4 of 8 people found the following review helpful
Excellent book for ICS and IT security alike
, September 25, 2011
This review is from: Robust Control System Networks (Hardcover)
I am not an industrial control systems expert, but I have plenty of experience with IT security. I read Robust Control System Networks (RCSN) to learn how an ICS expert like Ralph Langner think about security in his arena. I was not disappointed, and you won't be if you keep an open mind and remember IT security folks aren't the target audience. After reading RCSN I have a greater appreciation for the problems affecting the ICS world and how that community should address the fragility of its environment.
Dale Peterson's review captured many of the thoughts I had when reading RCSN (and I did read the whole book)! Therefore I'd like to share a few points that resonated with me. Many of these ideas translate easily from the ICS plant floor to the IT office.
"Undocumented" usually means "unknown," and the combination of those two characteristics of systems equals "fragile."
Digital systems are fragile also because, unlike physical systems or items, they tend not to show any "predictable degradation" (p 157).
ICS engineers think similarly to IT engineers, in the sense that both think "real engineers don't have time to write documentation" (p 166).
The two communities also share the unfortunate rule of "never touch a running system," which eventually means "never touch a fragile system" (p 167).
Time takes on a life of its own in ICS and IT, since "just by aging, [a configuration] has become a de facto standard" (p 168).
As is the case with IT, in ICS "connectivity is established despite a compelling reason to do so," mainly because it is so easy (p 168).
"Fragility should be seen as a problem in itself," because fragile systems have no hope in the real world, never mind resisting an intelligent adversary (p 174).
As a remedy the author proposes "robustification," which he states "is not about defense and mitigation. It is not primarily *against* anything" except fragility (p 176).
Why? "As long as stochastic (common cause) factors account for the bulk of variation, it doesn't make sense to search for an assignable cause or special cause" (p 176). In other words, so long as ICS (or IT for the matter) is so fragile, don't bother worrying about hackers -- it's likely an inherent failure causing the incident.
To conclude, read RCSN -- it's brief, concise, well-written, full of compelling anecdotes, and groundbreaking.
Help other customers find the most helpful reviews
Was this review helpful to you?