Back to articles
Articles
Volume: 33 | Article ID: art00011
Image
Conception and Implementation of Professional Laboratory Exercises in the field of ICS/SCADA Security Part II: Red Teaming and Blue Teaming
Maximilian Richter
Klaus Schwarz
Reiner Creutzburg
  DOI :  10.2352/ISSN.2470-1173.2021.3.MOBMU-074  Published OnlineJune 2021
Abstract

Industrial control systems are essential for producing goods, generating electricity, maintaining infrastructure, and transporting energy, water, and gas. They form the core of the critical infrastructure of modern industrial nations and are therefore of particular interest. Through the increased interconnectivity of formerly isolated ICS process environments and the use of standard IT technologies such as Ethernet, processes can be optimized and synergies leveraged.However, ICS/SCADA also becomes the target of the same cyber-attacks as conventional IT systems. It is, therefore, necessary to combine the accumulated knowledge and experience of IT security with the classic Safety-First-mentality of ICS/SCADA-environments in order to avoid significant problems in the foreseeable future.The new course was created for precisely this purpose. The approach of investigating the security of systems and organizations in Red and Blue Teams has long proven it is worth and is used worldwide.This second part of the exercises describes the Blue Team action in case of an attack and beyond.As opposed to Red Teaming, Blue Teaming is an independent group that develops defenses against Red Team activities to improve an organization’s effectiveness and security and tests and improves them during a Red Team attack.The present work aims to impart the interfacing knowledge; in the practical exercises of Blue Teaming, weaknesses of these hybrid infrastructures and systems are identified, and decisions are discussed on how to counteract possible attacks or even prevent them in advance. Throughout the course, students will participate in numerous practical exercises using the tools and techniques that form the basis of decision-making to prevent attacks on infrastructures, such as industrial control systems. A detailed accompanying theory precedes the exercises, and the course is structured as follows:Introduction <list list-type="bullet"> <list-item>ICS Cyber Kill Chain</list-item> <list-item>Types of information gathering</list-item> </list>Blue Team Tools <list list-type="bullet"> <list-item>VirusTotal</list-item> <list-item>Dynamic malware analysis with any.run</list-item> <list-item>Checksum generation with Linux commands</list-item> </list>Incident-Response Complex exercise: Part 1 <list list-type="bullet"> <list-item>Preparation</list-item> <list-item>Detection & Analyses</list-item> <list-item>Containment</list-item> </list>Incident-Response Complex exercise: Part 2 <list list-type="bullet"> <list-item>Eradication</list-item> <list-item>Recovery</list-item> <list-item>Post Incident Activity</list-item> </list>

Journal Title : Electronic Imaging
Publisher Name : Society for Imaging Science and Technology
Publisher Location : IS&T 7003 Kilworth Lane • Springfield, VA 22151 USA
Subject Areas :
Views 42
Downloads 14
 DOI 10.2352/ISSN.2470-1173.2021.3.MOBMU-074
 articleview.views 42
 articleview.downloads 14
  Cite this article 

Maximilian Richter, Klaus Schwarz, Reiner Creutzburg, "Conception and Implementation of Professional Laboratory Exercises in the field of ICS/SCADA Security Part II: Red Teaming and Blue Teamingin Proc. IS&T Int’l. Symp. on Electronic Imaging: Mobile Devices and Multimedia: Technologies, Algorithms &amp; Applications,  2021,  pp 74-1 - 74-13,  https://doi.org/10.2352/ISSN.2470-1173.2021.3.MOBMU-074

 Copy citation
  Copyright statement 
Copyright © Society for Imaging Science and Technology 2021
72010604
Electronic Imaging
2470-1173
Society for Imaging Science and Technology
IS&T 7003 Kilworth Lane • Springfield, VA 22151 USA
10.2352/ISSN.2470-1173.2021.3.MOBMU-074
2470-1173(20210618)2021:3L.741;1-
ei_24701173_v2021n3_input/s13.xml
/ist/ei/2021/00002021/00000003/art00011
Articles
Conception and Implementation of Professional Laboratory Exercises in the field of ICS/SCADA Security Part II: Red Teaming and Blue Teaming
RichterMaximilian
SchwarzKlaus
CreutzburgReiner
18062021
2021
3
74-1
74-13
2021
Industrial control systems are essential for producing goods, generating electricity, maintaining infrastructure, and transporting energy, water, and gas. They form the core of the critical infrastructure of modern industrial nations and are therefore of particular interest. Through the increased interconnectivity of formerly isolated ICS process environments and the use of standard IT technologies such as Ethernet, processes can be optimized and synergies leveraged.However, ICS/SCADA also becomes the target of the same cyber-attacks as conventional IT systems. It is, therefore, necessary to combine the accumulated knowledge and experience of IT security with the classic Safety-First-mentality of ICS/SCADA-environments in order to avoid significant problems in the foreseeable future.The new course was created for precisely this purpose. The approach of investigating the security of systems and organizations in Red and Blue Teams has long proven it is worth and is used worldwide.This second part of the exercises describes the Blue Team action in case of an attack and beyond.As opposed to Red Teaming, Blue Teaming is an independent group that develops defenses against Red Team activities to improve an organization’s effectiveness and security and tests and improves them during a Red Team attack.The present work aims to impart the interfacing knowledge; in the practical exercises of Blue Teaming, weaknesses of these hybrid infrastructures and systems are identified, and decisions are discussed on how to counteract possible attacks or even prevent them in advance. Throughout the course, students will participate in numerous practical exercises using the tools and techniques that form the basis of decision-making to prevent attacks on infrastructures, such as industrial control systems. A detailed accompanying theory precedes the exercises, and the course is structured as follows:Introduction <list list-type="bullet"> <list-item>ICS Cyber Kill Chain</list-item> <list-item>Types of information gathering</list-item> </list>Blue Team Tools <list list-type="bullet"> <list-item>VirusTotal</list-item> <list-item>Dynamic malware analysis with any.run</list-item> <list-item>Checksum generation with Linux commands</list-item> </list>Incident-Response Complex exercise: Part 1 <list list-type="bullet"> <list-item>Preparation</list-item> <list-item>Detection & Analyses</list-item> <list-item>Containment</list-item> </list>Incident-Response Complex exercise: Part 2 <list list-type="bullet"> <list-item>Eradication</list-item> <list-item>Recovery</list-item> <list-item>Post Incident Activity</list-item> </list>
open source intelligenceOSINTcybersecurityRed TeamBlue TeamShodanMaltegoCensys