Protecting Industrial Control Systems from Electronic Threats

You looking to find the "Protecting Industrial Control Systems from Electronic Threats" Good news! You can purchase Protecting Industrial Control Systems from Electronic Threats with secure price and compare to view update price on this product. And deals on this product is available only for limited time.

   

Product Description

Aimed at both the novice and expert in IT security and industrial control systems (ICS), this book will help readers gain a better understanding of protecting ICSs from electronic threats. Cyber security is getting much more attention and 'SCADA security' (Supervisory Control and Data Acquisition) is a particularly important part of this field, as are Distributed Control Systems (DCS), Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), Intelligent Electronic Devices (IEDs)-and all the other, field controllers, sensors, and drives, emission controls, and that make up the 'intelligence' of modern industrial buildings and facilities. This book will help the reader better understand what is industrial control system cyber security, why is it different than IT security, what has really happened to date, and what needs to be done. Loads of practical advice is offered on everything from clarity on current cyber-security systems and how they can be integrated into general IT systems, to how to conduct risk assessments and how to obtain certifications, to future trends in legislative and regulatory issues affecting industrial security.

Protecting Industrial Control Systems from Electronic Threats Review

I approached this review as someone very familiar with many aspects of energy regulation and having broad knowledge of IT security having recently passed my CISSP exam. I am not an Industrial Control Engineer, but am very concerned about cyber threats to our energy, water, chemcial and transportation infrastructure. That is where this book comes in handy. I rated this book 4 stars, because it provides a good grounding of the technical and policy issues and obstacles that have to be addressed to protect infrastructure. Note, this review is my personal opinion and does not reflect the views or opinions of my employer.

The 166 pages of this text really amount to a crash course on industrial control systems and document why many typical IT security measures may fail to prevent cyber attacks. In fact the author goes to great lengths to explain how such out of the box security fixes may do more harm than good and bring the underlying hardware and software to a screeching halt. The real impacts of that happening could translate to blackouts and brownouts, pipeline explosions and a host of other inconveniences depending on the kind of system one is dealing with.

Joe Weiss leads the reader slowly through the technical issues of industrial control systems and provides numerous examples of how cyber threats have plagued various industries. These summaries are detailed and valuable. I found myself thinking about what administrative and logical controls to apply.

This book is ideal for any IT Security professional or regulators who have to grapple with protecting electric, natural gas, oil, water, chemical and transportation infrastructure from cyber attacks. Some of the materials are very technical and policy makers and regulators may find these distracting. However, one needs this grounding if only to appreciate that securing industrial controls of power, natural gas, water, etc. is complicated and can not be done without carefully examining the implications of policies, regulations, and technical fixes being applied to the IOCs. To do otherwise may only make matters worse.

In fact, owners of these facilities would be wise to prevent IT Security experts from working on their industrial control facilities who don't at least have an appreciation of their respective facilities. The reverse is true is also true. Industrial control engineers who don't have a grounding in IT security can't just simply apply IT fixes to their existing systems.

This book can go a long way in filling those gaps in industry knowledge and gaps in existing regulations that purport to improve electric reliability and secure the Smart Grid. At a minimum, the book will at least make both IT Security staff and Industrial Control Engineers aware of each other and the wide variety of fixes that can help or make matters worse when applied.

Key nuggets that I took away from the book are as follows:

1. One can not casually apply security policies, technical controls and testing to industrial controls and then declare victory.
2. Applying typical IT security fixes like patches, vulnerability scans, password lockouts can be worse then the typical cyber threats they intend to fix.
3. Industrial control systems (IOC) are temperamental and are designed with almost one thing in mind--- availability. As the author states, most IOCs must operate at 99.9999 percent (5 minutes a year of down time)
4. Many catastrophic events associated with electrical, natural gas, water and sewage are due to cyber events that are intentional and unintentional.
5. Compliance with government regulations may give a false sense to industry, government and the public that our infrastructure is secure from cyber threats.
6. While multiple industries use similar industrial controls, there is little sharing of information regarding instances of cyber threats or how to deal with them.
7. Information Security Professionals and Industrial Control Professionals don't have a forum to talk with each other.

The one question that lingers after reading this book is why haven't manufacturers of industrial control systems responded with hardware and software to protect systems against cyber threats. Certainly there appears to be a market for and a need to protect industrial control systems from such attacks. The answer alluded to it that the focus is on compliance with government regulations at the expense of security. It may also be because the upgrades required are expensive and regulatory bodies are not willing to include these expenditures in customer rate bases (at least for power).

Also the bar or need to protect industrial control systems has already been raised by the discovery of the Stuxnet worm. This worm attacked programmable logic controller which are a part of industrial control systems. While the book does not mention Stuxnet, it's message is all the more compelling now that the worm is in the wild and variants of it may follow.

Most of the consumer Reviews tell that the "Protecting Industrial Control Systems from Electronic Threats" are high quality item. You can read each testimony from consumers to find out cons and pros from Protecting Industrial Control Systems from Electronic Threats ...