Protecting Industrial Control Systems (ICS) from cyber threats is paramount to ensure the reliability and security of critical infrastructure. Organizations must proactively identify vulnerabilities and strengthen their incident response capabilities as attack vectors evolve. This research explores implementing an Attack Surface Management (ASM) approach, utilizing Recon FTW, to assess an operating ICS environment’s security posture comprehensively.

The primary objective of this research is to develop a tool for performing reconnaissance in an ICS environment with a non-intrusive approach, enabling the realistic simulation of potential threat scenarios and the identification of critical areas requiring immediate attention and remediation. We aim to replicate standard information-gathering techniques employed by adversaries and show the efficiency of the methods.

The research outcomes will provide valuable insights into incident response readiness and deliver an efficient, reliable, and fast tool for performing basic reconnaissance without invasive methods. The findings contribute to developing a comprehensive incident response strategy explicitly tailored for ICS environments, ultimately bolstering the resilience and security of the critical infrastructure.