As 2023 draws to a close, it becomes crucial for me, to pause and ponder over the path traversed through my journey. This year, I’ve really gotten into and explored deeply into the world of Operational Technology (OT) and Industrial Control Systems (ICS) cybersecurity, contributing a suite of 12 articles, building an ICS tool and participating in conferences . Allow me to encapsulate the essence of my explorations and insights for you.
ChatGPT and Cybersecurity
- Access and Automation: I harnessed the power of ChatGPT to automate scripts and streamline workflows, significantly enhancing my research efficiency.
- ICS/OT Knowledge: Despite initial limitations, I navigated through ChatGPT’s evolving capabilities, especially with the introduction of ChatGPT-4, to deepen my understanding of ICS/OT.
- Idea Generation: Utilizing ChatGPT for brainstorming, I conceptualized the ICSrank project, a testament to combining AI suggestions with years of dedicated research.
- ICS Consultant “ChatGPT”
- Navigating ICS/OT Security in 2023 with ChatGPT’s Web Feature
- Introducing ICS Recon: Simplifying Device Discovery and Fingerprinting in Industrial Control Systems
OT Hunt – At the Core of My Research
I concentrated on discovering online devices from major brands such as Honeywell, OPC, Schneider Electric, and Unitronics. My focus was on how to locate their ICS/OT devices online, create search dorks, and identify their vulnerabilities, providing essential knowledge for mastering OT cybersecurity.
- OT Hunt: OPC
- OT Hunt: KNX
- OT Hunt: Inhand industrial router
- OT Hunt: Nordex NC2
- OT Hunt: Honeywell Trend Controls – IQ controllers
- OT Hunt: Schneider Electric SCADAPack
- OT Hunt: Unitronics PCOM/PLC
Conferences
My first visit to Russia and participation as a speaker at the Kaspersky Industrial Cybersecurity Conference (KICS) 2022 marked a milestone, where I discussed LPG taxonomy attacks, a crucial element of my PhD research. Additionally, I served as a panel moderator at the CERC 2023 conference at Kuwait University and participating in the GCSC 2023 conference in Kuwait.
- Kaspersky Industrial Cybersecurity Conference 2022
- Reflections on My First Time as a Panel Moderator at CERC 2023
ICSrank – Bridging the Gap
The development of ICSrank, a web app rooted in my OT Hunt research, is nearing completion. This tool is designed to enhance the discovery of ICS/OT assets, leveraging customized dorks and search engines like Shodan.
ICS Arabia Podcast: Engaging Discussions with Industry professionals
This year, ICS Arabia podcast was active, ICS Arabia is a platform dedicated to deep dives into the world of ICS/OT security with experts in the field. Across four enlightening episodes and many short clips, I had the privilege of interviewing seasoned professionals, each bringing a unique perspective and wealth of knowledge to our discussions. Here’s a glimpse into the topics we covered:
- Hands-On ICS/OT Testbeds
- Conversations on OT Cybersecurity with Anton Shipullin
- ICS/OT Cybersecurity: Protection, IR, and Ransomware Insights
- EDR and ICS/OT Security: Best Practices and Real-World Applications
As I prepare to welcome the new year, I’m eager to continue this journey of discovery and contribution to the cybersecurity community. Stay tuned for the official release of ICSrank and more insightful articles.