Industrial Network Security

Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems


  • Eric Knapp, Director of Critical Infrastructure Markets for NitroSecurity
  • Joel Thomas Langill, Has nearly 30 years experience in in-depth, comprehensive industrial control systems architecture, product development, implementation, upgrade and remediation.

Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems describes an approach to ensure the security of industrial networks by taking into account the unique network, protocol, and application characteristics of an industrial control system, along with various compliance controls. It offers guidance on deployment and configuration, and it explains why, where, and how security controls should be implemented. Divided into 11 chapters, the book explains the basics of Ethernet and Transmission Control Protocol/Internet Protocol (TCP/IP) networking communications and the SCADA and field bus protocols. It also discusses industrial networks as they relate to “critical infrastructure” and cyber security, potential risks and consequences of a cyber attack against an industrial control system, compliance controls in relation to network security practices, industrial network protocols, such as Modbus and DNP3, assessment of vulnerabilities and risk, how to secure enclaves, regulatory compliance standards applicable to industrial network security, and common pitfalls and mistakes, like complacency and deployment errors. This book is a valuable resource for plant operators and information security analysts, as well as compliance officers who want to pass an audit with minimal penalties and/or fines.
View full description


Information Technology and security professionals working on networks and control systems operations


Book information

  • Published: August 2011
  • Imprint: SYNGRESS
  • ISBN: 978-1-59749-645-2


"One of the most mysterious areas of information security is industrial system security...What raises the mystery even higher is that the stakes in the area of industrial security are extremely high. While the loss of trade secret information may kill a business, the loss of electricity generating capability may kill not just one person, but potentially thousands. And finally the mystery is solved-with this well-researched book on industrial system network security."--Dr. Anton A. Chuvakin, Security Warrior Consulting
"For those looking to get a handle on how to effectively secure critical infrastructure networks, Industrial Network Security is an excellent reference… The reality is that industrial system security can be effectively secured, and the book shows the reader exactly how to do that. In 11 densely written chapters, the book covers all of the necessary areas in which to secure critical infrastructure systems… For those looking for a solid overview of the topic, Industrial Network Security is an excellent reference."--Security Management

Table of Contents

About the AuthorAbout the Technical EditorForewordChapter 1 Introduction    Book Overview and Key Learning Points    Book Audience    Diagrams and Figures    The Smart Grid    How This Book Is Organized         Chapter 2: About Industrial Networks         Chapter 3: Introduction to Industrial Network Security         Chapter 4: Industrial Network Protocols         Chapter 5: How Industrial Networks Operate         Chapter 6: Vulnerability and Risk Assessment         Chapter 7: Establishing Secure Enclaves         Chapter 8: Exception, Anomaly, and Threat Detection         Chapter 9: Monitoring Enclaves         Chapter 10: Standards and Regulations         Chapter 11: Common Pitfalls and Mistakes    ConclusionChapter 2 About Industrial Networks    Industrial Networks and Critical Infrastructure         Critical Infrastructure         Critical versus Noncritical Industrial Networks    Relevant Standards and Organizations         Homeland Security Presidential DirectiveSeven/HSPD-7         NIST Special Publications (800 Series)         NERC CIP         Nuclear Regulatory Commission         Federal Information Security Management Act         Chemical Facility Anti-Terrorism Standards         ISA-99         ISO 27002    Common Industrial Security Recommendations         Identification of Critical Systems         Network Segmentation/Isolation of Systems         Defense in Depth         Access Control    The Use of Terminology Within This Book         Networks, Routable and Non-routable         Assets, Critical Assets, Cyber Assets, and Critical Cyber Assets         Enclaves         Electronic Security Perimeters    Summary    EndnotesChapter 3 Introduction to Industrial Network Security    The Importance of Securing Industrial Networks    The Impact of Industrial Network Incidents         Safety Controls         Consequences of a Successful Cyber Incident    Examples of Industrial Network Incidents         Dissecting Stuxnet         Night Dragon    APT and Cyber War         The Advanced Persistent Threat         Cyber War         Emerging Trends in APT and Cyber War         Still to Come         Defending Against APT         Responding to APT    Summary    EndnotesChapter 4 Industrial Network Protocols    Overview of Industrial Network Protocols    Modbus         What It Does         How It Works         Variants         Where It Is Used         Security Concerns         Security Recommendations    ICCP/TASE.2         What It Does         How It Works         Where It Is Used         Security Concerns         Security Improvements over Modbus         Security Recommendations    DNP3         What It Does         How It Works         Secure DNP3         Where It Is Used         Security Concerns         Security Recommendations    OLE for Process Control         What It Does         How It Works         OPC-UA and OPC-XI         Where It Is Used         Security Concerns         Security Recommendations    Other Industrial Network Protocols         Ethernet/IP         Profibus         EtherCAT         Ethernet Powerlink         SERCOS III    AMI and the Smart Grid         Security Concerns         Security Recommendations    Summary    EndnotesChapter 5 How Industrial Networks Operate    Control System Assets         IEDs         RTUs         PLCs         HMIs         Supervisory Workstations         Data Historians         Business Information Consoles and Dashboards         Other Assets    Network Architectures         Topologies Used    Control System Operations         Control Loops         Control Processes         Feedback Loops         Business Information Management    Control Process Management    Smart Grid Operations    Summary    EndnotesChapter 6 Vulnerability and Risk Assessment    Basic Hacking Techniques         The Attack Process         Targeting an Industrial Network         Threat Agents    Accessing Industrial Networks         The Business Network         The SCADA DMZ         The Control System         Common Vulnerabilities         The Smart Grid    Determining Vulnerabilities         Why Vulnerability Assessment Is Important         Vulnerability Assessment in Industrial Networks         Vulnerability Scanning for Configuration Assurance         Where to Perform VA Scans         Cyber Security Evaluation Tool    Vulnerability Management         Patch Management         Configuration Management         Device Removal and Quarantine    Summary    EndnotesChapter 7 Establishing Secure Enclaves    Identifying Functional Groups         Network Connectivity         Control Loops         Supervisory Controls         Control Processes         Control Data Storage         Trading Communications         Remote Access         Users and Roles         Protocols         Criticality         Using Functional Groups to Identify Enclaves    Establishing Enclaves         Identifying Enclave Perimeters         Network Alterations         Enclaves and Security Policy Development         Enclaves and Security Device Configurations    Securing Enclave Perimeters         Selecting Perimeter Security Devices         Implementing Perimeter Security Devices         Intrusion Detection and Prevention (IDS/IPS) Configuration Guidelines    Securing Enclave Interiors         Selecting Interior Security Systems    Summary    EndnotesChapter 8 Exception, Anomaly, and Threat Detection    Exception Reporting    Behavioral Anomaly Detection         Measuring Baselines         Anomaly Detection    Behavioral Whitelisting         User Whitelists         Asset Whitelists         Application Behavior Whitelists    Threat Detection         Event Correlation         Correlating between IT and OT Systems    Summary    EndnotesChapter 9 Monitoring Enclaves    Determining What to Monitor         Security Events         Assets         Configurations         Applications         Networks         User Identities and Authentication         Additional Context         Behavior    Successfully Monitoring Enclaves         Log Collection         Direct Monitoring         Inferred Monitoring         Information Collection and Management Tools (Log Management Systems, SIEMs)         Monitoring Across Secure Boundaries    Information Management         Queries         Reports         Alerts         Incident Investigation and Response    Log Storage and Retention         Nonrepudiation         Data Retention/Storage         Data Availability    Summary    EndnotesChapter 10 Standards and Regulations    Common Standards and Regulations         NERC CIP         CFATS         ISO/IEC 27002:2005         NRC Regulation 5.71         NIST SP 800-82    Mapping Industrial Network Security to Compliance         Perimeter Security Controls         Host Security Controls         Security Monitoring Controls    Mapping Compliance Controls to Network Security Functions    Common Criteria and FIPS Standards         Common Criteria         FIPS 140-2    Summary    EndnotesChapter 11 Common Pitfalls and Mistakes    Complacency         Vulnerability Assessments vs. Zero-Days         Real Security vs. Policy and Awareness         The Air Gap Myth    Misconfigurations         Default Accounts and Passwords         Lack of Outbound Security and Monitoring         The Executive Override         The Ronco Perimeter    Compliance vs. Security         Audit Fodder         The “One Week Compliance Window”    Scope and Scale         Project-Limited Thinking         Insufficiently Sized Security Controls    Summary    EndnotesGlossaryAppendix AAppendix BAppendix CIndex