INDUSTRIAL CONTROL SYSTEMS – PENTEST AUDITING&STANDARDS 02/2013, TEASER

ICS SECURITY

Understanding (the basics of) industrial control systems by Jeroen Hirs
Industrial control systems are in the heart of the business controlling critical processes, while increasingly being exposed to cyber-attacks and thus requiring security measures. Significant overlap with traditional IT exists, but having a basic understanding of how these industrial control systems work will certainly improve your security assessment quality.

Penetration Testing and Security Assessments of SCADA Systems by SCADA Beast
Distributed Control Systems (DCS) and Supervisor Control and Data Acquisition (SCADA) systems present unique challenges to the security professional. Both systems typically operate in a 7/24/365 arena and typically do not allow for any downtime. What to security measures are necessary to maintain these systems? Find out in this article.

ICS Security Posture by Sinclair Koelemij
The author has conducted cyber security assessments for the process control industry for over 12 years now, primarily in the EMEA region. Much has changed since these early days, cyber security has grown from infancy into adolescence but still has a long way to go to reach the maturity level necessary for protecting these critical systems. This article describes where we are today and how the industry has evolved toward adolescence.

TOOLS & TECHNIQUES

Small and Medium Business Security Solutions by Jayson Wylie
Do you own a small business? Maybe you are considering establishing a one? In any case, this article will probably help you save some money and this kind of possibility is never bad.

Cain as the Man in the Middle by Robert Millott
Sophisticated tests require sophisticated tools. Cain&Abel is definitely one of those tools. And Robert Millott is definitely an expert you are looking for. Described attack is based on Arp cache poisoning. Great lecture and superb guide.

How about Raspberry Pi by Jerry Craft
Jerry Craft created a step-by-step guide about using Raspberry Pi as penetration testing tool. The article shows all necessary moves from buying through configuring and finally to preparing and using the device.

INTERVIEWS

Interview with Joe Weiss by Larry Karisny
Joe is an expert in the cyber security of industrial control systems (ICS) who globally advises ICS users and the ICS ecosystem. A nuclear control systems engineer by training, Joe has dedicated over 35 years to improving the efficiency, reliability and security of process automation and control systems.

Interview with Ian Whiting by PenTest Team
Ian has been working with leading global organizations and government agencies to help improve computer security for more than a decade. He has been accredited by CESG for his security and team leading expertise for over 5 years.