ics-overview - SKILL.md Agent Skill

name: ics-overview description: > Use when the target is an industrial control system or operational technology network running Modbus, BACnet, S7Comm/S7Comm Plus, DNP3, OPC-UA, or any PLC/HMI/SCADA stack. Engagements MUST set RoE flag industrial_safety_critical=true; this catalog gates every write-scope operation behind explicit operator confirmation regardless of HITL middleware. metadata: subdomain: ics when_to_use: "ics ot industrial control modbus bacnet s7comm dnp3 opcua plc hmi scada safety-critical operational technology" tags: ics, ot, scada, plc, hmi, modbus, bacnet, s7, dnp3, opcua mitre_attack: T0800, T0801, T0859, T0830, T0814, T0846 safety_critical: true

ICS / OT Operator Skill Catalog

Industrial engagements are not application security with longer rules of engagement — they are a different discipline. A miswritten Modbus coil on a real plant kills people. This catalog is read-mostly by default; every write-scope skill carries an explicit safety gate.

Hard rules

No writes without OPPLAN.safety_critical confirmation. The middleware refuses writes when the active OPPLAN objective does not carry safety_critical_confirmed=true. Bypass requires operator signature in /workspace/safety-attestation.txt.
Read-only protocol discovery first. Identify what's on the wire before any active probing. Many ICS protocols are unauthenticated; a single malformed read can crash an old PLC.
Out-of-band physical safety. The blue team includes plant ops. A ConOps with blue_team.plant_ops_phone is mandatory for engagements on active production lines.

Playbooks

Skill	Use for
`/skills/standard/ics/modbus-discovery/SKILL.md`	Read-only Modbus TCP/RTU enumeration, function code 3/4 polling
`/skills/standard/ics/modbus-write/SKILL.md`	GATED Write coils / registers; safety gate enforced
`/skills/standard/ics/bacnet-discovery/SKILL.md`	BACnet/IP Who-Is, object enumeration, device profile
`/skills/standard/ics/s7comm/SKILL.md`	Siemens S7 / S7Comm Plus enumeration via Snap7 / python-snap7
`/skills/standard/ics/dnp3/SKILL.md`	DNP3 outstation / master discovery; integrity poll
`/skills/standard/ics/opcua/SKILL.md`	OPC-UA browse, anonymous auth check, certificate analysis
`/skills/standard/ics/hmi-web/SKILL.md`	HMI web stacks (Wonderware, Iconics, Schneider) — known CVEs
`/skills/standard/ics/engineering-software/SKILL.md`	TIA Portal / Studio 5000 / Unity Pro project extraction

Workflow

Passive observation: tap a SPAN port if available. Identify protocols on the wire (tshark -Y modbus || tshark -Y bacnet || ...).
Network-layer discovery: nmap with -sV --script modbus-discover, bacnet-info, s7-info, dnp3-info (NSE scripts ship in Kali by default; some are slow — set -T2 for production networks).
Function-code-3 polling: read holding registers from every Modbus device discovered. Log register maps to the knowledge graph as :Service nodes with protocol=modbus.
Identify the safety integrity level (SIL) of any device touched. SIL 3+ devices NEVER get write probes without plant-ops sign-off.
Engineering software attack path: if you can reach the engineering workstation, extract the project archive (.s7p, .acd, .stp). The project file is the crown jewel — it reveals the entire process model.

Detection gap

ICS networks rarely have host-based detection on PLCs/RTUs themselves — the detection stack lives on the engineering workstation, the historian, and any IT/OT gateway. Detector agent should generate Sigma rules targeting:

Function-code anomalies (write to coils outside normal ranges).
Connection sources outside the documented MES/SCADA IP set.
TIA Portal / Studio 5000 project download events.

Out of scope by default

Active glitching of PLC firmware; firmware upload to PLCs; safety controller writes — all of these require an explicit RoE annex signed by the asset owner. The default ICS RoE template in soundwave/ includes this annex skeleton.