BN.com Gift Guide

Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems

Paperback (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $33.06
Usually ships in 1-2 business days
(Save 33%)
Other sellers (Paperback)
  • All (7) from $33.06   
  • New (5) from $34.99   
  • Used (2) from $33.06   

Overview

For a decade now we have been hearing the same thing—that our critical infrastructure is vulnerable and it needs to be secured. Industrial Network Security examines the unique protocols and applications that are the foundation of industrial control systems and provides you with comprehensive guidelines for their protection. While covering compliance guidelines, attacks and vectors, and even evolving security tools, this book gives you a clear understanding of SCADA and Control System protocols and how they operate.

Read More Show Less

Editorial Reviews

From the Publisher

"One of the most mysterious areas of information security is industrial system security...What raises the mystery even higher is that the stakes in the area of industrial security are extremely high. While the loss of trade secret information may kill a business, the loss of electricity generating capability may kill not just one person, but potentially thousands. And finally the mystery is solved-with this well-researched book on industrial system network security."--Dr. Anton A. Chuvakin, Security Warrior Consulting

Read More Show Less

Product Details

  • ISBN-13: 9781597496452
  • Publisher: Elsevier Science
  • Publication date: 8/29/2011
  • Pages: 360
  • Sales rank: 542,003
  • Product dimensions: 7.50 (w) x 9.20 (h) x 1.00 (d)

Meet the Author

Eric D. Knapp is a globally recognized expert in industrial control systems cyber security, and continues to drive the adoption of new security technology in order to promote safer and more reliable automation infrastructures. He firsst specialized in industrial control cyber security while at Nitrosecurity, where he focused on the collection and correlation of SCADA and ICS data for the detection of advanced threats against these environments. He was later responsible for the development and implementation of end-to-end ICS cyber security solutions for McAfee, Inc. in his role as Global Director for Critical Infrastructure Markets. He is currently the Director of Strategic Alliances for Wurldtech Security Technologies, where he continues to promote the advancement of embedded security technology in order to better protect SCADA, ICS and other connected, real-time devices.
He is a long-time advocate of improved industrial control system cyber security and participates in many Critical Infrastructure industry groups, where he brings a wealth of technology expertise. He has over 20 years of experience in Infromation Technology, specializing in industrial automation technologies, infrastructure security, and applied Ethernet protocols as well as the design and implementation of Intrusion Prevention Systems and Security Information and Event Management systems in both enterprise and industrial networks. In addition to his work in information security, he is an award-winning author of cition. He studied at the University of New Hampshire and the University of London.
He can be found on Twitter @ericdknapp

Joel Langill brings a unique perspective to operational security with over three decades field experience exclusively in industrial automation and control. He has deployed ICS solutions covering most major industry sectors in more than 35 countries encompassing all generations of automated control from pneumatic to cloud-based services. He has been directly involved in automation solutions spanning feasibility, budgeting, front-end engineering design, detailed design, system integration, commissioning, support and legacy system migration.

Joel is currently an independent consultant providing a range of services to ICS end-users, system integrators, and governmental agencies worldwide. He works closely with suppliers in both consulting and R&D roles, and has developed a specialized training curriculum focused on applied operational security. Joel founded and maintains the popular ICS security website SCADAhacker.com which offers visitors extensive resources in understanding, evaluating, and securing control systems. He developed a specialized training curriculum that focuses on applied cyber security and defenses for industrial systems. His website and social networks extends to readers in more than 100 countries globally.

Joel devotes time to independent research relating to control system security, and regularly blogs on the evaluation and security of control systems. His unique experience and proven capabilities have fostered business relationships with several large industry firms. Joel serves on the Board of Advisors for Scada Fence Ltd., works with venture capital companies in evaluating industrial security start-up firms, and is an ICS research focal point to CERT organizations around the world. He has contributed to multiple books on security, and was the technical editor for “Applied Cyber Security and the Smart Grid”.

Joel is a voting member of the ISA99 committee on industrial security for control systems, and was a lead contributor to the ISA99 technical report on the Stuxnet malware. He has published numerous reports on ICS-related campaigns including Heartbleed, Dragonfly, and Black Energy. His certifications include: Certified Ethical Hacker (CEH), Certified Penetration Tester (CPT), Certified SCADA Security Architect (CSSA), and TU¨V Functional Safety Engineer (FSEng). Joel has obtained extensive training through the U.S. Dept. of Homeland Security FEMA Emergency Management Institute, having completed ICS-400 on incident command and crisis management. He is a graduate of the University of Illinois-Champaign with a BS (Bronze Tablet) in Electrical Engineering.

He can be found on Twitter @SCADAhacker

Read More Show Less

Read an Excerpt

Industrial Network Security

Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems
By Eric Knapp

SYNGRESS

Copyright © 2011 Elsevier Inc.
All right reserved.

ISBN: 978-1-59749-646-9


Chapter One

Introduction

INFORMATION IN THIS CHAPTER:

• Book Overview and Key Learning Points

• Book Audience

• Diagrams and Figures

• The Smart Grid

• How This Book Is Organized

BOOK OVERVIEW AND KEY LEARNING POINTS

This book attempts to define an approach to industrial network security that considers the unique network, protocol, and application characteristics of an industrial control system, while also taking into consideration a variety of common compliance controls.

Although many of the techniques described herein—and much of the general guidance provided by regulatory standards organizations—are built upon common enterprise security methods and reference readily available information security tools, there is little information available about how to implement these methods. This book attempts to rectify this by providing deployment and configuration guidance where possible, and by identifying why security controls should be implemented, where they should implemented, how they should be implemented, and how they should be used.

BOOK AUDIENCE

To adequately discuss industrial network security, the basics of two very different systems need to be understood: the Ethernet and Transmission Control Protocol/ Internet Protocol (TCP/IP) networking communications used ubiquitously in the enterprise, and the SCADA and field bus protocols used to manage and/or operate industrial automated systems.

As a result, this book possesses a bifurcated audience. For the plant operator with an advanced electrical engineering degree and a decade of logic programming for Modbus controllers, the basics of industrial network protocols in Chapter 4 have been presented within the context of security in an attempt to not only provide value to such a reader, but also to get that reader thinking about the subtle implications of cyber security. For the information security analyst with a Certified Information Systems Security Professional (CISSP) certification, basic information security practices have been provided within the new context of an industrial control system.

There is an interesting dichotomy between the two that provides a further challenge. Enterprise security typically strives to secure the users and hosts on a network while at the same time enables the broad range of open communication services required within modern business. Industrial control systems, on the other hand, strive for the efficiency and reliability of a single, often fine-tuned system. Only by giving the necessary consideration to both sides can the true objective be achieved: a secure industrial network that supports reliable operation while also providing business value to the larger enterprise.

To further complicate matters, there is a third audience: the compliance officer who is mandated with meeting certain regulatory standards in order to survive an audit with minimal penalties and/or fines. Compliance continues to drive information security budgets, and therefore the broader scope of industrial networks must also be narrowed on occasion to the energy industries, where (at least in the United States) electrical energy, nuclear energy, oil, and gas are tightly regulated. Compliance controls are discussed in this book solely within the context of implementing cyber security controls. The recommendations given are intended to improve security and should not be interpreted as advice concerning successful compliance management.

DIAGRAMS AND FIGURES

The network diagrams used throughout this book have been intentionally simplified and have been designed to be as generic as possible while adequately representing industrial networks across a very wide range of industrial systems. As a result, the diagrams will undoubtedly differ from real industrial network designs and may exclude details specific to one particular industry while including details that are specific to another. However, they will provide a high-level understanding of the specific industrial network security controls being discussed.

THE SMART GRID

Although the smart grid is of major concern and interest, for the most part it is treated as any other industrial network within this book, with specific considerations being made only when necessary (such as when considering available attack vectors). As a result, there are many security considerations specific to the smart grid that are unfortunately not included. This is partly to maintain focus on the more ubiquitous ICS and SCADA security requirement, partly due to the relative immaturity of smart grid security and partly due to the specialized and complex nature of these systems. Although this means that specific measures for securing synchrophasers, meters, etc. are not provided, the guidance and overall approach to security that is provided herein is certainly applicable to smart grid networks. For more in-depth reading on smart grid network security, consider Securing the Smart Grid: Next Generation Power Grid Security by Tony Flick and Justin Morehouse (ISBN: 978-1-59749-570-7, Syngress).

HOW THIS BOOK IS ORGANIZED

This book is divided into a total of eleven chapters, followed by three appendices guiding the reader where to find additional information and resources about industrial protocols, standards and regulations, and relevant NIST security guidelines. An extensive glossary is also provided to accommodate the wealth of both information security and industrial networking terms and acronyms used throughout the book.

The chapters begin with an introduction to industrial networking, and what a cyber attack against an industrial control systems might represent in terms of potential risks and consequences, followed by details of how industrial networks can be assessed, secured, and monitored in order to obtain the strongest possible security, and conclude with a detailed discussion of various compliance controls, and how those specific controls map back to network security practices.

It is not necessary to read this book cover to cover, in order. The book is intended to offer insight and recommendations that relate to both specific security goals as well as the cyclical nature of the security process. That is, if faced with performing a vulnerability assessment on an industrial control network, begin with Chapter 6; every effort has been made to refer the reader to other relevant chapters where additional knowledge may be necessary.

Chapter 2: About Industrial Networks

In this chapter, there is a brief introduction to industrial networks as they relate to "critical infrastructure," those infrastructures upon which our society, industry, and way of life depend. The dependencies of critical infrastructures upon industrial control systems lead naturally to a discussion of the many standards, regulations, guidance documents, and policies that have been implemented globally to protect these systems. In addition, the chapter introduces the reader to the most basic premises of industrial security.

Of particular note, Chapter 2 also discusses the use of terminology within the book as it relates to the many applications of industrial networks (again, there is also an extensive Glossary included to cover the abundance of new acronyms and terms used in industrial control networks).

Chapter 3: Introduction to Industrial Network Security

Chapter 3 introduces industrial networks in terms of cyber security, by examining the interrelations between "general" networking, industrial networking, and potentially critical infrastructures. Chapter 3 covers the importance of securing industrial networks, discusses the impact of a successful industrial attack, and provides examples of real incidents—including a discussion of the Advanced Persistent Threat and the implications of cyber war.

Chapter 4: Industrial Network Protocols

This chapter focuses on industrial network protocols, including Modbus, DNP3, OPC, ICCP, and others in both their native/original fieldbus form or in modernized TCP/IP or real-time Ethernet implementations. The basics of protocol operation, frame format, and security considerations are provided for each, with security recommendations being made where applicable.

Chapter 5: How Industrial Networks Operate

Industrial networks use specialized protocols because they perform functions that are different than enterprise networks, with different requirements and different security considerations. Chapter 5 discusses control system assets, network architectures, control system operations, and how control processes are managed, with special emphasis on smart grid operations.

Chapter 6: Vulnerability and Risk Assessment

Strong security requires a proper assessment of vulnerabilities and risk, which in turn requires that security analysts think like an attacker. Chapter 6 provides a high-level overview of common attack methodologies, and how industrial networks present a unique attack surface with common attack vectors to many critical areas. Chapter 6 also discusses vulnerability assessment and patch management strategies.

Chapter 7: Establishing Secure Enclaves

A strong "defense in depth" strategy requires the isolation of functional groups into securable "enclaves." Chapter 7 looks at how to separate functional groups and where enclave boundaries should be implemented. Specifics are then provided on how to secure both the perimeter and the interior of enclaves, including common security products, methods, and policies that may be implemented.

Chapter 8: Exception, Anomaly, and Threat Detection

Awareness is the perquisite of action, according to the common definition of situational awareness. In this chapter, several contributing factors to obtaining situational awareness are discussed, including how to use anomaly detection, exception reporting, and information correlation for the purposes of threat and risk detection.

Chapter 9: Monitoring Enclaves

Before situational awareness can be achieved, however, a necessary body of information must be obtained. This chapter includes recommendations of what to monitor, why, and how. Information management strategies—including log and event collection, direct monitoring, and security information and event management (SIEM)—are discussed, including guidance on data collection, retention, and management.

Chapter 10: Standards and Regulations

There are many regulatory compliance standards applicable to industrial network security, and most consist of a wide range of procedural controls that aren't easily resolved using information technology. There are common cyber security controls (with often subtle but importance variations), however, which reinforce the recommendations put forth in this book. Chapter 10 attempts to map those cyber security– related controls from some common standards—including NERC CIP, CFATS, ISO/IEC 27002:2005, NRC RG 5.71, and NIST 800-82—to the security recommendations made within this book, making it easier for security analysts to understand the motivations of compliance officers, while compliance officers are able to see the security concerns behind individual controls.

Chapter 11: Common Pitfalls and Mistakes

Industrial control systems are highly vulnerable, and often with high consequence. In this chapter, some common pitfalls and mistakes are highlighted—including errors of complacency, common misconfigurations, and deployment errors—as by highlighting the pitfalls and mistakes, it is easier to avoid repeating those mistakes.

CONCLUSION

Writing this book has been an education, an experience, and a challenge. In the months of research and writing, several historic moments have occurred concerning Industrial Control Systems security, including the first ICS-targeted cyber weapon, and one of the most sophisticated cyber attacks to date. The growing number of attacks, new evidence of Advanced Persistent Threats, and a wave of new SCADA-and ICS-specific vulnerabilities are just the tip of the proverbial iceberg.

Hopefully, this book will be both informative and enjoyable, and it will facilitate the increasingly urgent need to strengthen the security of our industrial networks and SCADA systems. Even though the attacks themselves will continue to evolve, the methods provided herein should help to prepare against the inevitable advancement of industrial network threat.

(Continues...)



Excerpted from Industrial Network Security by Eric Knapp Copyright © 2011 by Elsevier Inc. . Excerpted by permission of SYNGRESS. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Table of Contents

Chapter 1: Introduction Chapter 2: About Industrial Networks Chapter 3: Introduction to Industrial Network Security Chapter 4: Industrial Network Protocols Chapter 5: How Industrial Networks Operate Chapter 6: Vulnerability and Risk Assessment Chapter 7: Establishing Secure Enclaves Chapter 8: Exception, Anomaly and Threat Detection Chapter 9: Monitoring Enclaves Chapter 10: Standards and Regulations Chapter 11: Common Pitfalls and Mistakes Appendix A: Protocol Resources Appendix B: Standards Organizations Appendix C: NIST Security Guidelines Glossary

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Posted September 12, 2011

    YOU MUST CHECK THIS BOOK OUT NOW!!

    Are you a plant operator with an advanced electrical engineering degree and a decade of logic programming? If you are, then this book is for you! Author Eric D. Knapp, has done an outstanding job of writing a book that attempts to define an approach to industrial network security that considers the unique network, protocol, and application characteristics of an industrial control system, while also taking into consideration a variety of common compliance controls. Knapp, begins with a very brief introduction to industrial networks as they relate to the critical infrastructure; those infrastructures upon which our society, industry, and the way of life depend on. In addition, the author introduces industrial networks in terms of cyber security, by examining the interrelations between general networking, industrial networking, and potentially critical infrastructures. He then focuses on industrial network protocols, including Modbus, DNP3, OPC, ICCP, and others, in both their native/original fieldbus form or in modernized TCP/IP or in real-time Ethernet implementations. The author then, discusses control system assets, network architectures, control system operations, and how control processes are managed, with special emphasis on smart grid operations. He continues by providing a high-level overview of common attack methodologies, and how industrial networks present a unique attack surface with common attack vectors to many critical areas. In addition, the author shows you how to separate functional groups and where enclave boundaries should be implemented. He then discusses several contributing factors to obtaining situational awareness, including how to use anomaly detection, exception reporting, and information correlation for the purposes of threat and risk detection. The author then shows you what to monitor, why, and how. Then, he attempts to map cyber security-related controls from some common standards (including NERC CIP, CFATS, ISO/IEC 27002:2005, NRC RG 5.71, and NIST 800-82), to the security recommendations made within this book. The author continues by addressing the issues and changes that are made to a drive when the console connects to XBOX Live service for online game play. Finally, he highlights some common pitfalls and mistakes, including errors of complacency, common misconfigurations, and deployment errors. This most excellent book, provides deployment and configuration guidance where possible. Perhaps more importantly, this book identifies why security controls should be implemented, where they should be implemented, how they should be implemented, and how they should be used.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)