Industrial network security : securing critical infrastructure networks for smart grid, SCADA, and other industrial control systems / Eric D. Knapp, Joel Thomas Langill ; technical editor, Raj Samani ; cover designer, Maria Ines Cruz

Format:

Book

Author/Creator:

Knapp, Eric D., author.

Langill, Joel Thomas, author.

Contributor:

Samani, Raj, editor.

Language:

English

Subjects (All):

Computer security.

Security measures.

Physical Description:

illustrations (some color), graphs

Edition:

Second edition.

Other Title:

Securing critical infrastructure networks for smart grid, SCADA, and other industrial control systems

Place of Publication:

Waltham, Massachusetts : Syngress, 2015

System Details:

text file

Summary:

As the sophistication of cyber-attacks increases, understanding how to defend critical infrastructure systems—energy production, water, gas, and other vital systems—becomes more important, and heavily mandated. Industrial Network Security, Second Edition arms you with the knowledge you need to understand the vulnerabilities of these distributed supervisory and control systems. The book examines the unique protocols and applications that are the foundation of industrial control systems, and provides clear guidelines for their protection. This how-to guide gives you thorough understanding of the unique challenges facing critical infrastructures, new guidelines and security measures for critical infrastructure protection, knowledge of new and evolving security tools, and pointers on SCADA protocols and security implementation. All-new real-world examples of attacks against control systems, and more diagrams of systems Expanded coverage of protocols such as 61850, Ethernet/IP, CIP, ISA-99, and the evolution to IEC62443 Expanded coverage of Smart Grid security New coverage of signature-based detection, exploit-based vs. vulnerability-based detection, and signature reverse engineering

Contents:

Cover

Title Page

Copyright Page

Contents

About the Author

Preface

Acknowledgments

Chapter 1 - Introduction

Information in this Chapter

Book Overview and Key Learning Points

Book Audience

Diagrams and Figures

The Smart Grid

How This Book is Organized

Chapter 2: About Industrial Networks

Chapter 3: Industrial Cyber Security, History, and Trends

Chapter 4: Introduction to ICS and Operations

Chapter 5: ICS Network Design and Architecture

Chapter 6: Industrial Network Protocols

Chapter 7: Hacking Industrial Systems

Chapter 8: Risk and Vulnerability Assessments

Chapter 9: Establishing Zones and Conduits

Chapter 10: Implementing security and access controls

Chapter 11: Exception, Anomaly, and Threat Detection

Chapter 12: Security Monitoring of Industrial Control Systems

Chapter 13: Standards and Regulations

Changes Made to the Second Edition

Conclusion

Chapter 2 - About Industrial Networks

The Use of Terminology Within This Book

Attacks, Breaches, and Incidents: Malware, Exploits, and APTs

Assets, Critical Assets, Cyber Assets, and Critical Cyber Assets

Security Controls and Security Countermeasures

Firewalls and Intrusion Prevention Systems

Industrial Control System

DCS or SCADA?

Industrial Networks

Industrial Protocols

Networks, Routable Networks, and Nonroutable Networks

Enterprise or Business Networks

Zones and Enclaves

Network Perimeters or "Electronic Security Perimeters"

Critical Infrastructure

Utilities

Nuclear Facilities

Bulk Electric

Smart Grid

Chemical Facilities

Common Industrial Security Recommendations

Identification of Critical Systems

Network Segmentation/Isolation of Systems

Defense in Depth

Access Control

Advanced Industrial Security Recommendations.

Security Monitoring

Policy Whitelisting

Application Whitelisting

Common Misperceptions About Industrial Network Security

Assumptions Made in This Book

Summary

Chapter 3 - Industrial Cyber Security History and Trends

Importance of Securing Industrial Networks

The Evolution of the Cyber Threat

APTs and Weaponized Malware

Night Dragon

Stuxnet

Advanced Persistent Threats and Cyber Warfare

Still to Come

Defending Against Modern Cyber Threats

The Insider

Hacktivism, Cyber Crime, Cyber Terrorism, and Cyber War

Chapter 4 - Introduction to Industrial Control Systems and Operations

System Assets

Programmable Logic Controller

Ladder Diagrams

Sequential Function Charts

Remote Terminal Unit

Intelligent Electronic Device

Human-Machine Interface

Supervisory Workstations

Data Historian

Business Information Consoles and Dashboards

Other Assets

System Operations

Control Loops

Control Processes

Feedback Loops

Production Information Management

Business Information Management

Process Management

Safety Instrumented Systems

Network Architectures

Chapter 5 - Industrial Network Design and Architecture

Introduction to Industrial Networking

Common Topologies

Network Segmentation

Higher Layer Segmentation

Physical vs. Logical Segmentation

Network Services

Wireless Networks

Remote Access

Performance Considerations

Latency and Jitter

Bandwidth and Throughput

Type of Service, Class of Service, and Quality of Service

Network Hops

Network Security Controls

Special Considerations

Wide Area Connectivity

Smart Grid Network Considerations.

Advanced Metering Infrastructure

Chapter 6 - Industrial Network Protocols

Overview of Industrial Network Protocols

Fieldbus Protocols

Modicon Communication Bus

What it Does

How it Works

Variants

Modbus RTU and Modbus ASCII

Modbus TCP

Modbus Plus or Modbus+

Where it is Used

Security Concerns

Security Recommendations

Distributed Network Protocol

Secure DNP3

Process Fieldbus

Industrial Ethernet Protocols

Ethernet Industrial Protocol

PROFINET

EtherCAT

Ethernet POWERLINK

SERCOS III

Backend Protocols

Open process communications

Inter-Control Center Communications Protocol

Security Improvements Over Modbus and DNP

Advanced Metering Infrastructure and the Smart Grid

Industrial Protocol Simulators

MODBUS

DNP3 / IEC 60870-5

OPC

ICCP / IEC 60870-6 (TASE.2)

Physical Hardware

Chapter 7 - Hacking Industrial Control Systems

Motives and Consequences

Consequences of a Successful Cyber Incident

Cyber Security and Safety

Common Industrial Targets

Common Attack Methods

Man-in-the-Middle Attacks

Denial-of-Service Attacks.

Replay Attacks

Compromising the Human-Machine Interface

Compromising the Engineering Workstation

Blended Attacks

Examples of Weaponized Industrial Cyber Threats

Dissecting Stuxnet

Lessons Learned

Shamoon/DistTrack

Flame/Flamer/Skywiper

Attack Trends

Evolving Vulnerabilities: The Adobe Exploits

Industrial Application Layer Attacks

Antisocial Networks: A New Playground for Malware

Cannibalistic Mutant Underground Malware

Dealing with an Infection

Chapter 8 - Risk and Vulnerability Assessments

Cyber Security and Risk Management

Why Risk Management is the Foundation of Cyber Security

What is Risk?

Standards and Best Practices for Risk Management

Methodologies for Assessing Risk Within Industrial Control Systems

Security Tests

Security Audits

Security and Vulnerability Assessments

Establishing a Testing and Assessment Methodology

Tailoring a Methodology for Industrial Networks

Theoretical versus Physical Tests

Online versus Offline Physical Tests

System Characterization

Data Collection

Scanning of Industrial Networks

Device Scanners

Vulnerability Scanners

Traffic Scanners

Live Host Identification

"Quiet" / "Friendly" Scanning Techniques

Potentially "Noisy"/"Dangerous" Scanning Techniques

Port Mirroring and Span Ports

Command Line Tools

Hardware and Software Inventory

Data Flow Analysis

Threat Identification

Threat Actors/Sources

Threat Vectors

Threat Events

Identification of Threats During Security Assessments

Vulnerability Identification

Vulnerability Scanning

Configuration Auditing

Vulnerability Prioritization

Common Vulnerability Scoring System

Risk Classification and Ranking

Consequences and Impact.

How to Estimate Consequences and Likelihood

Risk Ranking

Risk Reduction and Mitigation

Chapter 9 - Establishing Zones and Conduits

Security Zones and Conduits Explained

Identifying and Classifying Security Zones and Conduits

Recommended Security Zone Separation

Network Connectivity

Caution

Supervisory Controls

Note

Plant Level Control Processes

Control Data Storage

Trading Communications

Users and Roles

Protocols

Criticality

Tip

Establishing Security Zones and Conduits

Chapter 10 - Implementing Security and Access Controls

Zones and Security Policy Development

Using Zones within Security Device Configurations

Implementing Network Security Controls

Selecting Network Security Devices

Implementing Network Security Devices

Firewall Configuration Guidelines

Intrusion Detection and Prevention (IDS/IPS) Configuration Guidelines

Recommended IDS/IPS Rules

Anomaly-Based Intrusion Detection

Protocol Anomaly Detection

Application and Protocol Monitoring in Industrial Networks

Data Diodes and Unidirectional Gateways

Implementing Host Security and Access Controls

Selecting Host Cyber Security Systems

Host Firewalls

Host IDS

Anti-virus

External Controls

Patch Management

Patching as a form of Vulnerability Management

Leave no Vulnerability Unturned

Maintaining System Availability

Comprehensive Predeployment Testing

Automating the Process

How Much Security is Enough?

Chapter 11 - Exception, Anomaly, and Threat Detection

Exception Reporting

Behavioral Anomaly Detection

Measuring Baselines

Anomaly Detection.

Analyzing IT vs. OT Metrics.

Notes:

Includes bibliographical references at the end of each chapters and index.

Description based on print version record.

ISBN:

9780124201149

0124201148

9780124201842

0124201849

OCLC:

900652416