Customer Review

4 of 8 people found the following review helpful
5.0 out of 5 stars Excellent book for ICS and IT security alike, September 25, 2011
This review is from: Robust Control System Networks (Hardcover)
I am not an industrial control systems expert, but I have plenty of experience with IT security. I read Robust Control System Networks (RCSN) to learn how an ICS expert like Ralph Langner think about security in his arena. I was not disappointed, and you won't be if you keep an open mind and remember IT security folks aren't the target audience. After reading RCSN I have a greater appreciation for the problems affecting the ICS world and how that community should address the fragility of its environment.

Dale Peterson's review captured many of the thoughts I had when reading RCSN (and I did read the whole book)! Therefore I'd like to share a few points that resonated with me. Many of these ideas translate easily from the ICS plant floor to the IT office.

"Undocumented" usually means "unknown," and the combination of those two characteristics of systems equals "fragile."

Digital systems are fragile also because, unlike physical systems or items, they tend not to show any "predictable degradation" (p 157).

ICS engineers think similarly to IT engineers, in the sense that both think "real engineers don't have time to write documentation" (p 166).

The two communities also share the unfortunate rule of "never touch a running system," which eventually means "never touch a fragile system" (p 167).

Time takes on a life of its own in ICS and IT, since "just by aging, [a configuration] has become a de facto standard" (p 168).

As is the case with IT, in ICS "connectivity is established despite a compelling reason to do so," mainly because it is so easy (p 168).

"Fragility should be seen as a problem in itself," because fragile systems have no hope in the real world, never mind resisting an intelligent adversary (p 174).

As a remedy the author proposes "robustification," which he states "is not about defense and mitigation. It is not primarily *against* anything" except fragility (p 176).

Why? "As long as stochastic (common cause) factors account for the bulk of variation, it doesn't make sense to search for an assignable cause or special cause" (p 176). In other words, so long as ICS (or IT for the matter) is so fragile, don't bother worrying about hackers -- it's likely an inherent failure causing the incident.

To conclude, read RCSN -- it's brief, concise, well-written, full of compelling anecdotes, and groundbreaking.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No

[Add comment]
Post a comment
To insert a product link use the format: [[ASIN:ASIN product-title]] (What's this?)
Amazon will display this name with all your submissions, including reviews and discussion posts. (Learn more)
Name:
Badge:
This badge will be assigned to you and will appear along with your name.
There was an error. Please try again.
Please see the full guidelines here.

Official Comment

As a representative of this product you can post one Official Comment on this review. It will appear immediately below the review wherever it is displayed.   Learn more
The following name and badge will be shown with this comment:
 (edit name)
After clicking the Post button you will be asked to create your public name, which will be shown with all your contributions.

Is this your product?

If you are the author, artist, manufacturer or an official representative of this product, you can post an Official Comment on this review. It will appear immediately below the review wherever it is displayed.  Learn more
Otherwise, you can still post a regular comment on this review.

Is this your product?

If you are the author, artist, manufacturer or an official representative of this product, you can post an Official Comment on this review. It will appear immediately below the review wherever it is displayed.   Learn more
 
System timed out

We were unable to verify whether you represent the product. Please try again later, or retry now. Otherwise you can post a regular comment.

Since you previously posted an Official Comment, this comment will appear in the comment section below. You also have the option to edit your Official Comment.   Learn more
The maximum number of Official Comments have been posted. This comment will appear in the comment section below.   Learn more
Prompts for sign-in
 

Comments

Tracked by 2 customers

Sort: Oldest first | Newest first
Showing 1-3 of 3 posts in this discussion
Initial post: Sep 26, 2011 2:21:57 PM PDT
DDDDDDD says:
Hi Richard

Thank you for your review. Fragility in the context of security systems can be analyzed through a HOT framework (see tinyurl dot com slash HOTSec.

I am just curious: When did you get the book? I pre-ordered in July, it was out mid August, and I still did not receive it yet from Amazon.

I enjoy your blog too :D

Thanks
Daniel

In reply to an earlier post on Sep 26, 2011 3:02:57 PM PDT
Hi Daniel,

Thanks for your kind words.

I read a pre-publication draft provided by the author.

Posted on Mar 29, 2012 5:19:48 PM PDT
Sojournalist says:
Excellent review. I will have to add this to my reading list, as well. I'm also working my way through Joe Weiss' Protecting Industrial Control Systems from Electronic Threats and Eric Knapp's Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems.

Stochastic actually translates more readily to "random process," as opposed to "deterministic."
‹ Previous 1 Next ›

Review Details

Item

4.3 out of 5 stars (6 customer reviews)
5 star:
 (4)
4 star:    (0)
3 star:
 (2)
2 star:    (0)
1 star:    (0)
 
 
 
$79.95 $64.66
Add to cart Add to wishlist
Reviewer


Location: Metro Washington, DC

Top Reviewer Ranking: 13,710