SCADA Security - What's broken and how to fix it

Author: Andrew Ginter

Publisher: Lulu.com

ISBN: 0995298440

Category:

Page: 180

View: 3401

Modern attacks routinely breach SCADA networks that are defended to IT standards. This is unacceptable. Defense in depth has failed us. In ""SCADA Security"" Ginter describes this failure and describes an alternative. Strong SCADA security is possible, practical, and cheaper than failed, IT-centric, defense-in-depth. While nothing can be completely secure, we decide how high to set the bar for our attackers. For important SCADA systems, effective attacks should always be ruinously expensive and difficult. We can and should defend our SCADA systems so thoroughly that even our most resourceful enemies tear their hair out and curse the names of our SCADA systems' designers.

Techno Security's Guide to Securing SCADA

A Comprehensive Handbook On Protecting The Critical Infrastructure

Author: Jack Wiles,Ted Claypoole,Phil Drake,Paul A. Henry,Lester J. Johnson,Sean Lowther,Greg Miles,Marc Weber Tobias,James H. Windle

Publisher: Syngress

ISBN: 9780080569994

Category: Computers

Page: 352

View: 4370

Around the world, SCADA (supervisory control and data acquisition) systems and other real-time process control networks run mission-critical infrastructure--everything from the power grid to water treatment, chemical manufacturing to transportation. These networks are at increasing risk due to the move from proprietary systems to more standard platforms and protocols and the interconnection to other networks. Because there has been limited attention paid to security, these systems are seen as largely unsecured and very vulnerable to attack. This book addresses currently undocumented security issues affecting SCADA systems and overall critical infrastructure protection. The respective co-authors are among the leading experts in the world capable of addressing these related-but-independent concerns of SCADA security. Headline-making threats and countermeasures like malware, sidejacking, biometric applications, emergency communications, security awareness llanning, personnel & workplace preparedness and bomb threat planning will be addressed in detail in this one of a kind book-of-books dealing with the threats to critical infrastructure protection. They collectivly have over a century of expertise in their respective fields of infrastructure protection. Included among the contributing authors are Paul Henry, VP of Technology Evangelism, Secure Computing, Chet Hosmer, CEO and Chief Scientist at Wetstone Technologies, Phil Drake, Telecommunications Director, The Charlotte Observer, Patrice Bourgeois, Tenable Network Security, Sean Lowther, President, Stealth Awareness and Jim Windle, Bomb Squad Commander, CMPD. * Internationally known experts provide a detailed discussion of the complexities of SCADA security and its impact on critical infrastructure * Highly technical chapters on the latest vulnerabilities to SCADA and critical infrastructure and countermeasures * Bonus chapters on security awareness training, bomb threat planning, emergency communications, employee safety and much more * Companion Website featuring video interviews with subject matter experts offer a "sit-down" with the leaders in the field

Securing SCADA Systems

Author: Ronald L. Krutz

Publisher: John Wiley & Sons

ISBN: 1119177847

Category: Computers

Page: 218

View: 1566

Bestselling author Ron Krutz once again demonstrates his ability to make difficult security topics approachable with this first in-depth look at SCADA (Supervisory Control And Data Acquisition) systems Krutz discusses the harsh reality that natural gas pipelines, nuclear plants, water systems, oil refineries, and other industrial facilities are vulnerable to a terrorist or disgruntled employee causing lethal accidents and millions of dollars of damage-and what can be done to prevent this from happening Examines SCADA system threats and vulnerabilities, the emergence of protocol standards, and how security controls can be applied to ensure the safety and security of our national infrastructure assets

Cyber-security of SCADA and Other Industrial Control Systems

Author: Edward J. M. Colbert,Alexander Kott

Publisher: Springer

ISBN: 3319321250

Category: Computers

Page: 355

View: 5557

This book provides a comprehensive overview of the fundamental security of Industrial Control Systems (ICSs), including Supervisory Control and Data Acquisition (SCADA) systems and touching on cyber-physical systems in general. Careful attention is given to providing the reader with clear and comprehensive background and reference material for each topic pertinent to ICS security. This book offers answers to such questions as: Which specific operating and security issues may lead to a loss of efficiency and operation? What methods can be used to monitor and protect my system? How can I design my system to reduce threats?This book offers chapters on ICS cyber threats, attacks, metrics, risk, situational awareness, intrusion detection, and security testing, providing an advantageous reference set for current system owners who wish to securely configure and operate their ICSs. This book is appropriate for non-specialists as well. Tutorial information is provided in two initial chapters and in the beginnings of other chapters as needed. The book concludes with advanced topics on ICS governance, responses to attacks on ICS, and future security of the Internet of Things.

Handbook of SCADA/Control Systems Security

Author: Burt G. Look

Publisher: CRC Press

ISBN: 149871708X

Category: Computers

Page: 441

View: 1125

This comprehensive handbook covers fundamental security concepts, methodologies, and relevant information pertaining to supervisory control and data acquisition (SCADA) and other industrial control systems used in utility and industrial facilities worldwide. A community-based effort, it collects differing expert perspectives, ideas, and attitudes r

Critical Information Infrastructure Security

Third International Workshop, CRITIS 2008, Rome, Italy, October 13-15, 2008

Author: Roberto Setola,Stefan Geretshuber

Publisher: Springer Science & Business Media

ISBN: 3642035515

Category: Business & Economics

Page: 396

View: 3023

This book constitutes the thoroughly refereed post-conference proceedings of the Third International Workshop on Critical Information Infrastructures Security, CRITIS 2008, held in Rome, Italy, in October 2008. The 39 revised full papers presented were carefully reviewed and selected from a total of 70 submissions. All the contributions highlight the current development in the field of Critical (Information) Infrastructures and their Protection. Specifically they emphasized that the efforts dedicated to this topic are beginning to provide some concrete results. Some papers illustrated interesting and innovative solutions devoted to understanding, analyzing and modeling a scenario composed by several heterogeneous and interdependent infrastructures. Furthermore, issues concerning crisis management scenarios for interdependent infrastructures have been illustrated. Encouraging preliminarily results have been presented about the development of new technological solutions addressing self-healing capabilities of infrastructures, that is regarded as one of the most promising research topics to improve the infrastructures’ resilience.

Critical Infrastructure Protection in Homeland Security

Defending a Networked Nation

Author: Ted G. Lewis, PhD

Publisher: John Wiley & Sons

ISBN: 1118817664

Category: Technology & Engineering

Page: 400

View: 7610

"...excellent for use as a text in information assurance orcyber-security courses...I strongly advocate thatprofessors...examine this book with the intention of using it intheir programs." (Computing Reviews.com, March 22, 2007) "The book is written as a student textbook, but it should beequally valuable for current practitioners...this book is a veryworthwhile investment." (Homeland Security Watch, August 17,2006) While the emphasis is on the development of policies that lead tosuccessful prevention of terrorist attacks on the nation’sinfrastructure, this book is the first scientific study of criticalinfrastructures and their protection. The book models thenation’s most valuable physical assets and infrastructuresectors as networks of nodes and links. It then analyzes thenetwork to identify vulnerabilities and risks in the sectorcombining network science, complexity theory, modeling andsimulation, and risk analysis. The most critical components become the focus of deeper analysisand protection. This approach reduces the complex problem ofprotecting water supplies, energy pipelines, telecommunicationstations, Internet and Web networks, and power grids to a muchsimpler problem of protecting a few critical nodes. The new editionincorporates a broader selection of ideas and sectors and moves themathematical topics into several appendices.

Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions

Author: Clint Bodungen,Bryan Singer,Aaron Shbeeb,Kyle Wilhoit,Stephen Hilt

Publisher: McGraw Hill Professional

ISBN: 1259589722

Category: Computers

Page: 544

View: 3987

Learn to defend crucial ICS/SCADA infrastructure from devastating attacks the tried-and-true Hacking Exposed way This practical guide reveals the powerful weapons and devious methods cyber-terrorists use to compromise the devices, applications, and systems vital to oil and gas pipelines, electrical grids, and nuclear refineries. Written in the battle-tested Hacking Exposed style, the book arms you with the skills and tools necessary to defend against attacks that are debilitating—and potentially deadly. Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions explains vulnerabilities and attack vectors specific to ICS/SCADA protocols, applications, hardware, servers, and workstations. You will learn how hackers and malware, such as the infamous Stuxnet worm, can exploit them and disrupt critical processes, compromise safety, and bring production to a halt. The authors fully explain defense strategies and offer ready-to-deploy countermeasures. Each chapter features a real-world case study as well as notes, tips, and cautions. Features examples, code samples, and screenshots of ICS/SCADA-specific attacks Offers step-by-step vulnerability assessment and penetration test instruction Written by a team of ICS/SCADA security experts and edited by Hacking Exposed veteran Joel Scambray

Security-Enriched Urban Computing and Smart Grid

Second International Conference, SUComS 2011, Hualien, Taiwan, September 21-23, 2011. Proceedings

Author: Ruay-Shiung Chang,Tai-Hoon Kim,Sheng-Lung Peng

Publisher: Springer

ISBN: 364223948X

Category: Computers

Page: 350

View: 4627

This book constitutes the proceedings of the Second International Conference on Security-Enriched Urban Computing and Smart Grid, held in Hualien, Taiwan, in September 2011. The 35 revised full papers presented together with two invited papers were carefully reviewed and selected from 97 submissions. Among the topics covered are the internet of things, mobile networks, wireless networks, service-oriented computing, data-centric computing, voice over IP, cloud computing, privacy, smart grid systems, distributed systems, agent-based systems, assistive technology, social networks, and wearable computing.

Cybersecurity for SCADA Systems

Author: William T. Shaw

Publisher: PennWell Books

ISBN: 1593700687

Category: Business & Economics

Page: 562

View: 8978

SCADA technology quietly operates in the background of critical utility and industrial facilities nationwide. "Cybersecurity for SCADA Systems" provides a high-level overview of this unique technology, with an explanation of each market segment. Readers will understand the vital issues, and learn strategies for decreasing or eliminating system vulnerabilities.

Security and Privacy in Smart Grids

Author: Yang Xiao

Publisher: CRC Press

ISBN: 143987784X

Category: Computers

Page: 353

View: 3525

Presenting the work of prominent researchers working on smart grids and related fields around the world, Security and Privacy in Smart Grids identifies state-of-the-art approaches and novel technologies for smart grid communication and security. It investigates the fundamental aspects and applications of smart grid security and privacy and reports on the latest advances in the range of related areas—making it an ideal reference for students, researchers, and engineers in these fields. The book explains grid security development and deployment and introduces novel approaches for securing today’s smart grids. Supplying an overview of recommendations for a technical smart grid infrastructure, the book describes how to minimize power consumption and utility expenditure in data centers. It also: Details the challenges of cybersecurity for smart grid communication infrastructures Covers the regulations and standards relevant to smart grid security Explains how to conduct vulnerability assessments for substation automation systems Considers smart grid automation, SCADA system security, and smart grid security in the last mile The book’s chapters work together to provide you with a framework for implementing effective security through this growing system. Numerous figures, illustrations, graphs, and charts are included to aid in comprehension. With coverage that includes direct attacks, smart meters, and attacks via networks, this versatile reference presents actionable suggestions you can put to use immediately to prevent such attacks.

Handbook of SCADA/Control Systems Security

Author: Robert Radvanovsky,Jacob Brodsky

Publisher: CRC Press

ISBN: 1466502266

Category: Computers

Page: 383

View: 3576

The availability and security of many services we rely upon—including water treatment, electricity, healthcare, transportation, and financial transactions—are routinely put at risk by cyber threats. The Handbook of SCADA/Control Systems Security is a fundamental outline of security concepts, methodologies, and relevant information pertaining to the supervisory control and data acquisition (SCADA) systems and technology that quietly operate in the background of critical utility and industrial facilities worldwide. Divided into five sections, the book examines topics comprising functions within and throughout industrial control systems (ICS) environments. Topics include: Emerging trends and threat factors that plague the ICS security community Risk methodologies and principles that can be applied to safeguard and secure an automated operation Methods for determining events leading to a cyber incident, and methods for restoring and mitigating issues—including the importance of critical communications The necessity and reasoning behind implementing a governance or compliance program A strategic roadmap for the development of a secured SCADA/control systems environment, with examples Relevant issues concerning the maintenance, patching, and physical localities of ICS equipment How to conduct training exercises for SCADA/control systems The final chapters outline the data relied upon for accurate processing, discusses emerging issues with data overload, and provides insight into the possible future direction of ISC security. The book supplies crucial information for securing industrial automation/process control systems as part of a critical infrastructure protection program. The content has global applications for securing essential governmental and economic systems that have evolved into present-day security nightmares. The authors present a "best practices" approach to securing business management environments at the strategic, tactical, and operational levels.

Computer Network Security

Second International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, MMM-ACNS 2003, St. Petersburg, Russia, September 21-23, 2003, Proceedings

Author: Vladimir Gorodetsky,Leonard Popyack

Publisher: Springer Science & Business Media

ISBN: 3540407979

Category: Business & Economics

Page: 470

View: 8064

This book constitutes the refereed proceedings of the Second International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, MMM-ACNS 2003, held in St. Petersburg, Russia in September 2003. The 29 revised full papers and 12 revised short papers presented together with 6 invited papers were carefully reviewed and selected from a total of 62 submissions. The papers are organized in topical sections on mathematical models and architectures for computer network security; intrusion detection; public key distribution, authentication, and access control; cryptography; and stenography.

Foundations of Homeland Security

Law and Policy

Author: Martin J. Alperen

Publisher: John Wiley & Sons

ISBN: 9780470934609

Category: Political Science

Page: 376

View: 6731

This book is the complete guide to understanding the structure of homeland security – its underlying law and policy. Created from a broad and in depth, yet edited collection of statutes, policy papers, presidential directives, and other documents, it cultivates a detailed understanding of the foundations of homeland security. It is arranged in a topic-by-topic format structured to include only the documents and statues that affect a particular subject, making for much easier understanding. Thus, the chapter on FEMA contains only the portions of the statutes and other documents that relate to FEMA. There are twenty-five topic areas. It contains hundreds of end notes, references, and suggestions for further study. This book offers important legal guidance that students, law enforcement officers, lawyers, and other homeland security professionals need to accurately interpret, understand, and apply homeland security policy. The Introduction provides an in-depth overview of the subject of homeland security and includes a discussion of what is homeland security, definitions of homeland security and terrorism, what is homeland security law, its development, and what is a homeland security curriculum. There are contributing chapters about homeland security in Europe, and homeland security in China and Japan.