Industrial network security securing critical infrastructure networks for smart grid, SCADA, and other industrial control systems
As the sophistication of cyber-attacks increases, understanding how to defend critical infrastructure systems-energy production, water, gas, and other vital systems-becomes more important, and heavily mandated. Industrial Network Security, Third Edition arms you with the knowledge you need to unders...
| Autor principal: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
San Diego :
Elsevier Science & Technology Books
2024.
|
| Edición: | Third edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009835405306719 |
Tabla de Contenidos:
- Front Cover
- Industrial Network Security
- Industrial Network Security
- Copyright
- Contents
- Biography
- Acknowledgments
- 1 - Introduction
- Book overview and key learning points
- Book audience
- Diagrams and figures
- The smart grid
- OT, IoT, IIoT, and xIoT
- How this book is organized
- Chapter 2: About Industrial Networks
- Chapter 3: Industrial Cyber Security, History, and Trends
- Chapter 4: Introduction to ICS Systems and Operations
- Chapter 5: ICS Network Design and Architecture
- Chapter 6: Industrial Network Protocols
- Chapter 7: Hacking Industrial Systems
- Chapter 8: Risk and Vulnerability Assessments
- Chapter 9: Establishing Zones and Conduits
- Chapter 10: OT Attack and Defense Lifecycles
- Chapter 11: Implementing Security and Access Controls
- Chapter 12: Exception, Anomaly, and Threat Detection
- Chapter 13: Security Monitoring of Industrial Control Systems
- Chapter 14: Standards and Regulations
- Chapter 15: Common Pitfalls and Mistakes
- Changes made to the third edition
- Conclusion
- 2 - About Industrial Networks
- The use of terminology within this book
- Attacks, breaches and incidents
- malware, exploits, and APTs
- Assets, critical assets, cyberassets, and critical cyberassets
- Security controls and security countermeasures
- Firewalls and intrusion prevention systems
- Industrial control system
- Building control systems
- DCS or SCADA?
- Plants, mills, refineries, and lines
- Industrial networks
- Industrial protocols
- Networks, routable networks and non-routable networks
- Enterprise or business networks
- Zones and enclaves
- Network perimeters or "electronic security perimeters"
- Critical infrastructure
- Utilities
- Nuclear facilities
- Bulk electric
- Smart grid
- Chemical facilities
- Understanding "OT" versus "IT".
- Common Industrial Security Recommendations
- Identification of critical systems
- Network segmentation/isolation of systems
- Defense in depth
- Access control
- Advanced Industrial Security Recommendations
- Security Monitoring
- Policy whitelisting
- Application whitelisting
- Common Misperceptions About Industrial Network Security
- Assumptions made in this book
- Summary
- 3 - Industrial Cybersecurity History and Trends
- The convergence of OT and IT
- Importance of securing industrial networks
- The evolution of the cyber threat
- APTs and weaponized malware
- Industroyer
- Night dragon
- Stuxnet
- TRISIS
- Advanced persistent threats and cyber warfare
- Still to come
- Defending against modern cyber threats
- The insider
- Hacktivism, cybercrime, cyberterrorism, and cyberwar
- Summary
- 4 - Introduction to Industrial Control Systems and Operations
- System assets
- Programmable logic controller
- Ladder diagrams
- Sequential function charts
- Remote terminal unit
- Intelligent electronic device
- Human-machine interface
- Supervisory workstations
- Data historian
- Business information consoles and dashboards
- Other assets
- System operations
- Control loops
- Control processes
- Feedback loops
- Production information management
- Business information management
- Process management
- Safety instrumented systems
- The smart grid
- Network architectures
- Summary
- 5 - Industrial Network Design and Architecture
- Introduction to industrial networking
- Common topologies
- Network segmentation
- Higher layer segmentation
- Physical versus logical segmentation
- Microsegmentation
- Cryptographic microsegmentation
- Network services
- Wireless networks
- Remote access
- Performance considerations
- Latency and jitter
- Bandwidth and throughput.
- Type of service, class of service, and quality of service
- Network hops
- Network security controls
- Safety instrumented systems
- Special considerations
- Wide area connectivity
- Smart grid network considerations
- Advanced metering infrastructure
- Summary
- 6 - Industrial Network Protocols
- Overview of industrial network protocols
- Fieldbus protocols
- Modicon communication bus (Modbus)
- What it does
- How it works
- Variants
- Modbus RTU and Modbus ASCII
- Modbus TCP
- Modbus plus or Modbus+
- Where it is used
- Security concerns
- Security recommendations
- Distributed network protocol (DNP3)
- What it does
- How it works
- Secure DNP3
- Where it is used
- Security concerns
- Security recommendations
- Process fieldbus (PROFIBUS)
- Security concerns
- Security recommendations
- Industrial ethernet protocols
- Ethernet industrial protocol (EtherNet/IP)
- Security concerns
- Security recommendations
- PROFINET
- Security concerns
- Security recommendations
- EtherCAT
- Security concerns
- Security recommendations
- Ethernet POWERLINK
- Security concerns
- Security recommendations
- SERCOS III
- Security concerns
- Security recommendations
- Backend protocols
- Object linking and embedding for process control
- What it does
- How it works
- Where it is used
- Security concerns
- Security recommendations
- Intercontrol center communications protocol (ICCP/IEC 60870-6 TASE.2)
- What it does
- How it works
- Where it is used
- Security concerns
- Security improvements over Modbus
- Security recommendations
- IEC 61850, 60870-5-101, and 60870-5-104
- How they work
- 60870-5-101 and 60870-5-104
- IEC 61850
- Security concerns
- Security recommendations
- AMI and the smart grid
- Security concerns
- Security recommendations
- Industrial protocol simulators
- Modbus/TCP
- DNP3.
- OPC
- ICCP/TASE.2
- Physical hardware
- Summary
- 7 - Hacking Industrial Control Systems
- Motives and consequences
- Consequences of a successful cyberincident
- Cybersecurity and safety
- Common industrial targets
- The evolution of the industrial cyberattack
- Common attack methods
- Attack phases
- Initial attack phases
- Industrial attack phases
- Cyber-physical attacks
- Rogue access devices
- Keylogging/keystroke injections/HID attacks
- Man-in-the-middle attacks
- Denial-of-service attacks
- Replay attacks
- Compromising the human-machine interface
- Compromising the engineering workstation
- Blended attacks
- Weaponized industrial cyberthreats
- Stuxnet
- Dissecting stuxnet
- What it does
- Lessons learned
- Shamoon/DistTrack
- Flame/flamer/skywiper
- Dragonfly
- BlackEnergy
- Industroyer
- TRISIS/TRITON
- Industroyer2
- Incontroller/pipedream
- Attack trends
- Evolving vectors
- Supply chain vulnerabilities
- Adobe Portable Document Format
- Macros
- Secure sockets layers
- Log4j
- Ransomware and industrial control systems
- Industrial application layer protocols
- Antisocial networks: A new playground for malware
- Polymorphic and adaptive malware
- Dealing with an infection
- Summary
- 8 - Risk and Vulnerability Assessments
- Cybersecurity and risk management
- Why risk management is the foundation of cyber security?
- What is risk?
- Standards and best practices for risk management
- Methodologies for assessing risk within industrial control systems
- Security tests
- Security audits
- Security and vulnerability assessments
- Establishing a testing and assessment methodology
- Tailoring a methodology for industrial networks
- Theoretical versus physical tests
- On-line versus off-line physical tests
- System characterization
- Data collection.
- Scanning of industrial networks
- Device scanners
- Vulnerability scanners
- Traffic scanners
- Live host identification
- "Quiet"/"friendly" scanning techniques
- Potentially "noisy"/"dangerous" scanning techniques
- Port mirroring and span ports
- Command line tools
- Hardware and software inventory
- Data flow analysis
- Threat identification
- Threat actors/sources
- Threat vectors
- Threat events
- Identification of threats during security assessments
- Vulnerability identification
- Vulnerability scanning
- Configuration auditing
- Vulnerability prioritization
- Common vulnerability scoring system
- Process vulnerabilities
- Risk classification and ranking
- Consequences and impact
- How to estimate consequences and likelihood?
- Risk ranking
- Cyber-physical threat modeling
- How does one model a cyber-physical threat?
- Using simulations versus labs for threat modeling
- Cybersecurity HAZOP
- Risk reduction and mitigation
- Summary
- 9 - Establishing Zones and Conduits
- Security zones and conduits explained
- Identifying and classifying security zones and conduits
- Recommended security zone separation
- Network connectivity
- Control loops
- Supervisory controls
- Plant-level control processes
- Control data storage
- Trading communications
- Remote access
- Users and roles
- Protocols
- Criticality
- Establishing security zones and conduits
- Using microsegmentation to establish zones and conduits
- Creating a zone and conduit map
- Summary
- 10 - OT Attack and Defense Lifecycles
- Attack lifecycles and kill chains
- Obtaining access to industrial networks
- Planning
- Preparation
- Intrusion
- Enablement
- Execution
- Manipulation of industrial networks
- Development and test
- Delivery, installation, and modification
- Execution
- Defense lifecycles
- Identify
- Protect.
- Detect.
