Techno Security's Guide to Securing SCADA

1st Edition

A Comprehensive Handbook On Protecting The Critical Infrastructure

Authors:

Description

Around the world, SCADA (supervisory control and data acquisition) systems and other real-time process control networks run mission-critical infrastructure--everything from the power grid to water treatment, chemical manufacturing to transportation. These networks are at increasing risk due to the move from proprietary systems to more standard platforms and protocols and the interconnection to other networks. Because there has been limited attention paid to security, these systems are seen as largely unsecured and very vulnerable to attack. This book addresses currently undocumented security issues affecting SCADA systems and overall critical infrastructure protection. The respective co-authors are among the leading experts in the world capable of addressing these related-but-independent concerns of SCADA security. Headline-making threats and countermeasures like malware, sidejacking, biometric applications, emergency communications, security awareness llanning, personnel & workplace preparedness and bomb threat planning will be addressed in detail in this one of a kind book-of-books dealing with the threats to critical infrastructure protection. They collectivly have over a century of expertise in their respective fields of infrastructure protection. Included among the contributing authors are Paul Henry, VP of Technology Evangelism, Secure Computing, Chet Hosmer, CEO and Chief Scientist at Wetstone Technologies, Phil Drake, Telecommunications Director, The Charlotte Observer, Patrice Bourgeois, Tenable Network Security, Sean Lowther, President, Stealth Awareness and Jim Windle, Bomb Squad Commander, CMPD.

Key Features

* Internationally known experts provide a detailed discussion of the complexities of SCADA security and its impact on critical infrastructure * Highly technical chapters on the latest vulnerabilities to SCADA and critical infrastructure and countermeasures * Bonus chapters on security awareness training, bomb threat planning, emergency communications, employee safety and much more * Companion Website featuring video interviews with subject matter experts offer a "sit-down" with the leaders in the field

Readership

IT and IT security managers and staff, control system engineers and operators, SCADA operators and engineers, systems integrators, IT security researchers, law enforcement in government and private industry worldwide

Table of Contents

Lead Author

Contributors

Foreword Contributor

Foreword Contributor

Foreword

Chapter 1. Physical Security: SCADA and the Critical Infrastructure’s Biggest Vulnerability

Introduction

Summary

Solutions Fast Track

Frequently Asked Questions (and Special Interviews)

Chapter 2. Supervisory Control and Data Acquisition

Introduction

Just What Is SCADA?

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 3. SCADA Security Assessment Methodology

Introduction

Why Do Assessments on SCADA Systems?

Information Protection Requirements

An Approach to SCADA Information Security Assessments

Pre-Project Activities

Pre-Assessment Activities

On-Site Assessment Activities

Post Assessment Activities

Resources

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 4. Developing an Effective Security Awareness Program

Introduction

Why an Information Security Awareness Program Is Important

How to Design an Effective Information Security Awareness Program

How to Implement an Information Security Awareness Program

How Do You Keep Your Program a Successful Component of Your Company’s Mindset?

How to Measure Your Program

Summary

Solutions Fast Track

Chapter 5. Working with Law Enforcement on SCADA Incidents

Introduction

SCADA System Overview

Secure Network Management

Managing Security Events

Examples of Common Attack Techniques

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 6. Locked but Not Secure: An Overview of Conventional and High Security Locks

Introduction

Conventional Pin Tumbler Locks

Standards for Conventional and High Security Locks

Details

No. of pages:
352
Language:
English
Copyright:
© 2008
Published:
Imprint:
Syngress
Electronic ISBN:
9780080569994
Print ISBN:
9781597492829

About the authors

Jack Wiles

Jack Wiles is a security professional with over 40 years' experience in security-related fields. This includes computer security, disaster recovery, and physical security. He is a professional speaker, and has trained federal agents, corporate attorneys, and internal auditors on a number of computer crime-related topics. He is a pioneer in presenting on a number of subjects, which are now being labeled "Homeland Security" topics. Well over 10,000 people have attended one or more of his presentations since 1988. Jack is also a co-founder and President of TheTrainingCo., and is in frequent contact with members of many state and local law enforcement agencies as well as Special Agents with the U.S. Secret Service, FBI, IRS-CID, U.S. Customs, Department of Justice, The Department of Defense, and numerous members of High-Tech Crime units. He was also appointed as the first President of the North Carolina InfraGard chapter, which is now one of the largest chapters in the country. He is also a founding member of the U.S. Secret Service South Carolina Electronic Crimes Task Force. Jack is also a Vietnam veteran who served with the 101st Airborne Division in Vietnam in 1967-68, where he was awarded two Bronze stars for his actions in combat. He recently retired from the U.S. Army Reserves as a lieutenant colonel and was assigned directly to the Pentagon for the final seven years of his career.

Ted Claypoole

Ted Claypoole is a Member of the law firm Womble Carlyle Sandridge and Rice, in Charlotte, North Carolina, in the Intellectual Property Transaction group, and a senior member of its Privacy and Data Management Team.

Phil Drake

Phil Drake is Communications Manager for the Charlotte Observer in Charlotte, N.C.

Paul Henry

Paul A. Henry, (MCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP,-ISSAP, CISM, CISA, CIFI) is the Vice President of Technology Evangelism at Secure Computing®. Paul is one of the world’s foremost global information security experts, with more than 20 years experience managing security initiatives for Global 2000 enterprises and government organizations worldwide.

Lester Johnson

Lester J. "Chip" Johnson Jr. is employed by the SCANA Corporation, a $ 9 Billion, Fortune 500, energy–based holding company, headquartered in Columbia, South Carolina. Mr. Johnson serves in the Corporate Security and Claims Department as a Manager with responsibility for Investigations and Crisis Management.

Sean Lowther

Sean Lowther is the President and Founder of Stealth Awareness, Inc. (www.stealthawareness.com). Sean is an independent consultant who brings years of experience designing and implementing information security awareness programs at the highest level. He founded Stealth Awareness, Inc. in 2007. Sean worked at Bank of America for over seven years, managing the enterprise information security awareness program. The program received the highest rating from its regulators and was consistently rated "world class" by industry peer groups. Sean has worked with BITS, the Financial Services Roundtable Task Force on Privacy, prior to the enactment of the Gramm-Leach-Bliley Act. He produced the video "It's Not If, But When" for the Financial Services Sector Coordinating Council in partnership with the U.S. Treasury Department with the goal to improve critical infrastructure protection and Homeland Security.

Greg Miles

Greg Miles,(Ph.D., CISSP#24431, CISM#0300338, IAM, IEM)is the President, and Chief Financial Officer of Security Horizon, Inc. Security Horizon is a Global, Veteran-Owned Small Business headquartered in Colorado Springs, Colorado.

Marc Tobias

Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He has authored six police textbooks, including Locks, Safes, and Security, (ISBN 978-0398070793), which is recognized as the primary reference for law enforcement and security professionals worldwide.

James Windle

James H. Windle is employed as a Police Sergeant in Charlotte, North Carolina, where he serves as a certified bomb technician and is assigned as the Bomb Squad Commander and Arson Supervisor.