My Account Log in

2 options

Critical Infrastructure Security : Cybersecurity Lessons Learned from Real-World Breaches / Soledad Antelada Toledano.

Ebook Central College Complete Available online

View online

O'Reilly Online Learning: Academic/Public Library Edition Available online

View online
Format:
Book
Author/Creator:
Toledano, Soledad Antelada, author.
Language:
English
Subjects (All):
Cyberinfrastructure.
Computer security.
Physical Description:
1 online resource (270 pages)
Edition:
First edition.
Place of Publication:
Birmingham : Packt Publishing, [2024]
Biography/History:
Toledano Soledad Antelada: Soledad Antelada Toledano, a leading cybersecurity trailblazer, currently serves as security technical program manager at the Office of the CISO at Google. Her career took off at Berkeley Lab, a key player in internet development and scientific research, where she also contributed significantly to NERSC's cybersecurity. Soledad further made her mark as the head of security for the ACM/IEEE Supercomputing Conference, overseeing SCinet's network architecture. She founded GirlsCanHack, advocating for women in cybersecurity. Recognized as one of the 20 Most Influential Latinos in Technology in America in 2016, Soledad is a notable figure in promoting diversity and innovation in cybersecurity.
Summary:
Venture through the core of cyber warfare and unveil the anatomy of cyberattacks on critical infrastructure Key Features Gain an overview of the fundamental principles of cybersecurity in critical infrastructure Explore real-world case studies that provide a more exciting learning experience, increasing retention Bridge the knowledge gap associated with IT/OT convergence through practical examples Purchase of the print or Kindle book includes a free PDF eBook Book Description Discover the core of cybersecurity through gripping real-world accounts of the most common assaults on critical infrastructure - the body of vital systems, networks, and assets so essential that their continued operation is required to ensure the security of a nation, its economy, and the public's health and safety - with this guide to understanding cybersecurity principles. From an introduction to critical infrastructure and cybersecurity concepts to the most common types of attacks, this book takes you through the life cycle of a vulnerability and how to assess and manage it. You'll study real-world cybersecurity breaches, each incident providing insights into the principles and practical lessons for cyber defenders striving to prevent future breaches. From DDoS to APTs, the book examines how each threat activates, operates, and succeeds. Additionally, you'll analyze the risks posed by computational paradigms, such as the advancement of AI and quantum computing, to legacy infrastructure. By the end of this book, you'll be able to identify key cybersecurity principles that can help mitigate evolving attacks to critical infrastructure. What you will learn Understand critical infrastructure and its importance to a nation Analyze the vulnerabilities in critical infrastructure systems Acquire knowledge of the most common types of cyberattacks on critical infrastructure Implement techniques and strategies for protecting critical infrastructure from cyber threats Develop technical insights into significant cyber attacks from the past decade Discover emerging trends and technologies that could impact critical infrastructure security Explore expert predictions about cyber threats and how they may evolve in the coming years Who this book is for This book is for SOC analysts, security analysts, operational technology (OT) engineers, and operators seeking to improve the cybersecurity posture of their networks. Knowledge of IT and OT systems, along with basic networking and system administration skills, will significantly enhance comprehension. An awareness of current cybersecurity trends, emerging technologies, and the legal framework surrounding critical infrastructure is beneficial.
Contents:
Cover
Title Page
Copyright and Credits
Dedications
Contributors
Table of Contents
Preface
Part 1: Introduction to Critical Infrastructure and Cybersecurity Concepts
What is Critical Infrastructure?
Chemical sector
Impact of a compromised chemical sector
Cyberattack scenarios in the chemical sector
Commercial facilities sector
Impact of a compromised commercial facilities sector
Cyberattack scenarios in the commercial facilities sector
Communications sector
Impact of a compromised communications sector
Cyberattack scenarios in the communications sector
Critical manufacturing sector
Impact of a compromised critical manufacturing sector
Cyberattack scenarios in the critical manufacturing sector
Dams sector
Impact of a compromised dams sector
Cyberattack scenarios in the dams sector
Defense industrial base sector
Impact of a compromised defense industrial base sector
Cyberattack scenarios in the defense industrial base sector
Emergency services sector
Impact of a compromised emergency services sector
Cyberattack scenarios in the emergency services sector
Energy sector
Impact of a compromised energy sector
Cyberattack scenarios in the energy sector
Preventing and mitigating cyberattacks
Financial services sector
Impact of a compromised financial services sector
Cyberattack scenarios in the financial services sector
Food and agriculture services sector
Impact of a compromised food and agriculture sector
Cyberattack scenarios in the food and agriculture services sector
Government facilities sector
Impact of a compromised government facilities sector
Cyberattack scenarios in the government facilities sector
Healthcare and public health sector
Impact of a compromised healthcare and public health sector.
Cyberattack scenarios in the healthcare and public health sector
Information technology sector
Impact of a compromised information technology sector
Cyberattack scenarios in the information technology sector
Nuclear reactors, materials, and waste sector
Impact of a compromised nuclear reactor sector
Cyberattack scenarios in the nuclear reactor sector
Transportation system sector
Impact of a compromised transportation system sector
Cyberattack scenarios in the transportation system sector
Water and wastewater sector
Impact of a compromised water and wastewater sector
Cyberattack scenarios in the water and wastewater sector
Summary
References
Chapter 2: The Growing Threat of Cyberattacks on Critical Infrastructure
A brief history of CI protection and attacks
The impact of the 9/11 attacks on CI
Same old attacks throughout history
Executive order 13010
Evolution of a nation's CI protection posture
Evolution of cyberattacks and countermeasures
The state of CI in the face of cyberattacks
COVID-19-period cyberattack landscape
The Colonial Pipeline ransomware attack
Attacks in 2023
National cybersecurity strategies
Chapter 3: Critical Infrastructure Vulnerabilities
Understanding the difference between threat, vulnerability, and risk
Vulnerability
Threat
Risk
Vulnerability assessment
Scope definition
Asset inventory
Threat modeling
Vulnerability scanning
Manual assessment
Risk prioritization
Remediation planning
Verification and validation
Ongoing monitoring
Reporting and documentation
Security vulnerability management life cycle
Discovery
Assessment and prioritization
Notification
Remediation or mitigation
Monitoring and continuous assessment
End of life.
Most common vulnerabilities and threats in CI
Inadequately secured industrial control systems (ICS)
Common vulnerabilities in industrial control systems (ICS)
Ransomware targeting CI
Supply chain attacks on CI components
Legacy systems and lack of security updates
Physical security breaches
Internet of Things (IoT) vulnerabilities
Part 2: Dissecting Cyberattacks on CI
Chapter 4: The Most Common Attacks Against CI
DDoS attack
Volumetric attacks
Reflection and amplification attacks
Resource depletion attacks
Protocol-based attacks
Application layer attacks
Ransomware attack
Infection
Encryption
Ransom note
Ransom payment
Data recovery
No guarantee of data recovery
Supply chain attack
Scope of attack
Attack vector
Stealth and persistence
Data exfiltration
Software supply chain attacks
Hardware supply chain attacks
Impersonation and trust exploitation
Mitigation challenges
Notable examples
APT
Phishing
The anatomy of a phishing attack
Pretexting and urgency
Mimicking authority figures
Deception and lure
Malicious links and attachments
Why do phishing tactics persist?
Common unpatched vulnerabilities
The significance of timely patching
Chapter 5: Analysis of the Top Cyberattacks on Critical Infrastructure
Stuxnet attack on Iran's nuclear program (2010)
Ukrainian power grid attack (2015)
Dyn attack on internet infrastructure (2016)
WannaCry (2017)
NotPetya (2017)
SolarWinds attack (2020)
Colonial Pipeline ransomware attack (2021)
Part 3: Protecting Critical Infrastructure
Chapter 6: Protecting Critical Infrastructure - Part 1
Network security and continuous monitoring.
Network segmentation
Access control
Intrusion detection and prevention systems
Virtual private networks (VPNs)
Security audits and penetration testing
Honeypots and deception technologies
Zero trust architecture
Security monitoring
Security policy and frameworks
NIST cybersecurity framework
ISO/IEC 27001 and ISO/IEC 27002
NERC CIP
The Department of Homeland Security (DHS) critical infrastructure security framework
HITRUST CSF
CIS Controls
Chapter 7: Protecting Critical Infrastructure - Part 2
Systems security and endpoint protection
Antivirus/antimalware protection
Firewalls
Host IDS/IPS
EDR
Application security
Secure software development life cycle
Code reviews and static analysis
Authentication and authorization hardening
Data encryption
Session management
Security patching and updates
Penetration testing
Logging and monitoring
IR and data recovery
Chapter 8: Protecting Critical Infrastructure - Part 3
IR
IR history
IR planning
Security culture and awareness
Interconnectivity of critical infrastructure
Cascading effects of a cyberattack
Responsibility to safeguard critical assets
Insider threats
Teamwork and information sharing
Executive orders
Executive Order 13010 - Critical Infrastructure Protection (1996)
Executive Order 13231 - Critical Infrastructure Protection in the Information Age (2001)
Homeland Security Presidential Directive 7 (HSPD-7) - Critical Infrastructure Identification, Prioritization, and Protection (2003)
Executive Order 13636 - Improving Critical Infrastructure Cybersecurity (2013)
Presidential Policy Directive 21 (PPD-21) - Critical Infrastructure Security and Resilience (2013).
Executive Order 13873 - Securing the Information and Communications Technology and Services Supply Chain (2019)
Executive Order 13870 - America's Cybersecurity Workforce (2019)
Executive Order 13865 - Coordinating National Resilience to Electromagnetic Pulses (2019)
Executive Order 13905 - Strengthening National Resilience through Responsible Use of Positioning, Navigation, and Timing Services (2020)
Executive Order 14028 - Improving the Nation's Cybersecurity (2021)
Executive Order 14110 - Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (2023)
Part 4: What's Next
Chapter 9: The Future of CI
Increment and innovation of cybersecurity measures
More robust encryption implementation
Human factor and training
PPPs
Resilience and recovery
Integration of IoT and smart technologies
Supply chain security
Advancements in threat detection technologies
Greater regulatory and compliance requirements
Cross-sector collaboration
Conclusion
Index
Other Books You May Enjoy.
Notes:
Description based upon print version of record.
COVID-19-period cyberattack landscape
Description based on publisher supplied metadata and other sources.
Description based on print version record.
ISBN:
9781837633562
1837633568
OCLC:
1432605671

The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.

Find

Home Release notes

My Account

Shelf Request an item Bookmarks Fines and fees Settings

Guides

Using the Find catalog Using Articles+ Using your account