Comprehensive Operational Technology & Industrial Control Systems Security Knowledge Base
Built from hands-on experience in a live chemical plant environment (Aarti Industries) + industry research
This repository is a practitioner-level knowledge base for OT/ICS cybersecurity, compiled by Adarsh Singh — a DevSecOps Engineer with hands-on Information Security internship experience inside a chemical manufacturing plant (Aarti Industries Ltd.), working directly with:
- Siemens S7-300/400 PLCs and TIA Portal
- Wonderware SCADA (InTouch/System Platform)
- Modbus TCP/RTU and OPC Classic/UA protocol traffic
- Purdue Model-segmented plant network architecture
- IT/OT convergence challenges in a live production environment
⚠️ All content is derived from learning, research, and sanitized observations. No proprietary or classified information is included.
OT-ICS-Security-Notes/
├── 01-Fundamentals/ # IT vs OT, key concepts, terminology
├── 02-Protocols/ # Modbus, OPC, DNP3, PROFINET, EtherNet/IP
├── 03-Architecture/ # Purdue Model, DMZ design, network segmentation
├── 04-Threats-and-Attacks/ # Threat landscape, malware, attack vectors
├── 05-Security-Controls/ # Compensating controls, hardening, patching
├── 06-Standards-and-Frameworks/ # IEC 62443, NERC CIP, NIST SP 800-82
├── 07-Tools-and-Techniques/ # Passive monitoring, asset discovery, Wireshark
├── 08-Incident-Response/ # ICS-specific IR playbooks
├── 09-Case-Studies/ # Stuxnet, TRITON, Ukraine Power Grid, Colonial
├── 10-Certification-Prep/ # GICSP, CSSA, CompTIA CySA+ OT track
└── assets/ # Diagrams, cheat sheets
| Section | Topics Covered |
|---|---|
| 01 - Fundamentals | IT vs OT differences, CIA triad inversion, key terminology |
| 02 - Protocols | Modbus TCP/RTU, OPC Classic/UA, DNP3, PROFINET, EtherNet/IP |
| 03 - Architecture | Purdue Model, network zones, DMZ, conduits |
| 04 - Threats & Attacks | ATT&CK for ICS, malware families, insider threats |
| 05 - Security Controls | Defense-in-depth, compensating controls, patch management |
| 06 - Standards & Frameworks | IEC 62443, NERC CIP, NIST SP 800-82, ISA/IEC |
| 07 - Tools & Techniques | Passive monitoring, Claroty, Dragos, Wireshark filters |
| 08 - Incident Response | OT-specific IR, forensics, recovery |
| 09 - Case Studies | Stuxnet, TRITON/TRISIS, Ukraine 2015/2016, Colonial Pipeline |
| 10 - Certification Prep | GICSP domains, practice Q&A |
- 🎓 Students preparing for GICSP, GRID, or CompTIA CySA+
- 🔵 Blue teamers moving into OT SOC / ICS monitoring roles
- 🏭 IT security professionals transitioning to OT environments
- 📋 Interview candidates for Claroty, Dragos, Siemens, Honeywell, Schneider Electric roles
- 🔍 Security researchers building OT threat intelligence
- Real-world context from a live chemical plant (not just theory)
- Protocol analysis with actual Modbus/OPC traffic patterns
- MITRE ATT&CK for ICS mapped to each threat
- Interview-ready Q&A sections in every module
- Continuously updated with CVEs and threat intel
This repository is for educational purposes only. All information is sourced from public research, vendor documentation, and sanitized learning experiences. No proprietary, confidential, or classified data is included.