Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems 1st Edition

Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control SystemsTitle: Industrial Network Security,Author: Eric D. KnappISBN 978-1-59749-645-2Date of publication: 29th August 2011Number of Pages: 360I am a networking professional with over 20 years experience. In the last few months I moved into a new role working with industrial networks. Therefore I was looking for a book that would provide me with an overview of network security in the industrial environments.The content appears to be structured as follows:Chapters 1-4 gives and introduction into the terminology and standards used. Here the security concepts are briefly explained. The life cycle of an industrial network and in part also relates this to some of the security weaknesses. This section also covers a brief discussion into vulnerabilities that can provide threats to a network. There is also a description of industrial networking protocol which gives you an idea of what the requirements such as timing and availability.Chapter 5-7 provides a more detailed description into the components that make up an industrial network. This also looks into network design in how secure enclaves are established and the enforcement of demarcation points. These chapters provide bases for the network design architecture for a typical industrial network. These chapters also talk about the types of attacks, possible attackers and motives and the vulnerabilities that may exist.Chapter 8-9 describes the operational behavior of an industrial network. This is essentially determining what abnormal behavior verses normal behavior is. This looks at the tools that are available to correlate events logs, audit logs, statistics and event records from the industrial systems. Chapter 9 provides an appreciation that the amount of logged data could be quite considerable since every network component\machine produces one or more type of logs. Often a number of logs may need to be correlated to detect that the network is under attack. This chapter also makes you aware that there are tools that will help to perform much of the work to process the collected data.Chapter 10 describes various standards relating the network and information security some of which are specific to the industrial sector. These standards mentioned in the chapter range from what a network conforms to and also what is legally required. Most of this chapter consists of a table that gives conformance controls and recommendations to satisfy these. This can provide use input into the design phase of a project for the roll out of a network.Chapter 11 looks at the common mistakes made in building, designing and operating industrial networks. This chapter does place an emphasis that the main weakness is the humans that work with the network. These weaknesses are highlighted and complacency, error or malicious behavior. Therefore it does place an emphasis on communicating security awareness. The text highlights the fact that security is an on going process as opposed to an implement once project.The content covers the breadth of subjects that you are likely to find in an industrial network. If you require greater depth then often there are references to standards that you can refer to. With respect to some the networking components like firewalls, IPS/IDS systems it provides a description but it won't turn you into an expert in these areas.With respect to readability I would day that that it is easy to follow and clearly explains the concepts and components of network security with good use of diagrams to highlight the points in the text. There are a number of tables in particular for tables and standards with suggested recommendations that can be translated to good design practices.Having read this book it met my personal objective of obtaining a good overview of industrial networking. From my experience so far with industrial network many of it all of the areas covered in this book are relevant to what I encounter as a plant network security engineer.I would recommend the book for anyone who is new to industrial networking and security as it will provide you with good background information. Additionally I think it provide a good reference book for network designers as it provides good explanations into the security concepts. If you already have a technical background where you already have a network and/or information security background then this book will help you to understand the specifics that are relevant to industrial network.To sum up this is a very good book and would recommend this to professionals involved in industrial networking security.

In order to attempt to consume the info in Eric Knapp's book, you've either got to be working with ICS on a daily basis, or else have an incredible burning need and passion to know more about how these systems and networks are put together, how they are exposed to bad guys, and how to begin to better protect them.I'm in the latter category, and have to admit that even though my zeal for national and energy security could often be categorized as bordering on incendiary, there were times reading this book when my flame flickered a bit. Nevertheless, I found the text approachable, informative and largely engaging.I think that Dale Peterson's comprehensive Amazon review, which gives credit for what he finds helpful but also critiques several aspects of the book as sub-optimal, is nevertheless a generous effort motivated by an urge to advance the state of understanding on this very important topic. Actually, depending on the level of expertise and experience you bring to this book, his review can help you navigate it in ways that suit your needs.Final comment: I would like to challenge Eric to combine his worlds and get a little fowl humor into his technical writing and a little more tech into his chicken-zombie narratives. Eric - please keep me/us posted on your success with this challenge. ab

Eric Knapp's book Industrial Network Security shipped this month and is also available for the Kindle. It is a tough book to review because the quality and accuracy was very uneven. As compared to other ICS Security books available today, grading on a curve, it deserves 4 stars out of a possible 5. However, it would only rate 2 stars if there was a high quality book on applying technical and administrative IT security to control systems. Unfortunately that book has not yet been written.The highlights of this book are Chapter 8: Exception, Anomaly and Threat Detection and Chapter 9: Monitoring Enclaves. Not surprising since Eric works for SIEM vendor NitroSecurity (fd: NitroSecurity advertises on digitalbond.com). He covers in detail detection and monitoring for general networks and then with specific ICS examples. For example, Figure 9.12 shows a SIEM dashboard monitoring PI activity such as PI Trust Granted, PI Point Deletion and PI Point Alteration. I'll be rereading these chapters, and they would be helpful for a control system engineer trying to learn security.Unfortunately I cannot recommend this book for an IT security professional who wants to learn about control systems. There is a lot of important information and good advice, but they would also be misled in important and numerous ways. The two most egregious examples are:1. The author spends a lot of time on enclaves, his term for security zones. He follows that basics of the Purdue model, but his use of the SCADA DMZ is troubling. It is likely that an IT Security professional reading this would think that pipeline, water canal or transmission SCADA servers and workstations should go in a SCADA DMZ and be directly accessible from the corporate network through a perimeter security device. This does not reflect what is going on in actual ICS, what you would want if you were developing an ICS security architecture, nor the recommendations in the standards and guidelines today. It is missing important, real world discussions of control centers, plant floors, SCADA field sites, and DMZ's between control centers and business networks.2. When defining components in an ICS the author has all of the HMI's communicating directly with the PLC's; he is missing the SCADA or Realtime Server that is common, especially in larger, critical infrastructure control systems. This is one of the most important servers to secure and it is not even mentioned.There are enough other instances that were either wrong or not characterized as well as they should be that an IT Security Professional would be led down the wrong path by reading this book because they don't have the experience to know what is accurate.There are gems in this book where I wrote YES in the margin, the reader just has to sift through the earth to find them. However, at 341-pages there is a lot of earth here and a control system engineer would learn from reading this book. It clearly is better than the Techno Security book because it does speak directly to ICS and a lot more detailed than the ISA/Teumim book with the same title that is 200 pages shorter and with a big font.My reading recommendation is to start with Chapter 5, then Chapter 4, followed by Chapters 7, 8, and 9. Some other reading suggestions:- The Tips that are broken out are some of the best and most concise info in the book.- Also excellent are the tables that pull out the key requirements from various NIST, NISCC, ISA and other standards and guideline documents. The author then adds context and information on meeting the requirements. The tables are dense with info, but are worth reading.- Skip the frustrating Chapters 2 and 3. The title of the chapters does not reflect what is in the chapter. For example, Chapter 3: Introduction to Industrial Network Security is mostly about APT and Cyber War, and even there the APT discussion is wrong. Chapter 2: About Industrial Networks is actually covered better in Chapter 5 -- just go straight to Chapter 5. I blame the editor for allowing Chapters 2 and 3, and hopefully not too many readers will lose interest before getting to the much better content.- Smart Grid is discussed in a cursory way that is just a distraction. But again this is mostly in the earlier chapters that you should skip. (Note: this book continues the annoying trend in the US of saying smart grid but really meaning AMI rather than the diversity of projects under the smart grid umbrella.)- Chapter 7: Establishing Secure Enclaves should be read just as background for the excellent Chapters 8 and 9. The author makes creating security zones unnecessarily complex, and even states that 5 different security zone levels is likely to be insufficient. I would have also preferred some priorities of zones. For example, first to segment the control systems from untrusted networks such as the business network -- and mediate the minimal required communication through a DMZ. Next to segment SCADA field sites from the control center and other field sites, ...- Securing remote access is not covered in detail in this book. This is a significant omission given that almost every ICS requires for emergency remote access and vendor support.As I wrote in the beginning, this was a tough book to review with all its highlights and lowlights. Salute the authors serious and substantial effort to produce a book of this size and detail, focus on Chapters 8 and 9, and hope for an improved second edition.And we still await the definitive book on applying security technical and administrative controls to ICS.