4 of 8 people found the following review helpful
Excellent book for ICS and IT security alike,
This review is from: Robust Control System Networks (Hardcover)
I am not an industrial control systems expert, but I have plenty of experience with IT security. I read Robust Control System Networks (RCSN) to learn how an ICS expert like Ralph Langner think about security in his arena. I was not disappointed, and you won't be if you keep an open mind and remember IT security folks aren't the target audience. After reading RCSN I have a greater appreciation for the problems affecting the ICS world and how that community should address the fragility of its environment.
Dale Peterson's review captured many of the thoughts I had when reading RCSN (and I did read the whole book)! Therefore I'd like to share a few points that resonated with me. Many of these ideas translate easily from the ICS plant floor to the IT office.
"Undocumented" usually means "unknown," and the combination of those two characteristics of systems equals "fragile."
Digital systems are fragile also because, unlike physical systems or items, they tend not to show any "predictable degradation" (p 157).
ICS engineers think similarly to IT engineers, in the sense that both think "real engineers don't have time to write documentation" (p 166).
The two communities also share the unfortunate rule of "never touch a running system," which eventually means "never touch a fragile system" (p 167).
Time takes on a life of its own in ICS and IT, since "just by aging, [a configuration] has become a de facto standard" (p 168).
As is the case with IT, in ICS "connectivity is established despite a compelling reason to do so," mainly because it is so easy (p 168).
"Fragility should be seen as a problem in itself," because fragile systems have no hope in the real world, never mind resisting an intelligent adversary (p 174).
As a remedy the author proposes "robustification," which he states "is not about defense and mitigation. It is not primarily *against* anything" except fragility (p 176).
Why? "As long as stochastic (common cause) factors account for the bulk of variation, it doesn't make sense to search for an assignable cause or special cause" (p 176). In other words, so long as ICS (or IT for the matter) is so fragile, don't bother worrying about hackers -- it's likely an inherent failure causing the incident.
To conclude, read RCSN -- it's brief, concise, well-written, full of compelling anecdotes, and groundbreaking.
Tracked by 2 customers
Sort: Oldest first | Newest first
Showing 1-3 of 3 posts in this discussion
Initial post: Sep 26, 2011 2:21:57 PM PDT
Thank you for your review. Fragility in the context of security systems can be analyzed through a HOT framework (see tinyurl dot com slash HOTSec.
I am just curious: When did you get the book? I pre-ordered in July, it was out mid August, and I still did not receive it yet from Amazon.
I enjoy your blog too :D
In reply to an earlier post on Sep 26, 2011 3:02:57 PM PDT
Richard Bejtlich says:
Thanks for your kind words.
I read a pre-publication draft provided by the author.
Posted on Mar 29, 2012 5:19:48 PM PDT
Excellent review. I will have to add this to my reading list, as well. I'm also working my way through Joe Weiss' Protecting Industrial Control Systems from Electronic Threats and Eric Knapp's Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems.
Stochastic actually translates more readily to "random process," as opposed to "deterministic."
‹ Previous 1 Next ›