Techno Security's Guide to Securing SCADA
1st Edition
A Comprehensive Handbook On Protecting The Critical Infrastructure
Description
Around the world, SCADA (supervisory control and data acquisition) systems and other real-time process control networks run mission-critical infrastructure--everything from the power grid to water treatment, chemical manufacturing to transportation. These networks are at increasing risk due to the move from proprietary systems to more standard platforms and protocols and the interconnection to other networks. Because there has been limited attention paid to security, these systems are seen as largely unsecured and very vulnerable to attack.
This book addresses currently undocumented security issues affecting SCADA systems and overall critical infrastructure protection. The respective co-authors are among the leading experts in the world capable of addressing these related-but-independent concerns of SCADA security. Headline-making threats and countermeasures like malware, sidejacking, biometric applications, emergency communications, security awareness llanning, personnel & workplace preparedness and bomb threat planning will be addressed in detail in this one of a kind book-of-books dealing with the threats to critical infrastructure protection. They collectivly have over a century of expertise in their respective fields of infrastructure protection. Included among the contributing authors are Paul Henry, VP of Technology Evangelism, Secure Computing, Chet Hosmer, CEO and Chief Scientist at Wetstone Technologies, Phil Drake, Telecommunications Director, The Charlotte Observer, Patrice Bourgeois, Tenable Network Security, Sean Lowther, President, Stealth Awareness and Jim Windle, Bomb Squad Commander, CMPD.
Key Features
- Internationally known experts provide a detailed discussion of the complexities of SCADA security and its impact on critical infrastructure
- Highly technical chapters on the latest vulnerabilities to SCADA and critical infrastructure and countermeasures
- Bonus chapters on security awareness training, bomb threat planning, emergency communications, employee safety and much more
- Companion Website featuring video interviews with subject matter experts offer a "sit-down" with the leaders in the field
Readership
IT and IT security managers and staff, control system engineers and operators, SCADA operators and engineers, systems integrators, IT security researchers, law enforcement in government and private industry worldwide
Table of Contents
Lead Author
Contributors
Foreword Contributor
Foreword Contributor
Foreword
Chapter 1. Physical Security: SCADA and the Critical Infrastructure’s Biggest Vulnerability
Introduction
Summary
Solutions Fast Track
Frequently Asked Questions (and Special Interviews)
Chapter 2. Supervisory Control and Data Acquisition
Introduction
Just What Is SCADA?
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 3. SCADA Security Assessment Methodology
Introduction
Why Do Assessments on SCADA Systems?
Information Protection Requirements
An Approach to SCADA Information Security Assessments
Pre-Project Activities
Pre-Assessment Activities
On-Site Assessment Activities
Post Assessment Activities
Resources
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 4. Developing an Effective Security Awareness Program
Introduction
Why an Information Security Awareness Program Is Important
How to Design an Effective Information Security Awareness Program
How to Implement an Information Security Awareness Program
How Do You Keep Your Program a Successful Component of Your Company’s Mindset?
How to Measure Your Program
Summary
Solutions Fast Track
Chapter 5. Working with Law Enforcement on SCADA Incidents
Introduction
SCADA System Overview
Secure Network Management
Managing Security Events
Examples of Common Attack Techniques
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 6. Locked but Not Secure: An Overview of Conventional and High Security Locks
Introduction
Conventional Pin Tumbler Locks
Standards for Conventional and High Security Locks
The Concept of Security
Security Vulnerabilities of Conventional Locks: Why High Security Locks Are Supposed to Offer More Protection Against Methods of Entry
Covert Entry Techniques: Manipulation of Internal Locking Components
High Security to High Insecurity: Real World Attacks
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 7. Bomb Threat Planning: Things Have Changed
Introduction
The Day Our World Changed
Insider Information: Where Do These Guys Get This Stuff?
The Terrorist Profile
Potential Terror Targets
What Should I Be Looking For?
Searching: What Am I Looking For and Where?
Evacuation Plans
Summary
Chapter 8. Biometric Authentication for SCADA Security
Introduction
Understanding Biometric Systems and How They Are Best Used for SCADA Security
Choosing the Best Form of Measurement for Your System
Where are Biometric Authentication Regimes Vulnerable?
Anticipating Legal and Policy Changes That Will Affect Biometrics
Summary
Solutions Fast Track
Frequently Asked Questions
Appendix. Personal, Workforce, and Family Preparedness
Introduction
Threats
Your Personal Preparedness Plan
The Escape Pack
Workforce Preparedness
Steps for Successful Workforce Preparedness
Get Out, Get Away, and Get in Touch
Family Preparedness Plan
Preparedness Pantry
Water
Cooking
Testing Your Home Preparedness Plan
Family Ready Kit
No Lights? No Problem!
Emergency Power
Staying in Touch
Summary
Index
Details
- No. of pages:
- 352
- Language:
- English
- Copyright:
- © Syngress 2008
- Published:
- 16th July 2008
- Imprint:
- Syngress
- eBook ISBN:
- 9780080569994
- Paperback ISBN:
- 9781597492829
About the Author
Jack Wiles
Jack Wiles is a security professional with over 40 years' experience in security-related fields. This includes computer security, disaster recovery, and physical security. He is a professional speaker, and has trained federal agents, corporate attorneys, and internal auditors on a number of computer crime-related topics. He is a pioneer in presenting on a number of subjects, which are now being labeled "Homeland Security" topics. Well over 10,000 people have attended one or more of his presentations since 1988. Jack is also a co-founder and President of TheTrainingCo., and is in frequent contact with members of many state and local law enforcement agencies as well as Special Agents with the U.S. Secret Service, FBI, IRS-CID, U.S. Customs, Department of Justice, The Department of Defense, and numerous members of High-Tech Crime units. He was also appointed as the first President of the North Carolina InfraGard chapter, which is now one of the largest chapters in the country. He is also a founding member of the U.S. Secret Service South Carolina Electronic Crimes Task Force. Jack is also a Vietnam veteran who served with the 101st Airborne Division in Vietnam in 1967-68, where he was awarded two Bronze stars for his actions in combat. He recently retired from the U.S. Army Reserves as a lieutenant colonel and was assigned directly to the Pentagon for the final seven years of his career.
Affiliations and Expertise
Jack Wiles is a security professional with over 40 years' experience in security-related fields. This includes computer security, disaster recovery, and physical security. He is a professional speaker, and has trained federal agents, corporate attorneys, and internal auditors on a number of computer crime-related topics. He is a pioneer in presenting on a number of subjects, which are now being labeled "Homeland Security" topics. Well over 10,000 people have attended one or more of his presentations since 1988. Jack is also a co-founder and President of TheTrainingCo., and is in frequent contact with members of many state and local law enforcement agencies as well as Special Agents with the U.S. Secret Service, FBI, IRS-CID, U.S. Customs, Department of Justice, The Department of Defense, and numerous members of High-Tech Crime units. He was also appointed as the first President of the North Carolina InfraGard chapter, which is now one of the largest chapters in the country. He is also a founding member of the U.S. Secret Service South Carolina Electronic Crimes Task Force. Jack is also a Vietnam veteran who served with the 101st Airborne Division in Vietnam in 1967-68, where he was awarded two Bronze stars for his actions in combat. He recently retired from the U.S. Army Reserves as a lieutenant colonel and was assigned directly to the Pentagon for the final seven years of his career.
Ted Claypoole
Ted Claypoole is a Member of the law firm Womble Carlyle Sandridge and Rice, in Charlotte, North Carolina, in the Intellectual Property Transaction group, and a senior member of its Privacy and Data Management Team.
Affiliations and Expertise
Ted Claypoole is a Member of the law firm Womble Carlyle Sandridge and Rice, in Charlotte, North Carolina, in the Intellectual Property Transaction group, and a senior member of its Privacy and Data Management Team.
Phil Drake
Phil Drake is Communications Manager for the Charlotte Observer in Charlotte, N.C.
Affiliations and Expertise
Phil Drake is Communications Manager for the Charlotte Observer in Charlotte, N.C.
Paul Henry
Paul A. Henry, (MCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP,-ISSAP, CISM, CISA, CIFI) is the Vice President of Technology Evangelism at Secure Computing®. Paul is one of the world’s foremost global information security experts, with more than 20 years experience managing security initiatives for Global 2000 enterprises and government organizations worldwide.
Affiliations and Expertise
Paul A. Henry, (MCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP,-ISSAP, CISM, CISA, CIFI) is the Vice President of Technology Evangelism at Secure Computing®. Paul is one of the world’s foremost global information security experts, with more than 20 years experience managing security initiatives for Global 2000 enterprises and government organizations worldwide.
Lester Johnson
Lester J. "Chip" Johnson Jr. is employed by the SCANA Corporation, a $ 9 Billion, Fortune 500, energy–based holding company, headquartered in Columbia, South Carolina. Mr. Johnson serves in the Corporate Security and Claims Department as a Manager with responsibility for Investigations and Crisis Management.
Affiliations and Expertise
Lester J. "Chip" Johnson Jr. is employed by the SCANA Corporation, a $ 9 Billion, Fortune 500, energy–based holding company, headquartered in Columbia, South Carolina. Mr. Johnson serves in the Corporate Security and Claims Department as a Manager with responsibility for Investigations and Crisis Management.
Sean Lowther
Sean Lowther is the President and Founder of Stealth Awareness, Inc. (www.stealthawareness.com). Sean is an independent consultant who brings years of experience designing and implementing information security awareness programs at the highest level. He founded Stealth Awareness, Inc. in 2007. Sean worked at Bank of America for over seven years, managing the enterprise information security awareness program. The program received the highest rating from its regulators and was consistently rated "world class" by industry peer groups. Sean has worked with BITS, the Financial Services Roundtable Task Force on Privacy, prior to the enactment of the Gramm-Leach-Bliley Act. He produced the video "It's Not If, But When" for the Financial Services Sector Coordinating Council in partnership with the U.S. Treasury Department with the goal to improve critical infrastructure protection and Homeland Security.
Affiliations and Expertise
Sean Lowther is the President and Founder of Stealth Awareness, Inc. (www.stealthawareness.com). Sean is an independent consultant who brings years of experience designing and implementing information security awareness programs at the highest level. He founded Stealth Awareness, Inc. in 2007. Sean worked at Bank of America for over seven years, managing the enterprise information security awareness program. The program received the highest rating from its regulators and was consistently rated "world class" by industry peer groups. Sean has worked with BITS, the Financial Services Roundtable Task Force on Privacy, prior to the enactment of the Gramm-Leach-Bliley Act. He produced the video "It's Not If, But When" for the Financial Services Sector Coordinating Council in partnership with the U.S. Treasury Department with the goal to improve critical infrastructure protection and Homeland Security.
Greg Miles
Greg Miles,(Ph.D., CISSP#24431, CISM#0300338, IAM, IEM)is the President, and Chief Financial Officer of Security Horizon, Inc. Security Horizon is a Global, Veteran-Owned Small Business headquartered in Colorado Springs, Colorado.
Affiliations and Expertise
Greg Miles,(Ph.D., CISSP#24431, CISM#0300338, IAM, IEM)is the President, and Chief Financial Officer of Security Horizon, Inc. Security Horizon is a Global, Veteran-Owned Small Business headquartered in Colorado Springs, Colorado.
Marc Tobias
Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He has authored six police textbooks, including Locks, Safes, and Security, (ISBN 978-0398070793), which is recognized as the primary reference for law enforcement and security professionals worldwide.
Affiliations and Expertise
Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He has authored six police textbooks, including Locks, Safes, and Security, (ISBN 978-0398070793), which is recognized as the primary reference for law enforcement and security professionals worldwide.
James Windle
James H. Windle is employed as a Police Sergeant in Charlotte, North Carolina, where he serves as a certified bomb technician and is assigned as the Bomb Squad Commander and Arson Supervisor.
Affiliations and Expertise
James H. Windle is employed as a Police Sergeant in Charlotte, North Carolina, where he serves as a certified bomb technician and is assigned as the Bomb Squad Commander and Arson Supervisor.