Back to articles
Volume: 33 | Article ID: art00011
Conception and Implementation of Professional Laboratory Exercises in the field of ICS/SCADA Security Part II: Red Teaming and Blue Teaming
  DOI :  10.2352/ISSN.2470-1173.2021.3.MOBMU-074  Published OnlineJune 2021

Industrial control systems are essential for producing goods, generating electricity, maintaining infrastructure, and transporting energy, water, and gas. They form the core of the critical infrastructure of modern industrial nations and are therefore of particular interest. Through the increased interconnectivity of formerly isolated ICS process environments and the use of standard IT technologies such as Ethernet, processes can be optimized and synergies leveraged.However, ICS/SCADA also becomes the target of the same cyber-attacks as conventional IT systems. It is, therefore, necessary to combine the accumulated knowledge and experience of IT security with the classic Safety-First-mentality of ICS/SCADA-environments in order to avoid significant problems in the foreseeable future.The new course was created for precisely this purpose. The approach of investigating the security of systems and organizations in Red and Blue Teams has long proven it is worth and is used worldwide.This second part of the exercises describes the Blue Team action in case of an attack and beyond.As opposed to Red Teaming, Blue Teaming is an independent group that develops defenses against Red Team activities to improve an organization’s effectiveness and security and tests and improves them during a Red Team attack.The present work aims to impart the interfacing knowledge; in the practical exercises of Blue Teaming, weaknesses of these hybrid infrastructures and systems are identified, and decisions are discussed on how to counteract possible attacks or even prevent them in advance. Throughout the course, students will participate in numerous practical exercises using the tools and techniques that form the basis of decision-making to prevent attacks on infrastructures, such as industrial control systems. A detailed accompanying theory precedes the exercises, and the course is structured as follows:Introduction <list list-type="bullet"> <list-item>ICS Cyber Kill Chain</list-item> <list-item>Types of information gathering</list-item> </list>Blue Team Tools <list list-type="bullet"> <list-item>VirusTotal</list-item> <list-item>Dynamic malware analysis with</list-item> <list-item>Checksum generation with Linux commands</list-item> </list>Incident-Response Complex exercise: Part 1 <list list-type="bullet"> <list-item>Preparation</list-item> <list-item>Detection & Analyses</list-item> <list-item>Containment</list-item> </list>Incident-Response Complex exercise: Part 2 <list list-type="bullet"> <list-item>Eradication</list-item> <list-item>Recovery</list-item> <list-item>Post Incident Activity</list-item> </list>

Subject Areas :
Views 43
Downloads 15
 articleview.views 43
 articleview.downloads 15
  Cite this article 

Maximilian Richter, Klaus Schwarz, Reiner Creutzburg, "Conception and Implementation of Professional Laboratory Exercises in the field of ICS/SCADA Security Part II: Red Teaming and Blue Teamingin Proc. IS&T Int’l. Symp. on Electronic Imaging: Mobile Devices and Multimedia: Technologies, Algorithms &amp; Applications,  2021,  pp 74-1 - 74-13,

 Copy citation
  Copyright statement 
Copyright © Society for Imaging Science and Technology 2021
Electronic Imaging
Society for Imaging Science and Technology
IS&T 7003 Kilworth Lane • Springfield, VA 22151 USA