Today is the last day in 2022 and it’s been a wonderful year participating in the ICS world. Below is a summary of my articles that I have written this year. Happy new year everybody !
OT Hunt project
This is my personal project. I have been researching this topic for many years and decided to write about it this year . I have written 3 topics so far: OT Hunt: Yokogawa MW100 , OT Hunt: Moxa Nport and OT Hunt: WAGO PLC 750-88x . I also wrote about security of BACnet protocol: Hacking building automation systems.
ICS community on Twitter
I and ICS community have been quite active on Twitter this year as usual . I hope it stays that way. I tried to assemble a list of ICS professionals on Twitter ICS/OT CyberSecurity accounts to follow on Twitter. I also participated weekly in an ICS/OT space and it’s attended by Arabic speaking ICS professionals. Many ICS people started to move to Mastodon , as an alternative to Twitter just in case Twitter shuts down and because of other issues within the company. You can find me at Mastodon @alhasawi@hachyderm.io
ICS Malware
This is my observations on malware that target ICS. I wrote an article in an attempt to analyze ICS Malware .
Active Directory in ICS/OT
Is AD used in ICS/OT? What are the benefits/risks ? . I wrote an article Using Active Directory (AD) in ICS and included some useful guides.
Modern OT
Technology is changing and has or will have an effect on OT security in the future. Insecure by design is no longer accepted and there are efforts to change that design, read my article OT/ICS Secure by Design and Modern Historians .
Software Supply chain
During the last few years, many vendors started to provide solutions to fix the software supply chain issues in response to regulations and recent attacks on popular tools. I wrote 2 articles ICS/OT Supply Chain and Nmap and Sbom for ICS .
Guide to Industrial Control Systems (ICS) Security
I’m a fan of NIST SP 800-82 guide. It’s been updated , see my summary on NIST SP 800-82 Rev 3 .