Digital forensics and incident response (DFIR) in ICS networks: an introduction to OT cybersecurity. 🏭♨️🕵🏻🛡️👷♂️
OT cybersecurity expert Antti Rössi introduces digital forensics and incident response (DFIR) for industrial control systems (ICS) in his presentation, covering everything from the basics and terminology to a deep dive into the topic.
From the author:
“Good news” is:
👍 Few threat actors possess advanced ICS expertise.
👍 Process-specific attacks are difficult to execute.
👍 Traditional DFIR skills remain highly relevant.
The bad news is:
👎 Simple actions - such as a network scan - can disrupt industrial operations.
👎 Legacy systems remain very popular out there.
👎 Security training and tooling for ICS are still immature.
I would disagree with the author on one point: more and more threat actors are gaining expertise and knowledge in ICS systems, and we can see this in both the sophistication of attacks and the growing number of attempts.
Enjoy the presentation - it will definitely give you valuable perspective on OT cybersecurity and may even inspire you to pursue it as a career path. :)
More details:
Investigating Industrial Control Systems [Youtube]: https://lnkd.in/dUmhYD-B
