 |
| Industrial Network Security |
Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems
Eric D. Knapp is the Director of Critical Infrastructure Markets for NitroSecurity,
where he leads the identification, evaluation, and implementation of new security
technologies specific to the protection of critical infrastructure, Supervisory Control
And Data Acquisition (SCADA), and industrial control networks.
Eric has 20 years of experience in Information Technology, specializing in industrial
automation technologies, infrastructure security, and applied Ethernet protocols as
well as the design and implementation of Intrusion Prevention Systems and Security
Information and Event Management systems in both enterprise and industrial networks.
In addition to his work in information security, Eric is an award-winning
author. He studied English and Writing at the University of New Hampshire and the
University of London and holds a degree in communications.
About the Technical Editor
James Broad (CISSP, C|EH, C)PTS, Security, MBA) is the President and owner of
Cyber-Recon, LLC, where he and his team of consultants specialize in Information
Security, Information Assurance, and Certification and Accreditation and offer other
security consultancy services to corporate and government clients.
As a security professional with over 20 years of real-world IT experience, James
is an expert in many areas of IT security, specializing in security engineering, penetration
testing, and vulnerability analysis and research. He has provided security
services in the Nation’s most critical sectors including defense, law enforcement,
intelligence, finance, and healthcare.
James has a Master’s of Business Administration degree with specialization in
Information Technology (MBA/IT) from the Ken Blanchard College of Business,
Bachelor’s degrees in Computer Programming and Security Management from
Southwestern University and is currently a Doctoral Learner pursuing a PhD in
Information Security from Capella University. He is a member of ISSA and (ISC)2®.
James currently resides in Stafford, Virginia with his family: Deanne, Micheal, and
Temara.
Syngress is an imprint of Elsevier
225 Wyman Street, Waltham, MA 02451, USA
Contents
About the Author xiii
About the Technical Editor xv
Foreword xvii
CHAPTER 1 Introduction
Book Overview and Key Learning Points
Book Audience
Diagrams and Figures
The Smart Grid
How This Book Is Organized
Chapter 2: About Industrial Networks
Chapter 3: Introduction to Industrial Network Security
Chapter 4: Industrial Network Protocols
Chapter 5: How Industrial Networks Operate
Chapter 6: Vulnerability and Risk Assessment
Chapter 7: Establishing Secure Enclaves
Chapter 8: Exception, Anomaly, and Threat Detection
Chapter 9: Monitoring Enclaves
Chapter 10: Standards and Regulations
Chapter 11: Common Pitfalls and Mistakes
Conclusion
CHAPTER 2 About Industrial Networks
Industrial Networks and Critical Infrastructure
Critical Infrastructure
Critical versus Noncritical Industrial Networks
Relevant Standards and Organizations
Homeland Security Presidential DirectiveSeven/HSPD-7
NIST Special Publications (800 Series)
NERC CIP
Nuclear Regulatory Commission
Federal Information Security Management Act
Chemical Facility Anti-Terrorism Standards
ISA-99
ISO 27002
Common Industrial Security Recommendations
Identification of Critical Systems
Network Segmentation/Isolation of Systems
Defense in Depth
Access Control
The Use of Terminology Within This Book
Networks, Routable and Non-routable
Assets, Critical Assets, Cyber Assets, and Critical
Cyber Assets
Enclaves
Electronic Security Perimeters
Summary
Endnotes
CHAPTER 3 Introduction to Industrial Network Security
The Importance of Securing Industrial Networks
The Impact of Industrial Network Incidents
Safety Controls
Consequences of a Successful Cyber Incident
Examples of Industrial Network Incidents
Dissecting Stuxnet
Night Dragon
APT and Cyber War
The Advanced Persistent Threat
Cyber War
Emerging Trends in APT and Cyber War
Still to Come
Defending Against APT
Responding to APT
Summary
Endnotes
CHAPTER 4 Industrial Network Protocols
Overview of Industrial Network Protocols
Modbus
What It Does
How It Works
Variants
Where It Is Used
Security Concerns
Security Recommendations
ICCP/TASE.2
What It Does
How It Works
Where It Is Used
Security Concerns
Security Improvements over Modbus
Security Recommendations
DNP3
What It Does
How It Works
Secure DNP3
Where It Is Used
Security Concerns
Security Recommendations
OLE for Process Control
What It Does
How It Works
OPC-UA and OPC-XI
Where It Is Used
Security Concerns
Security Recommendations
Other Industrial Network Protocols
Ethernet/IP
Profibus
EtherCAT
Ethernet Powerlink
SERCOS III
AMI and the Smart Grid
Security Concerns
Security Recommendations
Summary
Endnotes
CHAPTER 5 How Industrial Networks Operate
Control System Assets
IEDs
RTUs
PLCs
HMIs
Supervisory Workstations
Data Historians
Business Information Consoles and Dashboards
Other Assets
Network Architectures
Topologies Used
Control System Operations
Control Loops
Control Processes
Feedback Loops
Business Information Management
Control Process Management
Smart Grid Operations
Summary
Endnotes
CHAPTER 6 Vulnerability and Risk Assessment
Basic Hacking Techniques
The Attack Process
Targeting an Industrial Network
Threat Agents
Accessing Industrial Networks
The Business Network
The SCADA DMZ
The Control System
Common Vulnerabilities
The Smart Grid
Determining Vulnerabilities
Why Vulnerability Assessment Is Important
Vulnerability Assessment in Industrial Networks
Vulnerability Scanning for Configuration Assurance
Where to Perform VA Scans
Cyber Security Evaluation Tool
Vulnerability Management
Patch Management
Configuration Management
Device Removal and Quarantine
Summary
Endnotes
CHAPTER 7 Establishing Secure Enclaves
Identifying Functional Groups
Network Connectivity
Control Loops
Supervisory Controls
Control Processes
Control Data Storage
Trading Communications
Remote Access
Users and Roles
Protocols
Criticality
Using Functional Groups to Identify Enclaves
Establishing Enclaves
Identifying Enclave Perimeters
Network Alterations
Enclaves and Security Policy Development
Enclaves and Security Device Configurations
Securing Enclave Perimeters
Selecting Perimeter Security Devices
Implementing Perimeter Security Devices
Intrusion Detection and Prevention (IDS/IPS) Configuration Guidelines
Securing Enclave Interiors
Selecting Interior Security Systems
Summary
Endnotes
CHAPTER 8 Exception, Anomaly, and Threat Detection
Exception Reporting
Behavioral Anomaly Detection
Measuring Baselines
Anomaly Detection
Behavioral Whitelisting
User Whitelists
Asset Whitelists
Application Behavior Whitelists
Threat Detection
Event Correlation
Correlating between IT and OT Systems
Summary
Endnotes
CHAPTER 9 Monitoring Enclaves
Determining What to Monitor
Security Events
Assets
Configurations
Applications
Networks
User Identities and Authentication
Additional Context
Behavior
Successfully Monitoring Enclaves
Log Collection
Direct Monitoring
Inferred Monitoring
Information Collection and Management Tools (Log Management Systems, SIEMs)
Monitoring Across Secure Boundaries
Information Management
Queries
Reports
Alerts
Incident Investigation and Response
Log Storage and Retention
Nonrepudiation
Data Retention/Storage
Data Availability
Summary
Endnotes
CHAPTER 10 Standards and Regulations
Common Standards and Regulations
NERC CIP
CFATS
ISO/IEC 27002:2005
NRC Regulation 5.71
NIST SP 800-82
Mapping Industrial Network Security to Compliance
Perimeter Security Controls
Host Security Controls
Security Monitoring Controls
Mapping Compliance Controls to Network Security Functions
Common Criteria and FIPS Standards
Common Criteria
FIPS 140-2
Summary
Endnotes
CHAPTER 11 Common Pitfalls and Mistakes
Complacency
Vulnerability Assessments vs. Zero-Days
Real Security vs. Policy and Awareness
The Air Gap Myth
Misconfigurations
Default Accounts and Passwords
Lack of Outbound Security and Monitoring
The Executive Override
The Ronco Perimeter
Compliance vs. Security
Audit Fodder
The “One Week Compliance Window”
Scope and Scale
Project-Limited Thinking
Insufficiently Sized Security Controls
Summary
Endnotes
Glossary
Appendix A
Appendix B
Appendix C
Index
BOOK OVERVIEW AND KEY LEARNING POINTS
This book attempts to define an approach to industrial network security that considers the unique network, protocol, and application characteristics of an industrial control system, while also taking into consideration a variety of common compliance controls.
Although many of the techniques described herein—and much of the general guidance provided by regulatory standards organizations—are built upon common enterprise security methods and reference readily available information security tools, there is little information available about how to implement these methods. This book attempts to rectify this by providing deployment and configuration guidance
where possible, and by identifying why security controls should be implemented, where they should implemented, how they should be implemented, and how they should be used.
BOOK AUDIENCE
To adequately discuss industrial network security, the basics of two very different systems need to be understood: the Ethernet and Transmission Control Protocol/ Internet Protocol (TCP/IP) networking communications used ubiquitously in the enterprise, and the SCADA and field bus protocols used to manage and/or operate industrial automated systems. As a result, this book possesses a bifurcated audience. For the plant operator with an advanced electrical engineering degree and a decade of logic programming.
● Screenshot ●
Purchase Now !
Just with Paypal
Just with Paypal
Product details
Price
|
|
|---|---|
File Size
| 6,552 KB |
Pages
|
360 p |
File Type
|
PDF format |
ISBN
| 978-1-59749-645-2 |
Copyright
| 2011 Elsevier Inc |
●▬▬❂❂▬▬●
●▬❂▬●
●❂●
═════● ●═════
