Industrial Cybersecurity

By : Pascal Ackerman

4.8 (12)

Buy this Book

Industrial Cybersecurity

4.8 (12)

By: Pascal Ackerman

Buy this Book

Overview of this book

With industries expanding, cyber attacks have increased significantly. Understanding your control system’s vulnerabilities and learning techniques to defend critical infrastructure systems from cyber threats is increasingly important. With the help of real-world use cases, this book will teach you the methodologies and security measures necessary to protect critical infrastructure systems and will get you up to speed with identifying unique challenges.Industrial cybersecurity begins by introducing Industrial Control System (ICS) technology, including ICS architectures, communication media, and protocols. This is followed by a presentation on ICS (in) security. After presenting an ICS-related attack scenario, securing of the ICS is discussed, including topics such as network segmentation, defense-in-depth strategies, and protective solutions. Along with practical examples for protecting industrial control systems, this book details security assessments, risk management, and security program development. It also covers essential cybersecurity aspects, such as threat detection and access management. Topics related to endpoint hardening such as monitoring, updating, and anti-malware implementations are also discussed.

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Free Chapter

Industrial Control Systems

An overview of an Industrial control system

The Industrial control system architecture

The Purdue model for Industrial control systems

Industrial control system communication media and protocols

Summary

Insecure by Inheritance

Industrial control system history

Modbus and Modbus TCP/IP

PROFINET

Common IT protocols found in the ICS

Summary

Anatomy of an ICS Attack Scenario

Setting the stage

The Slumbertown paper mill

Trouble in paradise

What can the attacker do with their access?

The cyber kill chain

Phase two of the Slumbertown Mill ICS attack

Other attack scenarios

Summary

Industrial Control System Risk Assessment

Attacks, objectives, and consequences

Risk assessments

A risk assessment example

Summary

The Purdue Model and a Converged Plantwide Ethernet

The Purdue Enterprise Reference Architecture

Summary

The Defense-in-depth Model

ICS security restrictions

How to go about defending an ICS?

The ICS is extremely defendable

The defense-in-depth model

Summary

Physical ICS Security

The ICS security bubble analogy

Segregation exercise

Down to it – Physical security

Summary

ICS Network Security

Designing network architectures for security

Summary

ICS Computer Security

Endpoint hardening

Configuration and change management

Patch management

Endpoint protection software

Summary

ICS Application Security

Application security

Application security testing

ICS application patching

ICS secure SDLC

Summary

ICS Device Security

ICS device hardening

ICS device patching

The ICS device life cycle

Summary

The ICS Cybersecurity Program Development Process

The NIST Guide to Industrial control systems security

The ICS security program development process

Summary

Customer Reviews

4.8 (12)

5 star

83.3%

4 star

8.3%

3 star

8.3%

2 star

1 star

Industrial Control System Risk Assessment

In this chapter, we will get into the details of risk assessments. We start by looking at the types of assessments that are out there. Next, we will explore the different approaches and techniques behind information technology system risk assessments, before we look at the added complexity of conducting Industrial control system—centric assessments. By the end of this chapter, you should have a good understanding of what is involved with conducting a variety of ICS-related risk assessment activities.

We will discuss the following topics: