As a computer security specialist for your organization you are tasked with investigating abnormal I&C process behaviors and determining a possible cause.
After performing a baseline of normal operational behavior of the system by using trend graphs and network fingerprinting, compare baselines to abnormal operations and identify the malicious source. Methods to monitor, identify, respond, mitigate, and prevent attacks on your own environment will be demonstrated.
Before continuing with this exercise, be familiar with the following:
Knowing the basic operation of the process will help you better understand the baseline concept of this exercise. If you encounter any problems please ask for help.
Operating the test system (i.e. High and Low tank alarms, tank level operation, valve positioning, trends, etc.) will provide an understanding of normal operations. By documenting baseline system operations you can recognize when something changes that could be the result of hardware failure, human error, or malicious intent.