Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions

Clint Bodungenis a professional security researcher and penetration tester with more than 20 years in the cyber security industry, and has been focusing exclusively on Industrial Control Systems (ICS) security since 2003. He began learning to program and hack computers around the age of 11, and has been developing applications and tools for the UNIX and Linux operating systems since the early 1990s. His professional cyber security career, however, began in 1995 when he was appointed the Computer Systems Security Officer (CSSO) and OPSEC Manager of his unit in the United States Air Force. After an honorable discharge from the Air Force, he worked for a small IT consulting firm as the network security specialist until he was independently contracted by a major antivirus product company to test their Intrusion Detection System (IDS) applications. This ultimately influenced his deep dive into security research and penetration testing. In 2003, he was introduced to ICS/SCADA when he was hired by an industrial automation consulting firm to help a major oil & gas company secure their SCADA system. Since then, Clint has lead ICS/SCADA security risk assessments (including vulnerability assessments and penetration testing) for many of the countrys top energy organizations, and he has developed dozens of ICS/SCADA security training courses. He continues his efforts in vulnerability research in collaboration with ICS vendors, and is frequently invited to speak at ICS/SCADA security conferences yearly.



Bryan L. Singer, CISSP, CAP, (Montevallo, AL) is an industry-recognized industrial security expert currently in the position of Principal Investigator with Kenexis Security Corporation, specializing primarily in industrial control systems and SCADA security. Bryan began his professional career with the U.S. Army as a paratrooper and intelligence analyst. Since fulfillment of his military service, Bryan has designed, developed, and implemented large scale industrial networks, cybersecurity architectures, and conducted penetration tests and cybersecurity assessments worldwide across various critical infrastructure fields including power, oil and gas, food and beverage, nuclear, automotive, chemical, and pharmaceutical operations.  In 2002, Bryan became the founding chairman of the ISA-99/62443 standard, which he led up until 2012.  His areas of technical expertise are in software development, reverse engineering, forensics, network design, penetration testing, and cybersecurity vulnerability assessments.  He is a published author as well as frequent speaker and contributor to the ICS security field.



Aaron Shbeeb (Houston, TX) became interested in programming and computer security in his early teenage years. He graduated from Ohio State University with a Bachelor's of Science degree in computer science engineering. He has worked for more than a decade in a v...

part 1: Setting the Stage: Putting ICS Penetration Testing in Context
case study 1: Recipe for Disaster
chapter 1: Introduction to ICS [in] Security
chapter 2: ICS Risk Assessment
chapter 3: ICS Threat Intelligence/Threat Modeling
case study 2: The Emergence of a Threat