Resources to get into #ICS security

Recently I received some questions on what resources I would recommend within the ICS security space to learn more about this. So the question was more specifically about discussion groups, courses, books, certificates and so on… This was also a twitter thread from a while ago to which I responded with some information I share here as well (https://twitter.com/dietersar/status/1549734662322487296)

I briefly touched this subject in my first post (Becoming an ICS Security Specialist) and I thought it was about time to share some updated information and resources on this.

Several people have already shared similar (if not the same) information on their blogsite as well, for example Rob Lee’s post has already a lot of very good resources to dig into (https://www.robertmlee.org/a-collection-of-resources-for-getting-started-in-icsscada-cybersecurity/) but here it goes.

Disclaimer: This list is far from complete is very much not preferential treatment for anyone or anything on here. Please feel free to let me know if you feel that certain links/resources are missing.

Twitter Handles to follow (Random Order, far from a complete list): @ICS_SCADA @icscybernz @securePLC @jfslowik @ControlsCyber @shipulin_anton @hacks4pancakes @magg_py @Marmusha @ics_Marty @R1ngZer0 @arnaudsoullie @M_Vingaard @montaelkins @DreamFighter22 @lvandenaweele @ICS_Village @SANSICS @cutaway @beerisac @ICSSecurityGeek @_Khalid_Ansari @Secure_ICS_OT @CyberSnark @epablosensei @IcsNick @ron_brash @SorenEKnudsen @tnvolsfan29 @aginter @jdchristopher @meeas @Ka0sKl0wN @otsecurity @chrissistrunk @voteblake @mtoecker @ReverseICS @beirer @deancybersec @NathanSWallace @Kevin_ICS @scadadefender @info_CCI @ICS_Secure @icssec @Derek_Harp @ICSISAC @RobertMLee @Tom_VanNorman @JimGilsinn @SCADAhacker @digitalbond @SCADAfence @PatrickCMiller

Twitter Tags to follow: #SCADA #ICS #IEC62443 #OTSecurity #ICSSecurity #beerisac

Twitter Lists

• Global CERTs/CSIRTs/ISACs
• ICS Cyber Security
• ICS Security
• ICS Security Influencers
• ICS/OT

Courses

• SANS ICS courses (https://www.sans.org/industrial-control-systems-security/)
• Justin Searle’s courses (https://www.controlthings.io/)
• Arnoud Soullie’s courses (https://ics-cybersecurity.academy/)

PLC related Training:

• PLC Programming training (https://electrical-engineering-portal.com/resources/plc-programming-training)
• Factory I/O – virtualized training environment (https://docs.factoryio.com/)
• Virtual Industrial Security Lab (https://rodrigocantera.com/en/category/virtual-industrial-cybersecurity-lab/)

Certificates:

• IEC62443 Security certificates (https://www.isa.org/certification/certificate-programs/cybersecurity)
• SANS ICS Certificates: GRID, GICSP

Conferences

• CS3STHLM (https://cs3sthlm.se/)
• SANS ICS Summits (https://www.sans.org/industrial-control-systems-security/)
• DefCon ICS-Village (https://www.icsvillage.com/events)
• BruCon ICS-Village (https://www.brucon.org)
• S4 (https://s4xevents.com/)
• ICS-CPH (https://insightevents.dk/isc-cph/)

Books

• Critical Infrastructure (4th Ed), Radvanovsky – McDougall – ISBN 978-1-138-05779-1
• Handbook of SCADA/Control Systems Security (2nd Ed) – ISBN 978-1-498-71707-6
• Secure Operations Technology, Andrew Ginter – ISBN 978-0-9952984-2-2
• Industrial CyberSecurity (2nd Ed), Pascal Ackerman – ISBN 978-1-80020-209-2
• Industrial Network Security (2nd Ed) – ISBN 978-0-12-420114-9
• Hacking Exposed – Industrial Control Systems – ISBN 978-1-25-958971-3
• Securing Scada systems – ISBN 0-7645-9787-6
• Cybersecurity for Industrial Control Systems – ISBN 978-1-4398-0196-3
• Hacking Scada / Industrial Control Systems, Christopher Atkins – ISBN 978-1-5330-2206-6
• Security Assessment of Scada Protocols – ISBN 978-3-8364-5990-7
• Scada Security – What’s broken and how to fix it – ISBN 978-0-9952984-0-8
• The hardware hacking handbook – ISBN 978-1-59327-874-8
• Practical IoT hacking – ISBN 978-1-7185-0090-7
• Hacking the Human, Ian Mann – ISBN 978-0-566-08773-8
• Security PHA Review for consequence based cybersecurity – ISBN 978-1-64331-000-8
• Countering Cyber Sabotage, A Bochman, Sarah Freeman – ISBN 978-0-367-49115-4
• Sandworm, Andy Greenberg – ISBN 978-0-385-54440-5
• Blackout, Marc Elsberg – ISBN 978-1-492-65469-8
• Code Zero, Marc Elsberg – ISBN 978-1-784-16348-8
• Countdown to Zero Day, Kim Zetter – ISBN 978-0-770-43619-3

Podcast: BeerIsac OT Security Podcast (https://www.listennotes.com/listen/beerisac-otics-security-podcast-playlist-j-G0QwC8Zsu/episodes/)

Discord Groups

• ControlThings
• Defcon (more specifically ICS-Village)
• Cutaway

Also some previous posts on this blog touch this subject:

• Security testing for ICS Owners – Back to Basics …
• Security testing for ICS Owners – Back to Basics – recording
• using IEC62443-2-4 to reach a more secure ICS – Vendor validation
• Cybersecurity testing for ICS – pitfalls and wins