For a decade now we have been hearing the same thing-that our critical infrastructure is vulnerable and it needs to be secured. Industrial Network Security examines the unique protocols and applications that are the foundation of industrial control systems and provides you with comprehensive guidelines for their protection. While covering compliance guidelines, attacks and vectors, and even evolving security tools, this book gives you a clear understanding of SCADA and Control System protocols and how they operate.
- Covers implementation guidelines for security measures of Critical Infrastructure
- Applies the security measures for system-specific compliance
- Discusses common pitfalls and mistakes and how to avoid them
|Sold by:||Barnes & Noble|
|File size:||4 MB|
About the Author
Eric D. Knapp is a globally recognized expert in industrial control systems cyber security, and continues to drive the adoption of new security technology in order to promote safer and more reliable automation infrastructures. He firsst specialized in industrial control cyber security while at Nitrosecurity, where he focused on the collection and correlation of SCADA and ICS data for the detection of advanced threats against these environments. He was later responsible for the development and implementation of end-to-end ICS cyber security solutions for McAfee, Inc. in his role as Global Director for Critical Infrastructure Markets. He is currently the Director of Strategic Alliances for Wurldtech Security Technologies, where he continues to promote the advancement of embedded security technology in order to better protect SCADA, ICS and other connected, real-time devices.
He is a long-time advocate of improved industrial control system cyber security and participates in many Critical Infrastructure industry groups, where he brings a wealth of technology expertise. He has over 20 years of experience in Infromation Technology, specializing in industrial automation technologies, infrastructure security, and applied Ethernet protocols as well as the design and implementation of Intrusion Prevention Systems and Security Information and Event Management systems in both enterprise and industrial networks. In addition to his work in information security, he is an award-winning author of cition. He studied at the University of New Hampshire and the University of London.
He can be found on Twitter @ericdknapp
Joel Langill brings a unique perspective to operational security with over three decades field experience exclusively in industrial automation and control. He has deployed ICS solutions covering most major industry sectors in more than 35 countries encompassing all generations of automated control from pneumatic to cloud-based services. He has been directly involved in automation solutions spanning feasibility, budgeting, front-end engineering design, detailed design, system integration, commissioning, support and legacy system migration.
Joel is currently an independent consultant providing a range of services to ICS end-users, system integrators, and governmental agencies worldwide. He works closely with suppliers in both consulting and R&D roles, and has developed a specialized training curriculum focused on applied operational security. Joel founded and maintains the popular ICS security website SCADAhacker.com which offers visitors extensive resources in understanding, evaluating, and securing control systems. He developed a specialized training curriculum that focuses on applied cyber security and defenses for industrial systems. His website and social networks extends to readers in more than 100 countries globally.
Joel devotes time to independent research relating to control system security, and regularly blogs on the evaluation and security of control systems. His unique experience and proven capabilities have fostered business relationships with several large industry firms. Joel serves on the Board of Advisors for Scada Fence Ltd., works with venture capital companies in evaluating industrial security start-up firms, and is an ICS research focal point to CERT organizations around the world. He has contributed to multiple books on security, and was the technical editor for “Applied Cyber Security and the Smart Grid”.
Joel is a voting member of the ISA99 committee on industrial security for control systems, and was a lead contributor to the ISA99 technical report on the Stuxnet malware. He has published numerous reports on ICS-related campaigns including Heartbleed, Dragonfly, and Black Energy. His certifications include: Certified Ethical Hacker (CEH), Certified Penetration Tester (CPT), Certified SCADA Security Architect (CSSA), and TÜV Functional Safety Engineer (FSEng). Joel has obtained extensive training through the U.S. Dept. of Homeland Security FEMA Emergency Management Institute, having completed ICS-400 on incident command and crisis management. He is a graduate of the University of Illinois–Champaign with a BS (Bronze Tablet) in Electrical Engineering.
He can be found on Twitter @SCADAhacker
Read an Excerpt
Industrial Network SecuritySecuring Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems
By Eric Knapp
SYNGRESSCopyright © 2011 Elsevier Inc.
All right reserved.
INFORMATION IN THIS CHAPTER:
Book Overview and Key Learning Points
Diagrams and Figures
The Smart Grid
How This Book Is Organized
BOOK OVERVIEW AND KEY LEARNING POINTS
This book attempts to define an approach to industrial network security that considers the unique network, protocol, and application characteristics of an industrial control system, while also taking into consideration a variety of common compliance controls.
Although many of the techniques described herein—and much of the general guidance provided by regulatory standards organizations—are built upon common enterprise security methods and reference readily available information security tools, there is little information available about how to implement these methods. This book attempts to rectify this by providing deployment and configuration guidance where possible, and by identifying why security controls should be implemented, where they should implemented, how they should be implemented, and how they should be used.
To adequately discuss industrial network security, the basics of two very different systems need to be understood: the Ethernet and Transmission Control Protocol/ Internet Protocol (TCP/IP) networking communications used ubiquitously in the enterprise, and the SCADA and field bus protocols used to manage and/or operate industrial automated systems.
As a result, this book possesses a bifurcated audience. For the plant operator with an advanced electrical engineering degree and a decade of logic programming for Modbus controllers, the basics of industrial network protocols in Chapter 4 have been presented within the context of security in an attempt to not only provide value to such a reader, but also to get that reader thinking about the subtle implications of cyber security. For the information security analyst with a Certified Information Systems Security Professional (CISSP) certification, basic information security practices have been provided within the new context of an industrial control system.
There is an interesting dichotomy between the two that provides a further challenge. Enterprise security typically strives to secure the users and hosts on a network while at the same time enables the broad range of open communication services required within modern business. Industrial control systems, on the other hand, strive for the efficiency and reliability of a single, often fine-tuned system. Only by giving the necessary consideration to both sides can the true objective be achieved: a secure industrial network that supports reliable operation while also providing business value to the larger enterprise.
To further complicate matters, there is a third audience: the compliance officer who is mandated with meeting certain regulatory standards in order to survive an audit with minimal penalties and/or fines. Compliance continues to drive information security budgets, and therefore the broader scope of industrial networks must also be narrowed on occasion to the energy industries, where (at least in the United States) electrical energy, nuclear energy, oil, and gas are tightly regulated. Compliance controls are discussed in this book solely within the context of implementing cyber security controls. The recommendations given are intended to improve security and should not be interpreted as advice concerning successful compliance management.
DIAGRAMS AND FIGURES
The network diagrams used throughout this book have been intentionally simplified and have been designed to be as generic as possible while adequately representing industrial networks across a very wide range of industrial systems. As a result, the diagrams will undoubtedly differ from real industrial network designs and may exclude details specific to one particular industry while including details that are specific to another. However, they will provide a high-level understanding of the specific industrial network security controls being discussed.
THE SMART GRID
Although the smart grid is of major concern and interest, for the most part it is treated as any other industrial network within this book, with specific considerations being made only when necessary (such as when considering available attack vectors). As a result, there are many security considerations specific to the smart grid that are unfortunately not included. This is partly to maintain focus on the more ubiquitous ICS and SCADA security requirement, partly due to the relative immaturity of smart grid security and partly due to the specialized and complex nature of these systems. Although this means that specific measures for securing synchrophasers, meters, etc. are not provided, the guidance and overall approach to security that is provided herein is certainly applicable to smart grid networks. For more in-depth reading on smart grid network security, consider Securing the Smart Grid: Next Generation Power Grid Security by Tony Flick and Justin Morehouse (ISBN: 978-1-59749-570-7, Syngress).
HOW THIS BOOK IS ORGANIZED
This book is divided into a total of eleven chapters, followed by three appendices guiding the reader where to find additional information and resources about industrial protocols, standards and regulations, and relevant NIST security guidelines. An extensive glossary is also provided to accommodate the wealth of both information security and industrial networking terms and acronyms used throughout the book.
The chapters begin with an introduction to industrial networking, and what a cyber attack against an industrial control systems might represent in terms of potential risks and consequences, followed by details of how industrial networks can be assessed, secured, and monitored in order to obtain the strongest possible security, and conclude with a detailed discussion of various compliance controls, and how those specific controls map back to network security practices.
It is not necessary to read this book cover to cover, in order. The book is intended to offer insight and recommendations that relate to both specific security goals as well as the cyclical nature of the security process. That is, if faced with performing a vulnerability assessment on an industrial control network, begin with Chapter 6; every effort has been made to refer the reader to other relevant chapters where additional knowledge may be necessary.
Chapter 2: About Industrial Networks
In this chapter, there is a brief introduction to industrial networks as they relate to "critical infrastructure," those infrastructures upon which our society, industry, and way of life depend. The dependencies of critical infrastructures upon industrial control systems lead naturally to a discussion of the many standards, regulations, guidance documents, and policies that have been implemented globally to protect these systems. In addition, the chapter introduces the reader to the most basic premises of industrial security.
Of particular note, Chapter 2 also discusses the use of terminology within the book as it relates to the many applications of industrial networks (again, there is also an extensive Glossary included to cover the abundance of new acronyms and terms used in industrial control networks).
Chapter 3: Introduction to Industrial Network Security
Chapter 3 introduces industrial networks in terms of cyber security, by examining the interrelations between "general" networking, industrial networking, and potentially critical infrastructures. Chapter 3 covers the importance of securing industrial networks, discusses the impact of a successful industrial attack, and provides examples of real incidents—including a discussion of the Advanced Persistent Threat and the implications of cyber war.
Chapter 4: Industrial Network Protocols
This chapter focuses on industrial network protocols, including Modbus, DNP3, OPC, ICCP, and others in both their native/original fieldbus form or in modernized TCP/IP or real-time Ethernet implementations. The basics of protocol operation, frame format, and security considerations are provided for each, with security recommendations being made where applicable.
Chapter 5: How Industrial Networks Operate
Industrial networks use specialized protocols because they perform functions that are different than enterprise networks, with different requirements and different security considerations. Chapter 5 discusses control system assets, network architectures, control system operations, and how control processes are managed, with special emphasis on smart grid operations.
Chapter 6: Vulnerability and Risk Assessment
Strong security requires a proper assessment of vulnerabilities and risk, which in turn requires that security analysts think like an attacker. Chapter 6 provides a high-level overview of common attack methodologies, and how industrial networks present a unique attack surface with common attack vectors to many critical areas. Chapter 6 also discusses vulnerability assessment and patch management strategies.
Chapter 7: Establishing Secure Enclaves
A strong "defense in depth" strategy requires the isolation of functional groups into securable "enclaves." Chapter 7 looks at how to separate functional groups and where enclave boundaries should be implemented. Specifics are then provided on how to secure both the perimeter and the interior of enclaves, including common security products, methods, and policies that may be implemented.
Chapter 8: Exception, Anomaly, and Threat Detection
Awareness is the perquisite of action, according to the common definition of situational awareness. In this chapter, several contributing factors to obtaining situational awareness are discussed, including how to use anomaly detection, exception reporting, and information correlation for the purposes of threat and risk detection.
Chapter 9: Monitoring Enclaves
Before situational awareness can be achieved, however, a necessary body of information must be obtained. This chapter includes recommendations of what to monitor, why, and how. Information management strategies—including log and event collection, direct monitoring, and security information and event management (SIEM)—are discussed, including guidance on data collection, retention, and management.
Chapter 10: Standards and Regulations
There are many regulatory compliance standards applicable to industrial network security, and most consist of a wide range of procedural controls that aren't easily resolved using information technology. There are common cyber security controls (with often subtle but importance variations), however, which reinforce the recommendations put forth in this book. Chapter 10 attempts to map those cyber security– related controls from some common standards—including NERC CIP, CFATS, ISO/IEC 27002:2005, NRC RG 5.71, and NIST 800-82—to the security recommendations made within this book, making it easier for security analysts to understand the motivations of compliance officers, while compliance officers are able to see the security concerns behind individual controls.
Chapter 11: Common Pitfalls and Mistakes
Industrial control systems are highly vulnerable, and often with high consequence. In this chapter, some common pitfalls and mistakes are highlighted—including errors of complacency, common misconfigurations, and deployment errors—as by highlighting the pitfalls and mistakes, it is easier to avoid repeating those mistakes.
Writing this book has been an education, an experience, and a challenge. In the months of research and writing, several historic moments have occurred concerning Industrial Control Systems security, including the first ICS-targeted cyber weapon, and one of the most sophisticated cyber attacks to date. The growing number of attacks, new evidence of Advanced Persistent Threats, and a wave of new SCADA-and ICS-specific vulnerabilities are just the tip of the proverbial iceberg.
Hopefully, this book will be both informative and enjoyable, and it will facilitate the increasingly urgent need to strengthen the security of our industrial networks and SCADA systems. Even though the attacks themselves will continue to evolve, the methods provided herein should help to prepare against the inevitable advancement of industrial network threat.
Excerpted from Industrial Network Security by Eric Knapp Copyright © 2011 by Elsevier Inc. . Excerpted by permission of SYNGRESS. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.
Table of Contents
Chapter 1: Introduction Chapter 2: About Industrial Networks Chapter 3: Introduction to Industrial Network Security Chapter 4: Industrial Network Protocols Chapter 5: How Industrial Networks Operate Chapter 6: Vulnerability and Risk Assessment Chapter 7: Establishing Secure Enclaves Chapter 8: Exception, Anomaly and Threat Detection Chapter 9: Monitoring Enclaves Chapter 10: Standards and Regulations Chapter 11: Common Pitfalls and Mistakes Appendix A: Protocol Resources Appendix B: Standards Organizations Appendix C: NIST Security Guidelines Glossary