Purchase textbook

Industrial Network Security,

Edition 1 Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems

Editors: By Eric D. Knapp and Joel Thomas Langill

Publication Date: 15 Aug 2011

0 Reviews

No accessibility information available.

Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems covers implementation guidelines for security measures of critical infrastructure. The book describes an approach to ensure the security of industrial networks by taking into account the unique network, protocol, and application characteristics of an industrial control system, along with various compliance controls. It offers guidance on deployment and configuration, and it explains why, where, and how security controls should be implemented. It also discusses common pitfalls and mistakes and how to avoid them. After reading this book, students will understand and address the unique security concerns that face the world's most important networks.

This book examines the unique protocols and applications that are the foundation of industrial control systems and provides comprehensive guidelines for their protection. Divided into 11 chapters, it explains the basics of Ethernet and Transmission Control Protocol/Internet Protocol (TCP/IP) networking communications and the SCADA and field bus protocols. It also explores industrial networks as they relate to "critical infrastructure" and cyber security; potential risks and consequences of a cyber attack against an industrial control system; compliance controls in relation to network security practices; industrial network protocols such as Modbus and DNP3; assessment of vulnerabilities and risk; how to secure enclaves; regulatory compliance standards applicable to industrial network security; and common pitfalls and mistakes, like complacency and deployment errors.

This book is a valuable resource for plant operators and information security analysts, as well as compliance officers who want to pass an audit with minimal penalties and/or fines. It will also appeal to IT and security professionals working on networks and control systems operations.

Key Features

Covers implementation guidelines for security measures of critical infrastructure
Applies the security measures for system-specific compliance
Discusses common pitfalls and mistakes and how to avoid them

About the author

By Eric D. Knapp, Director of Critical Infrastructure Markets for NitroSecurity and Joel Thomas Langill, Has nearly 30 years experience in in-depth, comprehensive industrial control systems architecture, product development, implementation, upgrade and remediation.

About the Author

About the Technical Editor

Foreword

Chapter 1 Introduction

    Book Overview and Key Learning Points

    Book Audience

    Diagrams and Figures

    The Smart Grid

    How This Book Is Organized

         Chapter 2: About Industrial Networks

         Chapter 3: Introduction to Industrial Network Security

         Chapter 4: Industrial Network Protocols

         Chapter 5: How Industrial Networks Operate

         Chapter 6: Vulnerability and Risk Assessment

         Chapter 7: Establishing Secure Enclaves

         Chapter 8: Exception, Anomaly, and Threat Detection

         Chapter 9: Monitoring Enclaves

         Chapter 10: Standards and Regulations

         Chapter 11: Common Pitfalls and Mistakes

    Conclusion

Chapter 2 About Industrial Networks

    Industrial Networks and Critical Infrastructure

         Critical Infrastructure

         Critical versus Noncritical Industrial Networks

    Relevant Standards and Organizations

         Homeland Security Presidential DirectiveSeven/HSPD-7

         NIST Special Publications (800 Series)

         NERC CIP

         Nuclear Regulatory Commission

         Federal Information Security Management Act

         Chemical Facility Anti-Terrorism Standards

         ISA-99

         ISO 27002

    Common Industrial Security Recommendations

         Identification of Critical Systems

         Network Segmentation/Isolation of Systems

         Defense in Depth

         Access Control

    The Use of Terminology Within This Book

         Networks, Routable and Non-routable

         Assets, Critical Assets, Cyber Assets, and Critical Cyber Assets

         Enclaves

         Electronic Security Perimeters

    Summary

    Endnotes

Chapter 3 Introduction to Industrial Network Security

    The Importance of Securing Industrial Networks

    The Impact of Industrial Network Incidents

         Safety Controls

         Consequences of a Successful Cyber Incident

    Examples of Industrial Network Incidents

         Dissecting Stuxnet

         Night Dragon

    APT and Cyber War

         The Advanced Persistent Threat

         Cyber War

         Emerging Trends in APT and Cyber War

         Still to Come

         Defending Against APT

         Responding to APT

    Summary

    Endnotes

Chapter 4 Industrial Network Protocols

    Overview of Industrial Network Protocols

    Modbus

         What It Does

         How It Works

         Variants

         Where It Is Used

         Security Concerns

         Security Recommendations

    ICCP/TASE.2

         What It Does

         How It Works

         Where It Is Used

         Security Concerns

         Security Improvements over Modbus

         Security Recommendations

    DNP3

         What It Does

         How It Works

         Secure DNP3

         Where It Is Used

         Security Concerns

         Security Recommendations

    OLE for Process Control

         What It Does

         How It Works

         OPC-UA and OPC-XI

         Where It Is Used

         Security Concerns

         Security Recommendations

    Other Industrial Network Protocols

         Ethernet/IP

         Profibus

         EtherCAT

         Ethernet Powerlink

         SERCOS III

    AMI and the Smart Grid

         Security Concerns

         Security Recommendations

    Summary

    Endnotes

Chapter 5 How Industrial Networks Operate

    Control System Assets

         IEDs

         RTUs

         PLCs

         HMIs

         Supervisory Workstations

         Data Historians

         Business Information Consoles and Dashboards

         Other Assets

    Network Architectures

         Topologies Used

    Control System Operations

         Control Loops

         Control Processes

         Feedback Loops

         Business Information Management

    Control Process Management

    Smart Grid Operations

    Summary

    Endnotes

Chapter 6 Vulnerability and Risk Assessment

    Basic Hacking Techniques

         The Attack Process

         Targeting an Industrial Network

         Threat Agents

    Accessing Industrial Networks

         The Business Network

         The SCADA DMZ

         The Control System

         Common Vulnerabilities

         The Smart Grid

    Determining Vulnerabilities

         Why Vulnerability Assessment Is Important

         Vulnerability Assessment in Industrial Networks

         Vulnerability Scanning for Configuration Assurance

         Where to Perform VA Scans

         Cyber Security Evaluation Tool

    Vulnerability Management

         Patch Management

         Configuration Management

         Device Removal and Quarantine

    Summary

    Endnotes

Chapter 7 Establishing Secure Enclaves

    Identifying Functional Groups

         Network Connectivity

         Control Loops

         Supervisory Controls

         Control Processes

         Control Data Storage

         Trading Communications

         Remote Access

         Users and Roles

         Protocols

         Criticality

         Using Functional Groups to Identify Enclaves

    Establishing Enclaves

         Identifying Enclave Perimeters

         Network Alterations

         Enclaves and Security Policy Development

         Enclaves and Security Device Configurations

    Securing Enclave Perimeters

         Selecting Perimeter Security Devices

         Implementing Perimeter Security Devices

         Intrusion Detection and Prevention (IDS/IPS) Configuration Guidelines

    Securing Enclave Interiors

         Selecting Interior Security Systems

    Summary

    Endnotes

Chapter 8 Exception, Anomaly, and Threat Detection

    Exception Reporting

    Behavioral Anomaly Detection

         Measuring Baselines

         Anomaly Detection

    Behavioral Whitelisting

         User Whitelists

         Asset Whitelists

         Application Behavior Whitelists

    Threat Detection

         Event Correlation

         Correlating between IT and OT Systems

    Summary

    Endnotes

Chapter 9 Monitoring Enclaves

    Determining What to Monitor

         Security Events

         Assets

         Configurations

         Applications

         Networks

         User Identities and Authentication

         Additional Context

         Behavior

    Successfully Monitoring Enclaves

         Log Collection

         Direct Monitoring

         Inferred Monitoring

         Information Collection and Management Tools (Log Management Systems, SIEMs)

         Monitoring Across Secure Boundaries

    Information Management

         Queries

         Reports

         Alerts

         Incident Investigation and Response

    Log Storage and Retention

         Nonrepudiation

         Data Retention/Storage

         Data Availability

    Summary

    Endnotes

Chapter 10 Standards and Regulations

    Common Standards and Regulations

         NERC CIP

         CFATS

         ISO/IEC 27002:2005

         NRC Regulation 5.71

         NIST SP 800-82

    Mapping Industrial Network Security to Compliance

         Perimeter Security Controls

         Host Security Controls

         Security Monitoring Controls

    Mapping Compliance Controls to Network Security Functions

    Common Criteria and FIPS Standards

         Common Criteria

         FIPS 140-2

    Summary

    Endnotes

Chapter 11 Common Pitfalls and Mistakes

    Complacency

         Vulnerability Assessments vs. Zero-Days

         Real Security vs. Policy and Awareness

         The Air Gap Myth

    Misconfigurations

         Default Accounts and Passwords

         Lack of Outbound Security and Monitoring

         The Executive Override

         The Ronco Perimeter

    Compliance vs. Security

         Audit Fodder

         The “One Week Compliance Window¿

    Scope and Scale

         Project-Limited Thinking

         Insufficiently Sized Security Controls

    Summary

    Endnotes

Glossary

Appendix A

Appendix B

Appendix C

Index

ISBN: 9781597496452

Page Count: 360

Illustrations : 25 illustrations

Retail Price (USD) :

Network Warrior, ISBN: 9780596101510, $44.99, O'Reilly, June 2007

NMAP Network Scanning, ISBN: 9780979958717, $49.95, NMAP Project (Lightning Source), Jan 2009

Essential SNMP, ISBN: 9780596008406, $49.95, O'Reilly, Sept. 2005

Information Technology and security professionals working on networks and control systems operations