This series of posts would help the ICS assets owners, asset custodians, security engineers, automation professionals to understand and manage cyber security risks. My priority is to provide practical guidance on how to achieve a particular task (asset management, technical vulnerability management, designing security zones and conduits, Utilising IEC62443, Risk Management, Offensive Security and my experience from the field.
Comments for improvements and collaboration are very much welcome.
Topics I will cover
- Utilising IEC 62443 group of standards and NIST standards to managed risks in ICS environment.
- Build cyber reference architecture from scratch
- Creating and Managing ICS Assets inventory
- Perform Risk Assessments (Inherent and Residual) following IEC 62443-3-2.
- Preparing Purdue Reference Architecture based on ISA-95
- Partitioning your architecture into logical security zones and conduits
- Build tailored security rule sets for security devices (firewalls, SIEM, network ACLs, YARA rules)
- Practice Proactive threat informed defence
- Build emulation plans using MITRE and ATT&CK to simulate adversary behaviour through understanding TTPs (Tactics, Techniques and Procedures)
- Simulate TTX (table top exercises) to evaluate risks and building adversary sequence diagrams.
Note: The ideas, concepts, challenges, recommendations, diagrams, pictures do no related to any organisation.
Hard Hat Security 