Saturday, September 26, 2015

ICS-CERT Cybersecurity Training

I may (MAY!) have a chance to attend a the ICS-CERT Cybersecurity Course in Idaho Falls in December.  Not a sure thing but I am an alternate choice if the primary can't go and my contracting company agrees.  I am one of those guys who always worries about things like this because basically I am an idiot and if I don't want that to show up immediately I need to do some pre-reading.  So I was digging around on the internet looking for a syllabus or whatever and I came across this presentation, which happens to contain a reading list related to the course:

Industrial Control Systems, Networks, and Cybersecurity: 2015 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure

It looks like I am going to have a lot of prepwork to get through:

Reading List -

Basic Linux (the hands-on exercises are done in a Linux environment):




SCADA -An introduction/overview of common SCADA communications, e.g.:



Intrusion Detection:


SQL Injection: An explanation of SQL injection methods, e.g.:
HACKING: Art of Exploitation by Jon Erickson
Secure Coding in C and C++ by Robert Seacord
DHS Catalog of Control System Security: Recommendations for Standards Developers:
NIST Special Publication SP 800-82 Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security
SANS ICS Security Summit interview (video)
ICS Basics: For those with little or no ICS experience, these Wikipedia articles provide a brief introduction to the concepts and history of control systems that will be helpful to know for class.

MISC:

The OWASP Cheat Sheet Series



Center for Internet Security



SANS


Australian Defense Signals Directorate (http://www.asd.gov.au/)
Network System Monitoring:  For more information on Snorby, Snort, and other Network System Monitoring (NSM) tools, 

No comments: