ICS Security

Abstract:

Industrial Control Systems (ICS) is a crucial part of modern industrial enterprises. The "ICS Security" training gives a hands-on experience of the current state of IT security in the industrial environment. After a brief theoretical part which explains ICS specific terminology, systems and protocols we dive into a number of practical hacks which target ICS protocols and systems (both simulated and real ones).

1. Introduction

2. Module 1 : Overview of components of an industrial control system

• Industrial control system (ICS)
• Distributed control system (DCS)
• Supervisory control and data acquisition (SCADA)
• Programmable logic controller (PLC)
• Ladder logic
• Remote terminal unit (RTU)
• Intelligent electronic device (IED)
• Master terminal server (MTS)
• Human machine interface (HMI)
• Sensors, actors
• Engineering Workstation (EWS)
• Data Historian
• Input/Outputserver
• Fieldbus
• Hierarchical structure of an ICS
• Strengths and weaknesses of an ICS

3. Module 2 : ICS protocols

• Modbus
• Ethercat
• OPC
• Profinet

4. Practical training : Inspect ICS protocols with Wireshark a. Modbus

• Profinet
• Ethercat

5. Practical exercise : Attack on the Modbus protocol

6. Practical exercise : Find ICS systems with SHODAN

7. Practical exercise : Attack on a remote maintenance connection

8. Practical exercise : Attacks via the website

• SQL injection
• Cookie injection (Schneider PLC)
• Change input values
• Command injection

9. Practical exercise : Attack a Windows HMI>

10. Practical exercise : Attack a WAGO PLC

Why should you attend this training?

IT security in the industrial environment requires expertise in three areas: IT, automation, and security. If you are a technically skilled person but lack one or two of those specific skills: this training is a good starting point for you to obtain the necessary ICS security knowledge by combining all three areas in a compact and easy to understand way.

What should you know?

Basic network knowledge (what is an IP / MAC address, what is TCP / UDP) should be present. Further, IT, automation or security skills are welcome, but not mandatory. Experience with Virtual Machines (VirtualBox) is definitely helpful.

What do I have to bring?

A Windows PC / Notebook / Tablet with an at least I5 processor (better: I7), 8 GB RAM (better: 16 GB), the latest version of Oracle VirtualBox installed, and an HD with at least 50 GB free space.

What will I do?

After short theoretical part, we will to a lot of practical hacking scenarios with real devices or with virtual machines.

Trainers Bio:

Marko Schuba received his Ph.D. in Computer Science from RWTH Aachen University. He has more than 20 years experience in IT security related fields. Currently, he is working as a full professor at Aachen University of Applied science, teaching and doing research in IT security and digital forensics with a focus on ICS, automotive and smart home. Marko collaborates with a number of companies and authorities, including the State Office of Criminal Investigation NRW, the Federal Criminal Police Office, and Interpol. He is also a co-founder of two IT security companies: schuba & höfken and @-yet Industrial IT Security. He is a trainer for ICS security since 2013.

Nico Jansen holds a Bachelor Degree in Computer Science from Aachen University of Applied Science. During his studies he discovered IT security as his favorite subject, starting own projects related to web application and IoT security. Nico is currently finalizing his Master Degree in Computer Science, analyzing the security of PLCs. At the same time, he is working as a security consultant, penetration tester and trainer for @-yet Industrial IT Security in Aachen.