Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems [Paperback]

Eric D. Knapp (Author), Joel Langill (Author)

Book Description

Publication Date: August 29, 2011 | ISBN-10: 1597496456 | ISBN-13: 978-1597496452 | Edition: 1

For a decade now we have been hearing the same thing-that our critical infrastructure is vulnerable and it needs to be secured. Industrial Network Security examines the unique protocols and applications that are the foundation of industrial control systems and provides you with comprehensive guidelines for their protection. While covering compliance guidelines, attacks and vectors, and even evolving security tools, this book gives you a clear understanding of SCADA and Control System protocols and how they operate.

• Covers implementation guidelines for security measures of critical infrastructure
• Applies the security measures for system-specific compliance
• Discusses common pitfalls and mistakes and how to avoid them

Editorial Reviews

Review

"One of the most mysterious areas of information security is industrial system security...What raises the mystery even higher is that the stakes in the area of industrial security are extremely high. While the loss of trade secret information may kill a business, the loss of electricity generating capability may kill not just one person, but potentially thousands. And finally the mystery is solved-with this well-researched book on industrial system network security."--Dr. Anton A. Chuvakin, Security Warrior Consulting "For those looking to get a handle on how to effectively secure critical infrastructure networks, Industrial Network Security is an excellent reference. The reality is that industrial system security can be effectively secured, and the book shows the reader exactly how to do that. In 11 densely written chapters, the book covers all of the necessary areas in which to secure critical infrastructure systems. For those looking for a solid overview of the topic, Industrial Network Security is an excellent reference."--Security Management

From the Back Cover

For a decade now we have been hearing the same thing-that our critical infrastructure is vulnerable and it needs to be secured. Industrial Network Security examines the unique protocols and applications that are the foundation of industrial control systems and provides you with comprehensive guidelines for their protection. While covering compliance guidelines, attacks and vectors, and even evolving security tools, this book gives you a clear understanding of SCADA and Control System protocols and how they operate.

See all Editorial Reviews

Product Details

• Paperback: 360 pages
• Publisher: Syngress; 1 edition (August 29, 2011)
• Language: English
• ISBN-10: 1597496456
• ISBN-13: 978-1597496452
• Product Dimensions: 7.5 x 0.9 x 9.2 inches
• Shipping Weight: 1.3 pounds (View shipping rates and policies)
• Average Customer Review: 4.0 out of 5 stars  See all reviews (5 customer reviews)
• Amazon Best Sellers Rank: #504,552 in Books (See Top 100 in Books)
  • #30 in Books > Computers & Technology > Hardware > Microprocessors & System Design > Control Systems

More About the Author

Eric D. Knapp is a writer and part-time defender of all that is good in the world. While not traveling the world to promote industrial cyber security to energy, oil, chemical and mining companies, Eric spends time on his farm in New England with his wife Maureen and a host of animals (including, you guessed it, chickens). Eric studied English and Writing at the University of New Hampshire and the University of London, and went on to become an expert in the completely unrelated field of networking technology and cyber security.

A few years ago, Eric found his soul (which had apparently been kicked under the sofa), and began writing fiction about the important things in life: chickens, zombies, and chicken-zombies. His first book, Out of Place, Out of Time, was recognized with an Independent Publishers Book Award, and has been lauded with praise consisting of words like "brilliant" and "unique" and "imaginative." His second book, Cluck: Murder Most Fowl has been recently re-released by Ridan Publishing, and has won numerous awards.

Of course, cyber security is important too, so Eric diligently works by day as a cyber security expert. His non-fiction works, including Industrial Network Security, are less entertaining but infinitely more frightening than his fiction.

You can learn more about Eric's writing at http://www.ericdknapp.com/

Most Helpful Customer Reviews

16 of 19 people found the following review helpful

3.0 out of 5 stars Mixed Bag But Good On Detection and Monitoring of ICS September 5, 2011

By Dale Peterson

Format:Paperback|Amazon Verified Purchase

Eric Knapp's book Industrial Network Security shipped this month and is also available for the Kindle. It is a tough book to review because the quality and accuracy was very uneven. As compared to other ICS Security books available today, grading on a curve, it deserves 4 stars out of a possible 5. However, it would only rate 2 stars if there was a high quality book on applying technical and administrative IT security to control systems. Unfortunately that book has not yet been written.

The highlights of this book are Chapter 8: Exception, Anomaly and Threat Detection and Chapter 9: Monitoring Enclaves. Not surprising since Eric works for SIEM vendor NitroSecurity (fd: NitroSecurity advertises on digitalbond.com). He covers in detail detection and monitoring for general networks and then with specific ICS examples. For example, Figure 9.12 shows a SIEM dashboard monitoring PI activity such as PI Trust Granted, PI Point Deletion and PI Point Alteration. I'll be rereading these chapters, and they would be helpful for a control system engineer trying to learn security.

Unfortunately I cannot recommend this book for an IT security professional who wants to learn about control systems. There is a lot of important information and good advice, but they would also be misled in important and numerous ways. The two most egregious examples are:

1. The author spends a lot of time on enclaves, his term for security zones. He follows that basics of the Purdue model, but his use of the SCADA DMZ is troubling. It is likely that an IT Security professional reading this would think that pipeline, water canal or transmission SCADA servers and workstations should go in a SCADA DMZ and be directly accessible from the corporate network through a perimeter security device. This does not reflect what is going on in actual ICS, what you would want if you were developing an ICS security architecture, nor the recommendations in the standards and guidelines today. It is missing important, real world discussions of control centers, plant floors, SCADA field sites, and DMZ's between control centers and business networks.

2. When defining components in an ICS the author has all of the HMI's communicating directly with the PLC's; he is missing the SCADA or Realtime Server that is common, especially in larger, critical infrastructure control systems. This is one of the most important servers to secure and it is not even mentioned.

There are enough other instances that were either wrong or not characterized as well as they should be that an IT Security Professional would be led down the wrong path by reading this book because they don't have the experience to know what is accurate.

There are gems in this book where I wrote YES in the margin, the reader just has to sift through the earth to find them. However, at 341-pages there is a lot of earth here and a control system engineer would learn from reading this book. It clearly is better than the Techno Security book because it does speak directly to ICS and a lot more detailed than the ISA/Teumim book with the same title that is 200 pages shorter and with a big font.

My reading recommendation is to start with Chapter 5, then Chapter 4, followed by Chapters 7, 8, and 9. Some other reading suggestions:

- The Tips that are broken out are some of the best and most concise info in the book.

- Also excellent are the tables that pull out the key requirements from various NIST, NISCC, ISA and other standards and guideline documents. The author then adds context and information on meeting the requirements. The tables are dense with info, but are worth reading.

- Skip the frustrating Chapters 2 and 3. The title of the chapters does not reflect what is in the chapter. For example, Chapter 3: Introduction to Industrial Network Security is mostly about APT and Cyber War, and even there the APT discussion is wrong. Chapter 2: About Industrial Networks is actually covered better in Chapter 5 -- just go straight to Chapter 5. I blame the editor for allowing Chapters 2 and 3, and hopefully not too many readers will lose interest before getting to the much better content.

- Smart Grid is discussed in a cursory way that is just a distraction. But again this is mostly in the earlier chapters that you should skip. (Note: this book continues the annoying trend in the US of saying smart grid but really meaning AMI rather than the diversity of projects under the smart grid umbrella.)

- Chapter 7: Establishing Secure Enclaves should be read just as background for the excellent Chapters 8 and 9. The author makes creating security zones unnecessarily complex, and even states that 5 different security zone levels is likely to be insufficient. I would have also preferred some priorities of zones. For example, first to segment the control systems from untrusted networks such as the business network -- and mediate the minimal required communication through a DMZ. Next to segment SCADA field sites from the control center and other field sites, ...

- Securing remote access is not covered in detail in this book. This is a significant omission given that almost every ICS requires for emergency remote access and vendor support.

As I wrote in the beginning, this was a tough book to review with all its highlights and lowlights. Salute the authors serious and substantial effort to produce a book of this size and detail, focus on Chapters 8 and 9, and hope for an improved second edition.

And we still await the definitive book on applying security technical and administrative controls to ICS.

2 of 2 people found the following review helpful

4.0 out of 5 stars Solid SCADA overview September 1, 2012

By Ben Rothke

Format:Paperback

The Stuxnet computer worm of mid-2010 was a huge wake-up call for the energy industry. It also catapulted SCADA from an obscure term to the forefront of industrial security. But nearly two years later, it is unclear if the energy sector is adequately prepared for sophisticated information security threats.

For those looking to get a handle on how to effectively secure critical infrastructure networks, Industrial Network Security is an excellent reference.

In the book's forward, Dr. Anton Chuvakin writes that "one of the most mysterious areas of information security is industrial system security." The reality is that industrial system security can be effectively secured, and the book shows the reader exactly how to do that. In 11 densely written chapters, the book covers all of the necessary areas in which to secure critical infrastructure systems.

The first three chapters provide an introduction to industrial security, SCADA, and control systems. Chapter four then goes into detail about industrial network protocols. The obscurity of these protocols was thought to be a boon to SCADA systems in the past in that attackers were oblivious to their inner workings. In today's world, however, those who intend to attack can learn how to do it.

The book concludes with a chapter on common pitfalls and mistakes. This is a particularly valuable chapter because many companies look for quick and easy approaches to information security but do not provide adequate staff, budget, or time to get the job done. Firms that make those mistakes are likely to be victims of a security breach.

For those looking for a solid overview of the topic, Industrial Network Security is an excellent reference.

1 of 1 people found the following review helpful

4.0 out of 5 stars I love this book.. January 28, 2013

By P. Kamal

Format:Paperback|Amazon Verified Purchase

I am a security professional who has worked in the SCADA Industry in the past. My current role requires me to be up to speed on cyber security as well as security for Industrial Control Systems.

I found this book had just the right mix of technical detail and conceptual elements to be very useful to me. I have used this book, reading it from cover to cover to gain useful insight into almost all elements of Industrial Control Security.

I find myself coming back to the book as a reference source to review concepts. To that end I really like the logical flow of how the book is organized. For me the progression of Industrial Networks, Industrial Network Security, then protocols, establishing enclaves, monitoring enclaves, common pitfalls, all make sense.

The chapters on Vulnerabilities and Risk Asessment, Exceptions and Anomalies, Standard and Regulations are nice add-ons as well.

Unlike many super technical books, Eric's writing style is great and makes it easy to get through the book. Thats the part I like the best. I would recommend this book to people looking to learn more about Industrial Control Security. I would also recommend this book to people already in thie field or related security fields.

- Pan Kamal.
Vice President, Marketing,
AlertEnterprise.