Cargando…
Industrial network security : securing critical infrastructure networks for smart grid, SCADA, and other industrial control systems /
This book examines the unique protocols and applications that are the foundation of industrial control systems, and provides clear guidelines for their protection. It provides a thorough understanding of the unique challenges facing critical infrastructures, new guidelines and security measures for...
| Clasificación: | Libro Electrónico |
|---|---|
| Autores principales: | , |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Waltham, MA :
Syngress,
[2015]
|
| Edición: | Second edition. |
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Machine generated contents note: ch. 1 Introduction
- Book Overview and Key Learning Points
- Book Audience
- Diagrams and Figures
- The Smart Grid
- How This Book is Organized
- ch. 2 About Industrial Networks
- ch. 3 Industrial Cyber Security, History, and Trends
- ch. 4 Introduction to ICS and Operations
- ch. 5 ICS Network Design and Architecture
- ch. 6 Industrial Network Protocols
- ch. 7 Hacking Industrial Systems
- ch. 8 Risk and Vulnerability Assessments
- ch. 9 Establishing Zones and Conduits
- ch. 10 Implementing Security and Access Controls
- ch. 11 Exception, Anomaly, and Threat Detection
- ch. 12 Security Monitoring of Industrial Control Systems
- ch. 13 Standards and Regulations
- Changes Made to the Second Edition
- Conclusion
- ch. 2 About Industrial Networks
- The Use of Terminology Within This Book
- Attacks, Breaches, and Incidents: Malware, Exploits, and APTs
- Assets, Critical Assets, Cyber Assets, and Critical Cyber Assets
- Note continued: Security Controls and Security Countermeasures
- Firewalls and Intrusion Prevention Systems
- Industrial Control System
- DCS or SCADA?
- Industrial Networks
- Industrial Protocols
- Networks, Routable Networks, and Nonroutable Networks
- Enterprise or Business Networks
- Zones and Enclaves
- Network Perimeters or "Electronic Security Perimeters"
- Critical Infrastructure
- Common Industrial Security Recommendations
- Identification of Critical Systems
- Network Segmentation/Isolation of Systems
- Defense in Depth
- Access Control
- Advanced Industrial Security Recommendations
- Security Monitoring
- Policy Whitelisting
- Application Whitelisting
- Common Misperceptions About Industrial Network Security
- Assumptions Made in This Book
- Summary
- Endnotes
- ch. 3 Industrial Cyber Security History and Trends
- Importance of Securing Industrial Networks
- The Evolution of the Cyber Threat
- APTs and Weaponized Malware
- Note continued: Still to Come
- Defending Against Modern Cyber Threats
- Insider Threats
- Hacktivism, Cyber Crime, Cyber Terrorism, and Cyber War
- Summary
- Endnotes
- ch. 4 Introduction to Industrial Control Systems and Operations
- System Assets
- Programmable Logic Controller
- Remote Terminal Unit
- Intelligent Electronic Device
- Human-Machine Interface
- Supervisory Workstations
- Data Historian
- Business Information Consoles and Dashboards
- Other Assets
- System Operations
- Control Loops
- Control Processes
- Feedback Loops
- Production Information Management
- Business Information Management
- Process Management
- Safety Instrumented Systems
- The Smart Grid
- Network Architectures
- Summary
- Endnotes
- ch. 5 Industrial Network Design and Architecture
- Introduction to Industrial Networking
- Common Topologies
- Network Segmentation
- Higher Layer Segmentation
- Physical vs. Logical Segmentation
- Network Services
- Note continued: Wireless Networks
- Remote Access
- Performance Considerations
- Latency and Jitter
- Bandwidth and Throughput
- Type of Service, Class of Service, and Quality of Service
- Network Hops
- Network Security Controls
- Safety Instrumented Systems
- Special Considerations
- Wide Area Connectivity
- Smart Grid Network Considerations
- Advanced Metering Infrastructure
- Summary
- Endnotes
- ch. 6 Industrial Network Protocols
- Overview of Industrial Network Protocols
- Fieldbus Protocols
- Modicon Communication Bus
- Distributed Network Protocol
- Process Fieldbus
- Industrial Ethernet Protocols
- Ethernet Industrial Protocol
- PROFLNET
- EtherCAT
- Ethernet POWERLINK
- SERCOS III
- Backend Protocols
- Open Process Communications
- Inter-Control Center Communications Protocol
- Advanced Metering Infrastructure and the Smart Grid
- Security Concerns
- Security Recommendations
- Industrial Protocol Simulators
- Modbus
- Note continued: DNP3/IEC 60870-5
- OPC
- ICCP / IEC 60870-6 (TASE. 2)
- Physical Hardware
- Summary
- Endnotes
- ch. 7 Hacking Industrial Control Systems
- Motives and Consequences
- Consequences of a Successful Cyber Incident
- Cyber Security and Safety
- Common Industrial Targets
- Common Attack Methods
- Man-in-the-Middle Attacks
- Denial-of-Service Attacks
- Replay Attacks
- Compromising the Human-Machine Interface
- Compromising the Engineering Workstation
- Blended Attacks
- Examples of Weaponized Industrial Cyber Threats
- Stuxnet
- Shamoon/DistTrack
- Flame/Flamer/Skywiper
- Attack Trends
- Evolving Vulnerabilities: The Adobe Exploits
- Industrial Application Layer Attacks
- Antisocial Networks: A New Playground for Malware
- Dealing with an Infection
- Summary
- Endnotes
- ch. 8 Risk and Vulnerability Assessments
- Cyber Security and Risk Management
- Why Risk Management is the Foundation of Cyber Security
- What is Risk?
- Note continued: Standards and Best Practices for Risk Management
- Methodologies for Assessing Risk Within Industrial Control Systems
- Security Tests
- Establishing a Testing and Assessment Methodology
- System Characterization
- Data Collection
- Scanning of Industrial Networks
- Threat Identification
- Threat Actors/Sources
- Threat Vectors
- Threat Events
- Identification of Threats During Security Assessments
- Vulnerability Identification
- Vulnerability Scanning
- Configuration Auditing
- Vulnerability Prioritization
- Risk Classification and Ranking
- Consequences and Impact
- How to Estimate Consequences and Likelihood
- Risk Ranking
- Risk Reduction and Mitigation
- Summary
- Endnotes
- ch. 9 Establishing Zones and Conduits
- Security Zones and Conduits Explained
- Identifying and Classifying Security Zones and Conduits
- Recommended Security Zone Separation
- Network Connectivity
- Control Loops
- Supervisory Controls
- Note continued: Plant Level Control Processes
- Control Data Storage
- Trading Communications
- Remote Access
- Users and Roles
- Protocols
- Criticality
- Establishing Security Zones and Conduits
- Summary
- Endnotes
- ch. 10 Implementing Security and Access Controls
- Network Segmentation
- Zones and Security Policy Development
- Using Zones within Security Device Configurations
- Implementing Network Security Controls
- Selecting Network Security Devices
- Implementing Network Security Devices
- Implementing Host Security and Access Controls
- Selecting Host Cyber Security Systems
- External Controls
- Patch Management
- How Much Security is Enough?
- Summary
- Endnotes
- ch. 11 Exception, Anomaly, and Threat Detection
- Exception Reporting
- Behavioral Anomaly Detection
- Measuring Baselines
- Anomaly Detection
- Behavioral Whitelisting
- User Whitelists
- Asset Whitelists
- Application Behavior Whitelists
- Threat Detection
- Note continued: Event Correlation
- Correlating Between IT and OT Systems
- Summary
- Endnotes
- ch. 12 Security Monitoring of Industrial Control Systems
- Determining what to Monitor
- Security Events
- Assets
- Configurations
- Applications
- Networks
- User Identities and Authentication
- Additional Context
- Behavior
- Successfully Monitoring Security Zones
- Log Collection
- Direct Monitoring
- Inferred Monitoring
- Information Collection and Management Tools
- Monitoring Across Secure Boundaries
- Information Management
- Queries
- Reports
- Alerts
- Incident Investigation and Response
- Log Storage and Retention
- Nonrepudiation
- Data Retention/Storage
- Data Availability
- Summary
- Endnotes
- ch. 13 Standards and Regulations
- Common Standards and Regulations
- NERC CIP
- CFATS
- ISO/TEC 27002
- NRC Regulation 5.71
- NIST SP 800-82
- ISA/IEC-62443
- ISA 62443 Group 1 "General."
- Note continued: ISA 62443 Group 2 "Policies and Procedures"
- ISA 62443 Group 3 "System"
- ISA 62443 Group 4 "Component"
- Mapping Industrial Network Security to Compliance
- Industry Best Practices for Conducting ICS Assessments
- Department of Homeland Security (USA) / Centre for Protection of National Infrastructure (UK)
- National Security Agency (USA)
- American Petroleum Institute (USA) / National Petrochemical and Refiners Association (USA)
- Institute for Security and Open Methodologies (Spain)
- Common Criteria and FTPS Standards
- Common Criteria
- FIPS 140-2
- Summary
- Endnotes
- Appendix A Protocol Resources
- Modbus Organization
- DNP3 Users Group
- OPC Foundation
- Common Industrial Protocol (CIP) / Open Device Vendor Association (ODVA)
- PROFD3US & PROFINET International (PI)
- Appendix B Standards Organizations
- North American Reliability Corporation (NERC)
- The United States Nuclear Regulatory
- Commission (NRC)
- Note continued: NRC Title 10 CFR 73.54
- NRC RG 5.71
- United States Department of Homeland Security
- Chemical Facilities Anti-Terrorism Standard (CFATS)
- CFATS Risk-Based Performance Standards (RBPS)
- International Society of Automation (ISA)
- International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC)
- Appendix C NIST Security Guidelines
- National Institute of Standards and Technology, Special Publications 800 Series
- Glossary
- Endnotes.