E-Book, Englisch, 460 Seiten, Format (B × H): 191 mm x 235 mm
Knapp / Langill Industrial Network Security
2. Auflage 2015
ISBN: 978-0-12-420184-2
Verlag: William Andrew Publishing
Format: EPUB
Kopierschutz: 6 - ePub Watermark
Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems
E-Book, Englisch, 460 Seiten, Format (B × H): 191 mm x 235 mm
ISBN: 978-0-12-420184-2
Verlag: William Andrew Publishing
Format: EPUB
Kopierschutz: 6 - ePub Watermark
As the sophistication of cyber-attacks increases, understanding how to defend critical infrastructure systems-energy production, water, gas, and other vital systems-becomes more important, and heavily mandated. Industrial Network Security, Second Edition arms you with the knowledge you need to understand the vulnerabilities of these distributed supervisory and control systems.
The book examines the unique protocols and applications that are the foundation of industrial control systems, and provides clear guidelines for their protection. This how-to guide gives you thorough understanding of the unique challenges facing critical infrastructures, new guidelines and security measures for critical infrastructure protection, knowledge of new and evolving security tools, and pointers on SCADA protocols and security implementation.
- All-new real-world examples of attacks against control systems, and more diagrams of systems
- Expanded coverage of protocols such as 61850, Ethernet/IP, CIP, ISA-99, and the evolution to IEC62443
- Expanded coverage of Smart Grid security
- New coverage of signature-based detection, exploit-based vs. vulnerability-based detection, and signature reverse engineering
Autoren/Hrsg.
Fachgebiete
Weitere Infos & Material
Chapter 1: Introduction
Chapter 2: About Industrial Networks
Chapter 3: Industrial Cyber Security, History and Trends
Chapter 4: Introduction to ICS Systems and Operations
Chapter 5: ICS Network Design and Architecture
Chapter 6: Industrial Network Protocols
Chapter 7: Hacking Industrial Systems
Chapter 8: Risk and Vulnerability Assessments
Chapter 9: Establishing Zones and Conduits
Chapter 10: Exception, Anomaly, and Threat Detection
Chapter 11: Security Monitoring of Industrial Control Systems
Chapter 12: Standards and Regulations
Chapter 13: Common Pitfalls and Mistakes
Chapter 2 About Industrial Networks
Abstract
An introduction to industrial networking and the unique qualities of industrial network cyber security. Keywords
industrial security requirements common recommendations terminology Information in this chapter • The Use of Terminology Within This Book • Common Industrial Security Recommendations • Advanced Industrial Security Recommendations • Common Misperceptions About Industrial Network Security It is important to understand some of the terms used when discussing industrial networking and industrial control systems, as well as the basics of how industrial networks are architected and how they operate before attempting to secure an industrial network and its interconnected systems. It is also important to understand some of the common security recommendations deployed in business networks, and why they may or may not be truly suitable for effective industrial network cyber security. What is an industrial network? Because of a rapidly evolving socio-political landscape, the terminology of industrial networking has become blurred. Terms such as “critical infrastructure,” “APT,” “SCADA,” and “Smart Grid” are used freely and often incorrectly. It can be confusing to discuss them in general terms not only because of the diversity of the industrial networks themselves, but also the markets they serve. Many regulatory agencies and commissions have also been formed to help secure different industrial networks for different industry sectors—each introducing their own specific nomenclatures and terminology. This chapter will attempt to provide a baseline for industrial network cyber security, introducing the reader to some of the common terminology, issues, and security recommendations that will be discussed throughout the remainder of this book. The use of terminology within this book
The authors have witnessed many discussions on industrial cyber security fall apart due to disagreements over terminology. There is a good deal of terminology specific to both cyber security and to industrial control systems that will be used throughout this book. Some readers may be cyber security experts who are unfamiliar with industrial control systems, while others may be industrial system professionals who are unfamiliar with cyber security. For this reason, a conscientious effort has been made by the authors to convey the basics of both disciplines, and to accommodate both types of readers. Some of the terms that will be used extensively include the following: • Assets (including whether they are physical or logical assets, and if they are classified as cyber assets, critical assets, and critical cyber assets) • Enclaves, Zones, and Conduits • Enterprise or Business Networks • Industrial Control Systems: DCS, PCS, SIS, SCADA • Industrial Networks • Industrial Protocols • Network Perimeter or Electronic Security Perimeter (ESP) • Critical Infrastructure. Some cyber security terms that will be addressed include the following: • Attacks • Breaches • Incidents and Exploits • Vulnerabilities • Risk • Security Measures, Security Controls, or Countermeasures. These will be given some cursory attention here, as a foundation for the following chapters. There are many more specialized terms that will be used, and so an extensive glossary has been provided at the back of this book. The first time a term is used, it will be printed in bold to indicate that it is available in the glossary. Note The book title “Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems” was chosen because this text discusses all of these terms to some extent. “Industrial cyber security” is a topic relevant to many industries, each of which differ significantly in terms of design, architecture, and operation. An effective discussion of cyber security must acknowledge these differences; however, it is impossible to cover every nuance of DCS, SCADA, Smart Grids, critical manufacturing, and so on. This book will focus on the commonalities among these industries, providing a basic understanding of industrial automation, and the constituent systems, subsystems, and devices that are used. Every effort will also be made to refer to all industrial automation and control systems (DCS, PCS, SCADA, etc.) as simply industrial control systems or just ICS. It is also important to understand that industrial networks are one link in a much larger chain comprising fieldbus networks, process control networks, supervisory networks, business networks, remote access networks, and any number of specialized applications, services and communications infrastructures that may all be interconnected and therefore must be assessed and secured within the context of cyber security. A Smart Grid, a petroleum refinery, and a city skyscraper may all utilize ICS, yet each represents unique variations in terms of size, complexity, and risk. All are built using the same technologies and principles making the cyber security concerns of each similar and the fundamentals of industrial cyber security equally applicable. Note This book does not go into extensive detail on the architecture of Smart Grids due to the complexity of these systems. Please consult the book “Applied Cyber Security and the Smart Grid”1 if more detail on Smart Grid architecture and its associated cyber security is desired. Attacks, breaches, and incidents: malware, exploits, and APTs
The reason that you are reading a book titled “Industrial Network Security” is likely because you are interested in, if not concerned about, unauthorized access to and potentially hazardous or mischievous usage of equipment connected to an industrial network. This could be a deliberate action by an individual or organization, a government-backed act of cyber war, the side effect of a computer virus that just happened to spread from a business network to an ICS server, the unintended consequence of a faulty network card or—for all we know—the result of some astrological alignment of the sun, planets, and stars (aka “solar flares”). While there are subtle differences in the terms “incident” and “attack”—mostly to do with intent, motivation, and attribution—this book does not intend to dwell on these subtleties. The focus in this book is how an attack (or breach, or exploit, or incident) might occur, and subsequently how to best protect the industrial network and the connected ICS components against undesirable consequences that result from this action. Did the action result in some outcome—operational, health, safety or environment—that must be reported to a federal agency according to some regulatory legislation? Did it originate from another country? Was it a simple virus or a persistent rootkit? Could it be achieved with free tools available on the Internet, or did it require the resources of a state-backed cyber espionage group? Do such groups even exist? The authors of this book think that these are all great questions, but ones best served by some other book. These terms may therefore be used rather interchangeably herein. Assets, critical assets, cyber assets, and critical cyber assets
An asset is simply a term for a component that is used within an industrial control system. Assets are often “physical,” such as a workstation, server, network switch, or PLC. Physical assets also include the large quantity of sensors and actuators used to control an industrial process or plant. There are also “logical” assets that represent what is contained within the physical asset, such as a process graphic, a database, a logic program, a firewall rule set, or firmware. When you think about it, cyber security is usually focused on the protection of “logical” assets and not the “physical” assets that contain them. Physical security is that which tends to focus more on the protection of a physical asset. Security from a general point-of-view can therefore effectively protect a “logical” asset, a “physical” asset, or both. This will become more obvious as we develop the concept of security controls or countermeasures later in this book. The Critical Infrastructure Protection (CIP) standard by the North American Electric Reliability Corporation (NERC) through version 4 has defined a “critical cyber asset” or “CCA” as any device that uses a routable protocol to communicate outside the electronic security perimeter (ESP), uses a routable protocol within a control center, or is dial-up accessible.2 This changed in version 5 of the standard by shifting from an individual asset approach, to one that addresses...
