Skip to main content
Elsevier
View Cart

Techno Security's Guide to Securing SCADA

A Comprehensive Handbook On Protecting The Critical Infrastructure

  • 1st Edition - July 16, 2008
  • Latest edition
  • Authors: Greg Miles, Jack Wiles, Ted Claypoole, Phil Drake, Paul A. Henry, Lester J. Johnson, Sean Lowther, Marc Weber Tobias, James H. Windle
  • Language: English

Around the world, SCADA (supervisory control and data acquisition) systems and other real-time process control networks run mission-critical infrastructure--everything from the… Read more

World Book Day celebration

Where learning shapes lives

Up to 25% off trusted resources that support research, study, and discovery.

Explore resources

Description

Around the world, SCADA (supervisory control and data acquisition) systems and other real-time process control networks run mission-critical infrastructure--everything from the power grid to water treatment, chemical manufacturing to transportation. These networks are at increasing risk due to the move from proprietary systems to more standard platforms and protocols and the interconnection to other networks. Because there has been limited attention paid to security, these systems are seen as largely unsecured and very vulnerable to attack.

This book addresses currently undocumented security issues affecting SCADA systems and overall critical infrastructure protection. The respective co-authors are among the leading experts in the world capable of addressing these related-but-independent concerns of SCADA security. Headline-making threats and countermeasures like malware, sidejacking, biometric applications, emergency communications, security awareness llanning, personnel & workplace preparedness and bomb threat planning will be addressed in detail in this one of a kind book-of-books dealing with the threats to critical infrastructure protection. They collectivly have over a century of expertise in their respective fields of infrastructure protection. Included among the contributing authors are Paul Henry, VP of Technology Evangelism, Secure Computing, Chet Hosmer, CEO and Chief Scientist at Wetstone Technologies, Phil Drake, Telecommunications Director, The Charlotte Observer, Patrice Bourgeois, Tenable Network Security, Sean Lowther, President, Stealth Awareness and Jim Windle, Bomb Squad Commander, CMPD.

Key features

  • Internationally known experts provide a detailed discussion of the complexities of SCADA security and its impact on critical infrastructure
  • Highly technical chapters on the latest vulnerabilities to SCADA and critical infrastructure and countermeasures
  • Bonus chapters on security awareness training, bomb threat planning, emergency communications, employee safety and much more
  • Companion Website featuring video interviews with subject matter experts offer a "sit-down" with the leaders in the field

Readership

IT and IT security managers and staff, control system engineers and operators, SCADA operators and engineers, systems integrators, IT security researchers, law enforcement in government and private industry worldwide

Table of contents

Lead Author

Contributors

Foreword Contributor

Foreword Contributor

Foreword

Chapter 1. Physical Security: SCADA and the Critical Infrastructure’s Biggest Vulnerability

Introduction

Summary

Solutions Fast Track

Frequently Asked Questions (and Special Interviews)

Chapter 2. Supervisory Control and Data Acquisition

Introduction

Just What Is SCADA?

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 3. SCADA Security Assessment Methodology

Introduction

Why Do Assessments on SCADA Systems?

Information Protection Requirements

An Approach to SCADA Information Security Assessments

Pre-Project Activities

Pre-Assessment Activities

On-Site Assessment Activities

Post Assessment Activities

Resources

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 4. Developing an Effective Security Awareness Program

Introduction

Why an Information Security Awareness Program Is Important

How to Design an Effective Information Security Awareness Program

How to Implement an Information Security Awareness Program

How Do You Keep Your Program a Successful Component of Your Company’s Mindset?

How to Measure Your Program

Summary

Solutions Fast Track

Chapter 5. Working with Law Enforcement on SCADA Incidents

Introduction

SCADA System Overview

Secure Network Management

Managing Security Events

Examples of Common Attack Techniques

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 6. Locked but Not Secure: An Overview of Conventional and High Security Locks

Introduction

Conventional Pin Tumbler Locks

Standards for Conventional and High Security Locks

The Concept of Security

Security Vulnerabilities of Conventional Locks: Why High Security Locks Are Supposed to Offer More Protection Against Methods of Entry

Covert Entry Techniques: Manipulation of Internal Locking Components

High Security to High Insecurity: Real World Attacks

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 7. Bomb Threat Planning: Things Have Changed

Introduction

The Day Our World Changed

Insider Information: Where Do These Guys Get This Stuff?

The Terrorist Profile

Potential Terror Targets

What Should I Be Looking For?

Searching: What Am I Looking For and Where?

Evacuation Plans

Summary

Chapter 8. Biometric Authentication for SCADA Security

Introduction

Understanding Biometric Systems and How They Are Best Used for SCADA Security

Choosing the Best Form of Measurement for Your System

Where are Biometric Authentication Regimes Vulnerable?

Anticipating Legal and Policy Changes That Will Affect Biometrics

Summary

Solutions Fast Track

Frequently Asked Questions

Appendix. Personal, Workforce, and Family Preparedness

Introduction

Threats

Your Personal Preparedness Plan

The Escape Pack

Workforce Preparedness

Steps for Successful Workforce Preparedness

Get Out, Get Away, and Get in Touch

Family Preparedness Plan

Preparedness Pantry

Water

Cooking

Testing Your Home Preparedness Plan

Family Ready Kit

No Lights? No Problem!

Emergency Power

Staying in Touch

Summary

Index

Product details

  • Edition: 1
  • Latest edition
  • Published: July 16, 2008
  • Language: English

About the authors

GM

Greg Miles

Greg Miles,(Ph.D., CISSP#24431, CISM#0300338, IAM, IEM)is the President, and Chief Financial Officer of Security Horizon, Inc. Security Horizon is a Global, Veteran-Owned Small Business headquartered in Colorado Springs, Colorado.
Affiliations and expertise
President, and Chief Financial Officer, Security Horizon, Inc.

JW

Jack Wiles

Jack Wiles is a security professional with over 40 years' experience in security-related fields. This includes computer security, disaster recovery, and physical security. He is a professional speaker, and has trained federal agents, corporate attorneys, and internal auditors on a number of computer crime-related topics. He is a pioneer in presenting on a number of subjects, which are now being labeled "Homeland Security" topics. Well over 10,000 people have attended one or more of his presentations since 1988. Jack is also a co-founder and President of TheTrainingCo., and is in frequent contact with members of many state and local law enforcement agencies as well as Special Agents with the U.S. Secret Service, FBI, IRS-CID, U.S. Customs, Department of Justice, The Department of Defense, and numerous members of High-Tech Crime units. He was also appointed as the first President of the North Carolina InfraGard chapter, which is now one of the largest chapters in the country. He is also a founding member of the U.S. Secret Service South Carolina Electronic Crimes Task Force. Jack is also a Vietnam veteran who served with the 101st Airborne Division in Vietnam in 1967-68, where he was awarded two Bronze stars for his actions in combat. He recently retired from the U.S. Army Reserves as a lieutenant colonel and was assigned directly to the Pentagon for the final seven years of his career.
Affiliations and expertise
Co-founder and President of TheTrainingCo.; Founding member of the U.S. Secret Service South Carolina Electronic Crimes Task Force

TC

Ted Claypoole

Ted Claypoole is a Member of the law firm Womble Carlyle Sandridge and Rice, in Charlotte, North Carolina, in the Intellectual Property Transaction group, and a senior member of its Privacy and Data Management Team.
Affiliations and expertise
Intellectual Property Transaction group, Womble Carlyle Sandridge and Rice, Charlotte, North Carolina, USA

PD

Phil Drake

Phil Drake is Communications Manager for the Charlotte Observer in Charlotte, N.C.
Affiliations and expertise
Communications Manager, Charlotte Observer, Charlotte, NC, USA

PH

Paul A. Henry

Paul A. Henry, (MCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP,-ISSAP, CISM, CISA, CIFI) is the Vice President of Technology Evangelism at Secure Computing®. Paul is one of the world’s foremost global information security experts, with more than 20 years experience managing security initiatives for Global 2000 enterprises and government organizations worldwide.
Affiliations and expertise
Vice President of Technology Evangelism, Secure Computing®

LJ

Lester J. Johnson

Lester J. "Chip" Johnson Jr. is employed by the SCANA Corporation, a $ 9 Billion, Fortune 500, energy–based holding company, headquartered in Columbia, South Carolina. Mr. Johnson serves in the Corporate Security and Claims Department as a Manager with responsibility for Investigations and Crisis Management.
Affiliations and expertise
SCANA Corporation, Columbia, South Carolina, USA

SL

Sean Lowther

Sean Lowther is the President and Founder of Stealth Awareness, Inc. (www.stealthawareness.com). Sean is an independent consultant who brings years of experience designing and implementing information security awareness programs at the highest level. He founded Stealth Awareness, Inc. in 2007. Sean worked at Bank of America for over seven years, managing the enterprise information security awareness program. The program received the highest rating from its regulators and was consistently rated "world class" by industry peer groups. Sean has worked with BITS, the Financial Services Roundtable Task Force on Privacy, prior to the enactment of the Gramm-Leach-Bliley Act. He produced the video "It's Not If, But When" for the Financial Services Sector Coordinating Council in partnership with the U.S. Treasury Department with the goal to improve critical infrastructure protection and Homeland Security.
Affiliations and expertise
President and Founder, Stealth Awareness, Inc.

MT

Marc Weber Tobias

Marc Weber Tobias is an investigative attorney and security specialist living in Sioux Falls, South Dakota. He has authored six police textbooks, including Locks, Safes, and Security, (ISBN 978-0398070793), which is recognized as the primary reference for law enforcement and security professionals worldwide.
Affiliations and expertise
Investigative Attorney and Security Specialist, Sioux Falls, South Dakota, USA

JW

James H. Windle

James H. Windle is employed as a Police Sergeant in Charlotte, North Carolina, where he serves as a certified bomb technician and is assigned as the Bomb Squad Commander and Arson Supervisor.
Affiliations and expertise
Police Sergeant, Charlotte, North Carolina, USA

View book on ScienceDirect

Read Techno Security's Guide to Securing SCADA on ScienceDirect