To my wife Janet; your love and guidance make the journey complete.
The Internet of Things (IoT) and industrial control systems (ICS) require special attention from a cybersecurity point of view. This is based on the well-known and -documented fact that the protocols and implementations have vulnerabilities that when exploited can produce considerable damage and provide an avenue for the exfiltration of data.
In addition, when examining these environments due to the dynamic nature and/or critical infrastructure implications, active scanning or probing of these environments is either discouraged or ineffective. Thus, passive monitoring of these environments offers insights into the behavior of these devices and the networks in which they operate. One of the core issues is the placement of the monitoring devices to provide visibility and coverage from both the wired and wireless points of view. There are vendor solutions that are offered today that rely on expensive hardware and software solutions that may lack flexibility.
Using a Raspberry Pi and open source Python software to passively monitor, detect, baseline, and provide insight into these behaviors has been called “crazy” by some. However, as you will see, the Raspberry Pi itself, with its multicore processor and integrated wired and wireless network components, provides the basic underpinnings necessary for a lightweight IoT/ICS sensor for less than $50.00. Couple that with an open source extensible Python software solution that dynamically reduces and records the most pertinent observations, and you have a low-cost, flexible, and nimble PiSensor for IoT and ICS environments.
A special thanks to Mike Raggo for his insight and encouragement throughout this process. Thank you for championing this project from the beginning and testing every version of the Pi sensor along the way. Your guidance, your friendship, and your quest to improve security and safety are inspiring.
Thanks to Carlton Jeffcoat and Cameron Covington at WetStone for deploying the sensor in live environments to passively map potential vulnerabilities and for providing insights to make the sensor even better.
Thanks to the Utica College cybersecurity graduate students who have experimented with the earliest to the final versions of PiSensor and have provided excellent feedback.
Thanks to Rita Fernando, Laura Berendson, Susan McDermott, and the whole team at Apress for your incredible patience throughout this process and for your constant encouragement.
Table of Contents
About the Author and About the Technical Reviewer
About the Author
is the Founder of Python Forensics, Inc., a nonprofit organization focused on the collaborative development of open source investigative technologies using the Python programming language. Chet has been researching and developing technology and training surrounding forensics, digital investigation, and steganography for over two decades. He has made numerous appearances to discuss emerging cyberthreats, including National Public Radio’s Kojo Nnamdi Show , ABC’s Primetime Thursday , NHK Japan, TechTV’s CyberCrime and ABC News Australia. He has also been a frequent contributor to technical and news stories relating to cybersecurity and forensics and has been interviewed and quoted by IEEE, The New York Times , The Washington Post , Government Computer News , Salon.com, and Wired Magazine .
Chet has authored five books within the cybersecurity domain, ranging from data hiding to forensics.
Chet serves as a visiting professor at Utica College in the Cybersecurity Graduate Program. He is also an adjunct faculty member at Champlain College in the Digital Forensic Science Program Masters Program.
Chet delivers keynote and plenary talks on various cybersecurity-related topics around the world each year.
About the Technical Reviewer
Chief Security Officer, 802 Secure (CISSP, NSA-IAM, ACE, CSI) has over 20 years of security research experience. His current focus is wireless IoT threats impacting the enterprise. Michael is the author of Mobile Data Loss: Threats and Countermeasures and Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols for Syngress Books, and contributing author for Information Security: The Complete Reference (2 nd edition). A former security trainer, Michael has briefed international defense agencies including the FBI and Pentagon, is a participating member of FSISAC/BITS and PCI, and is a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, HackCon, and SANS.