Threat hunting in ICS environments must consider safety. IT and ICS systems have different missions, objectives, impacts during an incident, and different assets like embedded operating systems, and engineering devices speaking non-traditional industrial protocols. Adversaries targeting ICS must use different attack tactics and techniques for access, execution, collection, and persistence, etc., to degrade safety, manipulate control, damage physical engineering assets, etc. Thus, ICS hunting, while sharing the core attributes of traditional hunting such as of hypothesis-driven efforts, needs to be adapted to critical infrastructure.
In this New ICS Threat Hunting webcast series, each webcast will build on the previous one. We will discuss and have a question and answers for each:
* ICS Threat Hunting PT1 - ICS Threat Hunting Benefits and When To Start
* ICS Threat Hunting PT2 - ICS Data Sources - Building ICS Threat Hunt Packages
* ICS Threat Hunting PT3 - Hunting in the ICS with Hypothesis-Driven Examples & Walkthroughs