Text: NIST SP 800-82r3


Reference, Free

Securing Critical Infrastructure

Sam Bowne

Online class--connect to:
https://zoom.us/j/4108472927
Password: student1

Schedule · Projects

Class Description

Critical infrastructure like water treatment plants and air traffic control towers are under constant attack by hostile nations, and securing them is a national priority. This workshop covers industrial automation systems, network security monitoring, incident response, and machine learning. Participants will perform many hands-on projects configuring systems, attacking them, and defending them.

All class materials are freely available on the Web and may be easily used in other classes.

Pre-requisites

Participants should understand networking at the Network+ level.

At-home computer requirements

Participants should have a computer with at least two monitors, so they can easily read instructions while performing projects.

Three specific goals

  • Identify the main Operational Technology network protocols and their weaknesses
  • Detect intrusions and respond effectively to them
  • Build machine learning systems and defend them

Reference

NIST SP 800-82r3: Guide to Operational Technology (OT) Security (free)

Schedule

Tue, Dec 10 

Operational Technology

Preparing Windows and Linux Servers
Implementing Modbus
Configuring OpenPLC
Using Ladder Logic
Examining DNP3 Traffic
Simulating a factory with FactoryIO
Destroying a factory with Metasploit

Network Security Monitoring

Threat Hunting with Splunk

Wed, Dec 11 

Incident Response

Threat Intelligence

The ATT&CK Matrix

Threat Hunting

Using Zeek to analyze network traffic
Detecting ransomware with Splunk and Sysmon

Analyzing Attacks

Using Velociraptor
Using VirusTotal
Using Yara to classify files
Prefetch forensics to identify recent processes

Network Forensics

Using Nmap to identify network processes
Analyzing an attack with Wireshark
Packet crafting with Scapy
Using Packettotal to analyze network malware

Thu, Dec 12 

Machine Learning

Understanding Prompts

ML 130: Prompt Injection

Google Learning

GL_Badges: Google Learning

Security Risks

ML 150: OWASP Machine Learning Security Top Ten
ML 151: OWASP Top 10 for LLM Applications
ML 152: Microsoft Copilot Security

Awareness: Demonstrating Capabilities

ML 100: Machine Learning with TensorFlow
ML 101: Computer Vision
ML 102: Breaking a CAPTCHA (
ML 103: Deblurring Images

Technical: Inner Components

ML 104: Analyzing Input Data
ML 105: Classification
ML 112: Support Vector Machines
ML 113: Decision Trees
ML 114: Ensemble Learning and Random Forests
ML 115: Dimensionality Reduction
ML 116: k-Means Clustering

Attacks

ML 106: Data Poisoning
ML 107: Evasion Attack with SecML
ML 108: Evasion Attack on MNIST dataset
ML 109: Poisoning Labels with SecML
ML 110: Poisoning by Gradients
ML 111: Poisoning the MNIST dataset

Defenses

ML 140: Deep Neural Rejection

Large Language Models

ML 120: Bloom LLM
ML 121: Prompt Engineering Concepts
ML 122: Comparing LLMs on Colab
ML 123: Running Llama 3 Locally
ML 124: Evaluating an LLM with Trulens
ML 126: Building RAGs
ML 127: Encoding Text with BERT
ML 128: Using AnythingLLM to Embed Custom Data
ML 129: Embedding Words with BERT

Lectures

1 Understanding Operational Technology KEY · PDF
2 Fundamentals of OT Systems KEY · PDF

Projects

D 1: Windows 2022 Server Virtual Machine (15 pts)
OT 100: Modbus (30 pts + 50 extra)
ED 30: Linux Virtual Machine (15 pts)
OT 101: OpenPLC (15 pts)
OT 102: Ladder Logic (15 pts)
OT 110: DNP3 (15 pts)
OT 111: DNP3 Protocol (30 pts)
OT 120: FactoryIO (10 pts)
OT 121: Destroying a Factory (25 pts)

Extra Credit Projects

H 201: Google Cloud Linux Server (10 pts extra)
F 60: Cloud Server on Azure (15 pts extra)
F 61: Windows Server on Google Cloud (15 pts extra)
D 7: Windows Server on Mac M1 or M2 (15 pts extra)

Last Updated: 9-24-24