A cybersecurity kill chain is a framework that helps security teams understand the sequence of events during an external attack. Derived from the military concept that identifies the steps in a military attack, a cyber kill chain breaks a cyber attack into steps to help security analysts understand the behaviors and tactics of threat actors.
SANS Institute released the Industrial Control System Kill Chain in 2015 to help analysts understand attackers’ behaviors and tactics specifically in ICS attacks. Based on Lockheed Martin’s IT Cyber Kill Chain, the ICS Cyber Kill Chain accounts for specific ICS security threats and the layered nature of ICS environments today.
The ICS Kill Chain is especially useful when conducting risk assessments and pen tests against ICS environments. In Chapter 17, “Penetration Testing ICS Environments,” of Industrial Cybersecurity, Second Edition, author Pascal Ackerman describes the ICS Kill Chain, including its evolution from the cyber kill chain, steps and phases, as well as how to base pen tests on the ICS Kill Chain. Download a PDF of Chapter 17 for more on ICS pen tests.
Click to learn more about‘Industrial Cybersecurity’ by
Pascal…
