Industrial Network Security
Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems
- 1st Edition - August 15, 2011
- Authors: Eric D. Knapp, Joel Thomas Langill
- Language: English
Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems covers implementation guidelines for security… Read more
World Book Day celebration
Where learning shapes lives
Up to 25% off trusted resources that support research, study, and discovery.
Description
Description
Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems covers implementation guidelines for security measures of critical infrastructure. The book describes an approach to ensure the security of industrial networks by taking into account the unique network, protocol, and application characteristics of an industrial control system, along with various compliance controls. It offers guidance on deployment and configuration, and it explains why, where, and how security controls should be implemented. It also discusses common pitfalls and mistakes and how to avoid them. After reading this book, students will understand and address the unique security concerns that face the world's most important networks.
This book examines the unique protocols and applications that are the foundation of industrial control systems and provides comprehensive guidelines for their protection. Divided into 11 chapters, it explains the basics of Ethernet and Transmission Control Protocol/Internet Protocol (TCP/IP) networking communications and the SCADA and field bus protocols. It also explores industrial networks as they relate to "critical infrastructure" and cyber security; potential risks and consequences of a cyber attack against an industrial control system; compliance controls in relation to network security practices; industrial network protocols such as Modbus and DNP3; assessment of vulnerabilities and risk; how to secure enclaves; regulatory compliance standards applicable to industrial network security; and common pitfalls and mistakes, like complacency and deployment errors.
This book is a valuable resource for plant operators and information security analysts, as well as compliance officers who want to pass an audit with minimal penalties and/or fines. It will also appeal to IT and security professionals working on networks and control systems operations.
Key features
Key features
- Covers implementation guidelines for security measures of critical infrastructure
- Applies the security measures for system-specific compliance
- Discusses common pitfalls and mistakes and how to avoid them
Readership
Readership
Table of contents
Table of contents
About the Author
About the Technical Editor
Foreword
Chapter 1 Introduction
Book Overview and Key Learning Points
Book Audience
Diagrams and Figures
The Smart Grid
How This Book Is Organized
Chapter 2: About Industrial Networks
Chapter 3: Introduction to Industrial Network Security
Chapter 4: Industrial Network Protocols
Chapter 5: How Industrial Networks Operate
Chapter 6: Vulnerability and Risk Assessment
Chapter 7: Establishing Secure Enclaves
Chapter 8: Exception, Anomaly, and Threat Detection
Chapter 9: Monitoring Enclaves
Chapter 10: Standards and Regulations
Chapter 11: Common Pitfalls and Mistakes
Conclusion
Chapter 2 About Industrial Networks
Industrial Networks and Critical Infrastructure
Critical Infrastructure
Critical versus Noncritical Industrial Networks
Relevant Standards and Organizations
Homeland Security Presidential DirectiveSeven/HSPD-7
NIST Special Publications (800 Series)
NERC CIP
Nuclear Regulatory Commission
Federal Information Security Management Act
Chemical Facility Anti-Terrorism Standards
ISA-99
ISO 27002
Common Industrial Security Recommendations
Identification of Critical Systems
Network Segmentation/Isolation of Systems
Defense in Depth
Access Control
The Use of Terminology Within This Book
Networks, Routable and Non-routable
Assets, Critical Assets, Cyber Assets, and Critical Cyber Assets
Enclaves
Electronic Security Perimeters
Summary
Endnotes
Chapter 3 Introduction to Industrial Network Security
The Importance of Securing Industrial Networks
The Impact of Industrial Network Incidents
Safety Controls
Consequences of a Successful Cyber Incident
Examples of Industrial Network Incidents
Dissecting Stuxnet
Night Dragon
APT and Cyber War
The Advanced Persistent Threat
Cyber War
Emerging Trends in APT and Cyber War
Still to Come
Defending Against APT
Responding to APT
Summary
Endnotes
Chapter 4 Industrial Network Protocols
Overview of Industrial Network Protocols
Modbus
What It Does
How It Works
Variants
Where It Is Used
Security Concerns
Security Recommendations
ICCP/TASE.2
What It Does
How It Works
Where It Is Used
Security Concerns
Security Improvements over Modbus
Security Recommendations
DNP3
What It Does
How It Works
Secure DNP3
Where It Is Used
Security Concerns
Security Recommendations
OLE for Process Control
What It Does
How It Works
OPC-UA and OPC-XI
Where It Is Used
Security Concerns
Security Recommendations
Other Industrial Network Protocols
Ethernet/IP
Profibus
EtherCAT
Ethernet Powerlink
SERCOS III
AMI and the Smart Grid
Security Concerns
Security Recommendations
Summary
Endnotes
Chapter 5 How Industrial Networks Operate
Control System Assets
IEDs
RTUs
PLCs
HMIs
Supervisory Workstations
Data Historians
Business Information Consoles and Dashboards
Other Assets
Network Architectures
Topologies Used
Control System Operations
Control Loops
Control Processes
Feedback Loops
Business Information Management
Control Process Management
Smart Grid Operations
Summary
Endnotes
Chapter 6 Vulnerability and Risk Assessment
Basic Hacking Techniques
The Attack Process
Targeting an Industrial Network
Threat Agents
Accessing Industrial Networks
The Business Network
The SCADA DMZ
The Control System
Common Vulnerabilities
The Smart Grid
Determining Vulnerabilities
Why Vulnerability Assessment Is Important
Vulnerability Assessment in Industrial Networks
Vulnerability Scanning for Configuration Assurance
Where to Perform VA Scans
Cyber Security Evaluation Tool
Vulnerability Management
Patch Management
Configuration Management
Device Removal and Quarantine
Summary
Endnotes
Chapter 7 Establishing Secure Enclaves
Identifying Functional Groups
Network Connectivity
Control Loops
Supervisory Controls
Control Processes
Control Data Storage
Trading Communications
Remote Access
Users and Roles
Protocols
Criticality
Using Functional Groups to Identify Enclaves
Establishing Enclaves
Identifying Enclave Perimeters
Network Alterations
Enclaves and Security Policy Development
Enclaves and Security Device Configurations
Securing Enclave Perimeters
Selecting Perimeter Security Devices
Implementing Perimeter Security Devices
Intrusion Detection and Prevention (IDS/IPS) Configuration Guidelines
Securing Enclave Interiors
Selecting Interior Security Systems
Summary
Endnotes
Chapter 8 Exception, Anomaly, and Threat Detection
Exception Reporting
Behavioral Anomaly Detection
Measuring Baselines
Anomaly Detection
Behavioral Whitelisting
User Whitelists
Asset Whitelists
Application Behavior Whitelists
Threat Detection
Event Correlation
Correlating between IT and OT Systems
Summary
Endnotes
Chapter 9 Monitoring Enclaves
Determining What to Monitor
Security Events
Assets
Configurations
Applications
Networks
User Identities and Authentication
Additional Context
Behavior
Successfully Monitoring Enclaves
Log Collection
Direct Monitoring
Inferred Monitoring
Information Collection and Management Tools (Log Management Systems, SIEMs)
Monitoring Across Secure Boundaries
Information Management
Queries
Reports
Alerts
Incident Investigation and Response
Log Storage and Retention
Nonrepudiation
Data Retention/Storage
Data Availability
Summary
Endnotes
Chapter 10 Standards and Regulations
Common Standards and Regulations
NERC CIP
CFATS
ISO/IEC 27002:2005
NRC Regulation 5.71
NIST SP 800-82
Mapping Industrial Network Security to Compliance
Perimeter Security Controls
Host Security Controls
Security Monitoring Controls
Mapping Compliance Controls to Network Security Functions
Common Criteria and FIPS Standards
Common Criteria
FIPS 140-2
Summary
Endnotes
Chapter 11 Common Pitfalls and Mistakes
Complacency
Vulnerability Assessments vs. Zero-Days
Real Security vs. Policy and Awareness
The Air Gap Myth
Misconfigurations
Default Accounts and Passwords
Lack of Outbound Security and Monitoring
The Executive Override
The Ronco Perimeter
Compliance vs. Security
Audit Fodder
The “One Week Compliance Window”
Scope and Scale
Project-Limited Thinking
Insufficiently Sized Security Controls
Summary
Endnotes
Glossary
Appendix A
Appendix B
Appendix C
Index
Review quotes
Review quotes
"One of the most mysterious areas of information security is industrial system security...What raises the mystery even higher is that the stakes in the area of industrial security are extremely high. While the loss of trade secret information may kill a business, the loss of electricity generating capability may kill not just one person, but potentially thousands. And finally the mystery is solved—with this well-researched book on industrial system network security."—Dr. Anton A. Chuvakin, Security Warrior Consulting
"For those looking to get a handle on how to effectively secure critical infrastructure networks, Industrial Network Security is an excellent reference… The reality is that industrial system security can be effectively secured, and the book shows the reader exactly how to do that. In 11 densely written chapters, the book covers all of the necessary areas in which to secure critical infrastructure systems… For those looking for a solid overview of the topic, Industrial Network Security is an excellent reference."—Security Management
Product details
Product details
- Edition: 1
- Published: August 15, 2011
- Language: English
About the authors
About the authors
EK
Eric D. Knapp
JL