free online cybersecurity games:

    • TargetedAttacks – An interactive video cybersecurity choose-your-own-adventure suitable for beginners. A sample of TargetedAttacks is shown in the embedded video below.
    • Cyber Storm – Department of Homeland Security’s (DHS) biennial exercise with over 1000 players.
    • OverTheWire – Unix console-based challenges that teach Bash, cryptography, and more. Multiple levels suitable for beginner to advanced
    • CaptureTheFlag365 – Build and defend your own virtual servers while attacking others
  • HackThisSite – Complete hacking challenges in a safe and legal environment
  • CyberCompEx – Provides links to other cyber competitions

In Conclusion

Unlike the traditional world of ICS, where technology changes on a generational cycle, the world of cybersecurity is continually evolving. One of the reasons there are so many guidelines is that the guidance needs to be updated every few months to keep up with the ingenuity of the attackers. Unlike the SIS world, we are not dealing with random (or systematic!) failures, but rather with the willful action of humans seeking to do us harm. It is bound to be more dynamic than the sterile SIS world of statistical failure rates and probabilities. But today these two worlds are intersecting, so something’s gotta give.

That about wraps it up. As always, thanks for reading. I will be back next time with some more “normal” SIS stuff, so don’t get scared off by all the cyber mumbo jumbo! Until next time…

icon


Stephen Thomas, PE, CFSE
Stephen Thomas, PE, CFSE

Stephen is the founder and editor of functionalsafetyengineer.com. He is a functional safety expert with over 26 years of experience.  He is currently a system safety engineer with a leading developer of autonomous vehicle technology. He is a member of the IEC 61508 and IEC 61511 functional safety committees. He is a member of the non-profit CFSE Advisory Board advising the exida CFSE program. He is the Director of Education & Professional Development for the International System Safety Society and an associate editor for the Journal of System Safety.

One thought on “Getting Started in SIS Cybersecurity (Part 2)

Leave a Reply

Your email address will not be published.