COVID-19 Update: We are currently shipping orders daily. However, due to transit disruptions in some geographies, deliveries may be delayed. To provide all customers with timely access to content, we are offering 50% off Science and Technology Print & eBook bundle options. Terms & conditions.
Industrial Network Security - 1st Edition - ISBN: 9781597496452, 9781597496469

Industrial Network Security

1st Edition

Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems

0.0 star rating Write a review
Authors: Eric Knapp Joel Thomas Langill
Paperback ISBN: 9781597496452
eBook ISBN: 9781597496469
Imprint: Syngress
Published Date: 15th August 2011
Page Count: 360
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST

Institutional Subscription

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems covers implementation guidelines for security measures of critical infrastructure. The book describes an approach to ensure the security of industrial networks by taking into account the unique network, protocol, and application characteristics of an industrial control system, along with various compliance controls. It offers guidance on deployment and configuration, and it explains why, where, and how security controls should be implemented. It also discusses common pitfalls and mistakes and how to avoid them. After reading this book, students will understand and address the unique security concerns that face the world's most important networks.

This book examines the unique protocols and applications that are the foundation of industrial control systems and provides comprehensive guidelines for their protection. Divided into 11 chapters, it explains the basics of Ethernet and Transmission Control Protocol/Internet Protocol (TCP/IP) networking communications and the SCADA and field bus protocols. It also explores industrial networks as they relate to "critical infrastructure" and cyber security; potential risks and consequences of a cyber attack against an industrial control system; compliance controls in relation to network security practices; industrial network protocols such as Modbus and DNP3; assessment of vulnerabilities and risk; how to secure enclaves; regulatory compliance standards applicable to industrial network security; and common pitfalls and mistakes, like complacency and deployment errors.

This book is a valuable resource for plant operators and information security analysts, as well as compliance officers who want to pass an audit with minimal penalties and/or fines. It will also appeal to IT and security professionals working on networks and control systems operations.

Key Features

  • Covers implementation guidelines for security measures of critical infrastructure
  • Applies the security measures for system-specific compliance
  • Discusses common pitfalls and mistakes and how to avoid them


Information Technology and security professionals working on networks and control systems operations

Table of Contents

About the Author

About the Technical Editor


Chapter 1 Introduction

Book Overview and Key Learning Points

Book Audience

Diagrams and Figures

The Smart Grid

How This Book Is Organized

Chapter 2: About Industrial Networks

Chapter 3: Introduction to Industrial Network Security

Chapter 4: Industrial Network Protocols

Chapter 5: How Industrial Networks Operate

Chapter 6: Vulnerability and Risk Assessment

Chapter 7: Establishing Secure Enclaves

Chapter 8: Exception, Anomaly, and Threat Detection

Chapter 9: Monitoring Enclaves

Chapter 10: Standards and Regulations

Chapter 11: Common Pitfalls and Mistakes


Chapter 2 About Industrial Networks

Industrial Networks and Critical Infrastructure

Critical Infrastructure

Critical versus Noncritical Industrial Networks

Relevant Standards and Organizations

Homeland Security Presidential DirectiveSeven/HSPD-7

NIST Special Publications (800 Series)


Nuclear Regulatory Commission

Federal Information Security Management Act

Chemical Facility Anti-Terrorism Standards


ISO 27002

Common Industrial Security Recommendations

Identification of Critical Systems

Network Segmentation/Isolation of Systems

Defense in Depth

Access Control

The Use of Terminology Within This Book

Networks, Routable and Non-routable

Assets, Critical Assets, Cyber Assets, and Critical Cyber Assets


Electronic Security Perimeters



Chapter 3 Introduction to Industrial Network Security

The Importance of Securing Industrial Networks

The Impact of Industrial Network Incidents

Safety Controls

Consequences of a Successful Cyber Incident

Examples of Industrial Network Incidents

Dissecting Stuxnet

Night Dragon

APT and Cyber War

The Advanced Persistent Threat

Cyber War

Emerging Trends in APT and Cyber War

Still to Come

Defending Against APT

Responding to APT



Chapter 4 Industrial Network Protocols

Overview of Industrial Network Protocols


What It Does

How It Works


Where It Is Used

Security Concerns

Security Recommendations


What It Does

How It Works

Where It Is Used

Security Concerns

Security Improvements over Modbus

Security Recommendations


What It Does

How It Works

Secure DNP3

Where It Is Used

Security Concerns

Security Recommendations

OLE for Process Control

What It Does

How It Works


Where It Is Used

Security Concerns

Security Recommendations

Other Industrial Network Protocols




Ethernet Powerlink


AMI and the Smart Grid

Security Concerns

Security Recommendations



Chapter 5 How Industrial Networks Operate

Control System Assets





Supervisory Workstations

Data Historians

Business Information Consoles and Dashboards

Other Assets

Network Architectures

Topologies Used

Control System Operations

Control Loops

Control Processes

Feedback Loops

Business Information Management

Control Process Management

Smart Grid Operations



Chapter 6 Vulnerability and Risk Assessment

Basic Hacking Techniques

The Attack Process

Targeting an Industrial Network

Threat Agents

Accessing Industrial Networks

The Business Network


The Control System

Common Vulnerabilities

The Smart Grid

Determining Vulnerabilities

Why Vulnerability Assessment Is Important

Vulnerability Assessment in Industrial Networks

Vulnerability Scanning for Configuration Assurance

Where to Perform VA Scans

Cyber Security Evaluation Tool

Vulnerability Management

Patch Management

Configuration Management

Device Removal and Quarantine



Chapter 7 Establishing Secure Enclaves

Identifying Functional Groups

Network Connectivity

Control Loops

Supervisory Controls

Control Processes

Control Data Storage

Trading Communications

Remote Access

Users and Roles



Using Functional Groups to Identify Enclaves

Establishing Enclaves

Identifying Enclave Perimeters

Network Alterations

Enclaves and Security Policy Development

Enclaves and Security Device Configurations

Securing Enclave Perimeters

Selecting Perimeter Security Devices

Implementing Perimeter Security Devices

Intrusion Detection and Prevention (IDS/IPS) Configuration Guidelines

Securing Enclave Interiors

Selecting Interior Security Systems



Chapter 8 Exception, Anomaly, and Threat Detection

Exception Reporting

Behavioral Anomaly Detection

Measuring Baselines

Anomaly Detection

Behavioral Whitelisting

User Whitelists

Asset Whitelists

Application Behavior Whitelists

Threat Detection

Event Correlation

Correlating between IT and OT Systems



Chapter 9 Monitoring Enclaves

Determining What to Monitor

Security Events





User Identities and Authentication

Additional Context


Successfully Monitoring Enclaves

Log Collection

Direct Monitoring

Inferred Monitoring

Information Collection and Management Tools (Log Management Systems, SIEMs)

Monitoring Across Secure Boundaries

Information Management




Incident Investigation and Response

Log Storage and Retention


Data Retention/Storage

Data Availability



Chapter 10 Standards and Regulations

Common Standards and Regulations



ISO/IEC 27002:2005

NRC Regulation 5.71

NIST SP 800-82

Mapping Industrial Network Security to Compliance

Perimeter Security Controls

Host Security Controls

Security Monitoring Controls

Mapping Compliance Controls to Network Security Functions

Common Criteria and FIPS Standards

Common Criteria

FIPS 140-2



Chapter 11 Common Pitfalls and Mistakes


Vulnerability Assessments vs. Zero-Days

Real Security vs. Policy and Awareness

The Air Gap Myth


Default Accounts and Passwords

Lack of Outbound Security and Monitoring

The Executive Override

The Ronco Perimeter

Compliance vs. Security

Audit Fodder

The “One Week Compliance Window”

Scope and Scale

Project-Limited Thinking

Insufficiently Sized Security Controls




Appendix A

Appendix B

Appendix C



No. of pages:
© Syngress 2011
15th August 2011
Paperback ISBN:
eBook ISBN:

About the Authors

Eric Knapp

Eric D. Knapp is a globally recognized expert in industrial control systems cyber security, and continues to drive the adoption of new security technology in order to promote safer and more reliable automation infrastructures. He firsst specialized in industrial control cyber security while at Nitrosecurity, where he focused on the collection and correlation of SCADA and ICS data for the detection of advanced threats against these environments. He was later responsible for the development and implementation of end-to-end ICS cyber security solutions for McAfee, Inc. in his role as Global Director for Critical Infrastructure Markets. He is currently the Director of Strategic Alliances for Wurldtech Security Technologies, where he continues to promote the advancement of embedded security technology in order to better protect SCADA, ICS and other connected, real-time devices.

He is a long-time advocate of improved industrial control system cyber security and participates in many Critical Infrastructure industry groups, where he brings a wealth of technology expertise. He has over 20 years of experience in Infromation Technology, specializing in industrial automation technologies, infrastructure security, and applied Ethernet protocols as well as the design and implementation of Intrusion Prevention Systems and Security Information and Event Management systems in both enterprise and industrial networks. In addition to his work in information security, he is an award-winning author of cition. He studied at the University of New Hampshire and the University of London.

He can be found on Twitter @ericdknapp

Affiliations and Expertise

Director of Critical Infrastructure Markets for NitroSecurity

Joel Thomas Langill

Joel Langill brings a unique perspective to operational security with over three decades field experience exclusively in industrial automation and control. He has deployed ICS solutions covering most major industry sectors in more than 35 countries encompassing all generations of automated control from pneumatic to cloud-based services. He has been directly involved in automation solutions spanning feasibility, budgeting, front-end engineering design, detailed design, system integration, commissioning, support and legacy system migration.

Joel is currently an independent consultant providing a range of services to ICS end-users, system integrators, and governmental agencies worldwide. He works closely with suppliers in both consulting and R&D roles, and has developed a specialized training curriculum focused on applied operational security. Joel founded and maintains the popular ICS security website which offers visitors extensive resources in understanding, evaluating, and securing control systems. He developed a specialized training curriculum that focuses on applied cyber security and defenses for industrial systems. His website and social networks extends to readers in more than 100 countries globally.

Joel devotes time to independent research relating to control system security, and regularly blogs on the evaluation and security of control systems. His unique experience and proven capabilities have fostered business relationships with several large industry firms. Joel serves on the Board of Advisors for Scada Fence Ltd., works with venture capital companies in evaluating industrial security start-up firms, and is an ICS research focal point to CERT organizations around the world. He has contributed to multiple books on security, and was the technical editor for “Applied Cyber Security and the Smart Grid”.

Joel is a voting member of the ISA99 committee on industrial security for control systems, and was a lead contributor to the ISA99 technical report on the Stuxnet malware. He has published numerous reports on ICS-related campaigns including Heartbleed, Dragonfly, and Black Energy. His certifications include: Certified Ethical Hacker (CEH), Certified Penetration Tester (CPT), Certified SCADA Security Architect (CSSA), and TÜV Functional Safety Engineer (FSEng). Joel has obtained extensive training through the U.S. Dept. of Homeland Security FEMA Emergency Management Institute, having completed ICS-400 on incident command and crisis management. He is a graduate of the University of Illinois–Champaign with a BS (Bronze Tablet) in Electrical Engineering.

He can be found on Twitter @SCADAhacker

Affiliations and Expertise

Has nearly 30 years experience in in-depth, comprehensive industrial control systems architecture, product development, implementation, upgrade and remediation.


"One of the most mysterious areas of information security is industrial system security...What raises the mystery even higher is that the stakes in the area of industrial security are extremely high. While the loss of trade secret information may kill a business, the loss of electricity generating capability may kill not just one person, but potentially thousands. And finally the mystery is solved—with this well-researched book on industrial system network security."--Dr. Anton A. Chuvakin, Security Warrior Consulting
"For those looking to get a handle on how to effectively secure critical infrastructure networks, Industrial Network Security is an excellent reference… The reality is that industrial system security can be effectively secured, and the book shows the reader exactly how to do that. In 11 densely written chapters, the book covers all of the necessary areas in which to secure critical infrastructure systems… For those looking for a solid overview of the topic, Industrial Network Security is an excellent reference."--Security Management

Ratings and Reviews