Techno Security's Guide to Securing SCADA

Around the world, SCADA (supervisory control and data acquisition) systems and other real-time process control networks run mission-critical infrastructure--everything from the power grid to water treatment, chemical manufacturing to transportation. These networks are at increasing risk due to the move from proprietary systems to more standard platforms and protocols and the interconnection to other networks. Because there has been limited attention paid to security, these systems are seen as largely unsecured and very vulnerable to attack.

This book addresses currently undocumented security issues affecting SCADA systems and overall critical infrastructure protection. The respective co-authors are among the leading experts in the world capable of addressing these related-but-independent concerns of SCADA security. Headline-making threats and countermeasures like malware, sidejacking, biometric applications, emergency communications, security awareness llanning, personnel & workplace preparedness and bomb threat planning will be addressed in detail in this one of a kind book-of-books dealing with the threats to critical infrastructure protection. They collectivly have over a century of expertise in their respective fields of infrastructure protection. Included among the contributing authors are Paul Henry, VP of Technology Evangelism, Secure Computing, Chet Hosmer, CEO and Chief Scientist at Wetstone Technologies, Phil Drake, Telecommunications Director, The Charlotte Observer, Patrice Bourgeois, Tenable Network Security, Sean Lowther, President, Stealth Awareness and Jim Windle, Bomb Squad Commander, CMPD.

• Internationally known experts provide a detailed discussion of the complexities of SCADA security and its impact on critical infrastructure
• Highly technical chapters on the latest vulnerabilities to SCADA and critical infrastructure and countermeasures
• Bonus chapters on security awareness training, bomb threat planning, emergency communications, employee safety and much more
• Companion Website featuring video interviews with subject matter experts offer a "sit-down" with the leaders in the field

IT and IT security managers and staff, control system engineers and operators, SCADA operators and engineers, systems integrators, IT security researchers, law enforcement in government and private industry worldwide

Lead Author

Contributors

Foreword Contributor

Foreword Contributor

Foreword

Chapter 1. Physical Security: SCADA and the Critical Infrastructure’s Biggest Vulnerability

Introduction

Summary

Solutions Fast Track

Frequently Asked Questions (and Special Interviews)

Chapter 2. Supervisory Control and Data Acquisition

Introduction

Just What Is SCADA?

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 3. SCADA Security Assessment Methodology

Introduction

Why Do Assessments on SCADA Systems?

Information Protection Requirements

An Approach to SCADA Information Security Assessments

Pre-Project Activities

Pre-Assessment Activities

On-Site Assessment Activities

Post Assessment Activities

Resources

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 4. Developing an Effective Security Awareness Program

Introduction

Why an Information Security Awareness Program Is Important

How to Design an Effective Information Security Awareness Program

How to Implement an Information Security Awareness Program

How Do You Keep Your Program a Successful Component of Your Company’s Mindset?

How to Measure Your Program

Summary

Solutions Fast Track

Chapter 5. Working with Law Enforcement on SCADA Incidents

Introduction

SCADA System Overview

Secure Network Management

Managing Security Events

Examples of Common Attack Techniques

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 6. Locked but Not Secure: An Overview of Conventional and High Security Locks

Introduction

Conventional Pin Tumbler Locks

Standards for Conventional and High Security Locks

The Concept of Security

Security Vulnerabilities of Conventional Locks: Why High Security Locks Are Supposed to Offer More Protection Against Methods of Entry

Covert Entry Techniques: Manipulation of Internal Locking Components

High Security to High Insecurity: Real World Attacks

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 7. Bomb Threat Planning: Things Have Changed

Introduction

The Day Our World Changed

Insider Information: Where Do These Guys Get This Stuff?

The Terrorist Profile

Potential Terror Targets

What Should I Be Looking For?

Searching: What Am I Looking For and Where?

Evacuation Plans

Summary

Chapter 8. Biometric Authentication for SCADA Security

Introduction

Understanding Biometric Systems and How They Are Best Used for SCADA Security

Choosing the Best Form of Measurement for Your System

Where are Biometric Authentication Regimes Vulnerable?

Anticipating Legal and Policy Changes That Will Affect Biometrics

Summary

Solutions Fast Track

Frequently Asked Questions

Appendix. Personal, Workforce, and Family Preparedness

Introduction

Threats

Your Personal Preparedness Plan

The Escape Pack

Workforce Preparedness

Steps for Successful Workforce Preparedness

Get Out, Get Away, and Get in Touch

Family Preparedness Plan

Preparedness Pantry

Water

Cooking

Testing Your Home Preparedness Plan

Family Ready Kit

No Lights? No Problem!

Emergency Power

Staying in Touch

Summary

Index