Industrial Network Security
2nd Edition
Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems
Description
As the sophistication of cyber-attacks increases, understanding how to defend critical infrastructure systems—energy production, water, gas, and other vital systems—becomes more important, and heavily mandated. Industrial Network Security, Second Edition arms you with the knowledge you need to understand the vulnerabilities of these distributed supervisory and control systems.
The book examines the unique protocols and applications that are the foundation of industrial control systems, and provides clear guidelines for their protection. This how-to guide gives you thorough understanding of the unique challenges facing critical infrastructures, new guidelines and security measures for critical infrastructure protection, knowledge of new and evolving security tools, and pointers on SCADA protocols and security implementation.
Key Features
- All-new real-world examples of attacks against control systems, and more diagrams of systems
- Expanded coverage of protocols such as 61850, Ethernet/IP, CIP, ISA-99, and the evolution to IEC62443
- Expanded coverage of Smart Grid security
- New coverage of signature-based detection, exploit-based vs. vulnerability-based detection, and signature reverse engineering
Readership
Information Technology and security professionals working on networks and control systems operations
Table of Contents
- About the Authors
- Preface
- Acknowledgments
- Chapter 1: Introduction
- Book overview and key learning points
- Book audience
- Diagrams and figures
- The smart grid
- How this book is organized
- Conclusion
- Chapter 2: About Industrial Networks
- Abstract
- The use of terminology within this book
- Common industrial security recommendations
- Advanced industrial security recommendations
- Common misperceptions about industrial network security
- Summary
- Chapter 3: Industrial Cyber Security History and Trends
- Abstract
- Importance of securing industrial networks
- The evolution of the cyber threat
- Insider threats
- Hacktivism, cyber crime, cyber terrorism, and cyber war
- Summary
- Chapter 4: Introduction to Industrial Control Systems and Operations
- Abstract
- System assets
- System operations
- Process management
- Safety instrumented systems
- The smart grid
- Network architectures
- Summary
- Chapter 5: Industrial Network Design and Architecture
- Abstract
- Introduction to industrial networking
- Common topologies
- Network segmentation
- Network services
- Wireless networks
- Remote access
- Performance considerations
- Safety instrumented systems
- Special considerations
- Summary
- Chapter 6: Industrial Network Protocols
- Abstract
- Overview of industrial network protocols
- Fieldbus protocols
- Backend protocols
- Advanced metering infrastructure and the smart grid
- Industrial protocol simulators
- Summary
- Chapter 7: Hacking Industrial Control Systems
- Abstract
- Motives and consequences
- Common industrial targets
- Common attack methods
- Examples of weaponized industrial cyber threats
- Attack trends
- Dealing with an infection
- Summary
- Chapter 8: Risk and Vulnerability Assessments
- Abstract
- Cyber security and risk management
- Methodologies for assessing risk within industrial control systems
- System characterization
- Threat identification
- Vulnerability identification
- Risk Classification and Ranking
- Risk reduction and mitigation
- Summary
- Chapter 9: Establishing Zones and Conduits
- Abstract
- Security zones and conduits explained
- Identifying and classifying security zones and conduits
- Recommended security zone separation
- Establishing security zones and conduits
- Summary
- Chapter 10: Implementing Security and Access Controls
- Abstract
- Network segmentation
- Implementing network security controls
- Implementing host security and access controls
- How much security is enough?
- Summary
- Chapter 11: Exception, Anomaly, and Threat Detection
- Abstract
- Exception Reporting
- Behavioral anomaly detection
- Behavioral Whitelisting
- Threat Detection
- Summary
- Chapter 12: Security Monitoring of Industrial Control Systems
- Abstract
- Determining what to monitor
- Successfully monitoring security zones
- Information management
- Log storage and retention
- Summary
- Chapter 13: Standards and Regulations
- Abstract
- Common standards and regulations
- ISA/IEC-62443
- Mapping industrial network security to compliance
- Industry best practices for conducting ICS assessments
- Common Criteria and FIPS Standards
- Summary
- Appendix A: Protocol Resources
- Appendix B: Standards Organizations
- Appendix C: NIST Security Guidelines
- Glossary
- Index
Details
- No. of pages:
- 460
- Language:
- English
- Copyright:
- © Syngress 2015
- Published:
- 15th December 2014
- Imprint:
- Syngress
- eBook ISBN:
- 9780124201842
- Paperback ISBN:
- 9780124201149
About the Author
Eric Knapp
Eric D. Knapp is a globally recognized expert in industrial control systems cyber security, and continues to drive the adoption of new security technology in order to promote safer and more reliable automation infrastructures. He firsst specialized in industrial control cyber security while at Nitrosecurity, where he focused on the collection and correlation of SCADA and ICS data for the detection of advanced threats against these environments. He was later responsible for the development and implementation of end-to-end ICS cyber security solutions for McAfee, Inc. in his role as Global Director for Critical Infrastructure Markets. He is currently the Director of Strategic Alliances for Wurldtech Security Technologies, where he continues to promote the advancement of embedded security technology in order to better protect SCADA, ICS and other connected, real-time devices.
He is a long-time advocate of improved industrial control system cyber security and participates in many Critical Infrastructure industry groups, where he brings a wealth of technology expertise. He has over 20 years of experience in Infromation Technology, specializing in industrial automation technologies, infrastructure security, and applied Ethernet protocols as well as the design and implementation of Intrusion Prevention Systems and Security Information and Event Management systems in both enterprise and industrial networks. In addition to his work in information security, he is an award-winning author of cition. He studied at the University of New Hampshire and the University of London.
He can be found on Twitter @ericdknapp
Affiliations and Expertise
Director of Critical Infrastructure Markets for NitroSecurity
Joel Thomas Langill
Joel Langill brings a unique perspective to operational security with over three decades field experience exclusively in industrial automation and control. He has deployed ICS solutions covering most major industry sectors in more than 35 countries encompassing all generations of automated control from pneumatic to cloud-based services. He has been directly involved in automation solutions spanning feasibility, budgeting, front-end engineering design, detailed design, system integration, commissioning, support and legacy system migration.
Joel is currently an independent consultant providing a range of services to ICS end-users, system integrators, and governmental agencies worldwide. He works closely with suppliers in both consulting and R&D roles, and has developed a specialized training curriculum focused on applied operational security. Joel founded and maintains the popular ICS security website SCADAhacker.com which offers visitors extensive resources in understanding, evaluating, and securing control systems. He developed a specialized training curriculum that focuses on applied cyber security and defenses for industrial systems. His website and social networks extends to readers in more than 100 countries globally.
Joel devotes time to independent research relating to control system security, and regularly blogs on the evaluation and security of control systems. His unique experience and proven capabilities have fostered business relationships with several large industry firms. Joel serves on the Board of Advisors for Scada Fence Ltd., works with venture capital companies in evaluating industrial security start-up firms, and is an ICS research focal point to CERT organizations around the world. He has contributed to multiple books on security, and was the technical editor for “Applied Cyber Security and the Smart Grid”.
Joel is a voting member of the ISA99 committee on industrial security for control systems, and was a lead contributor to the ISA99 technical report on the Stuxnet malware. He has published numerous reports on ICS-related campaigns including Heartbleed, Dragonfly, and Black Energy. His certifications include: Certified Ethical Hacker (CEH), Certified Penetration Tester (CPT), Certified SCADA Security Architect (CSSA), and TÜV Functional Safety Engineer (FSEng). Joel has obtained extensive training through the U.S. Dept. of Homeland Security FEMA Emergency Management Institute, having completed ICS-400 on incident command and crisis management. He is a graduate of the University of Illinois–Champaign with a BS (Bronze Tablet) in Electrical Engineering.
He can be found on Twitter @SCADAhacker
Affiliations and Expertise
Has nearly 30 years experience in in-depth, comprehensive industrial control systems architecture, product development, implementation, upgrade and remediation.
Reviews
"...worth recommendation for people who are interested in modern industry control systems security. Additionally, it will be advantageous for university researchers and graduate students in the network security field, as well as to the industry specialists in the area of ICS." --IEEE Communications Magazine
"The second edition of this work seems to be much-needed. Vulnerabilities in industrial control systems show no signs of abating…" --Network Security