You are previewing Industrial Network Security.
O'Reilly logo
Industrial Network Security

Book Description

For a decade now we have been hearing the same thing—that our critical infrastructure is vulnerable and it needs to be secured. Industrial Network Security examines the unique protocols and applications that are the foundation of industrial control systems and provides you with comprehensive guidelines for their protection. While covering compliance guidelines, attacks and vectors, and even evolving security tools, this book gives you a clear understanding of SCADA and Control System protocols and how they operate.

Table of Contents

  1. Front Cover
  2. Industrial Network Security
  3. Copyright Page
  4. Contents
  5. About the Author
  6. About the Technical Editor
  7. Foreword
  8. 1 Introduction
    1. Book Overview and Key Learning Points
    2. Book Audience
    3. Diagrams and Figures
    4. The Smart Grid
    5. How This Book Is Organized
      1. Chapter 2: About Industrial Networks
      2. Chapter 3: Introduction to Industrial Network Security
      3. Chapter 4: Industrial Network Protocols
      4. Chapter 5: How Industrial Networks Operate
      5. Chapter 6: Vulnerability and Risk Assessment
      6. Chapter 7: Establishing Secure Enclaves
      7. Chapter 8: Exception, Anomaly, and Threat Detection
      8. Chapter 9: Monitoring Enclaves
      9. Chapter 10: Standards and Regulations
      10. Chapter 11: Common Pitfalls and Mistakes
    6. Conclusion
  9. 2 About Industrial Networks
    1. Industrial Networks and Critical Infrastructure
      1. Critical Infrastructure
      2. Critical versus Noncritical Industrial Networks
    2. Relevant Standards and Organizations
      1. Homeland Security Presidential DirectiveSeven/HSPD-7
      2. NIST Special Publications (800 Series)
      3. NERC CIP
      4. Nuclear Regulatory Commission
      5. Federal Information Security Management Act
      6. Chemical Facility Anti-Terrorism Standards
      7. ISA-99
      8. ISO 27002
    3. Common Industrial Security Recommendations
      1. Identification of Critical Systems
      2. Network Segmentation/Isolation of Systems
      3. Defense in Depth
      4. Access Control
    4. The Use of Terminology Within This Book
      1. Networks, Routable and Non-routable
      2. Assets, Critical Assets, Cyber Assets, and Critical Cyber Assets
      3. Enclaves
      4. Electronic Security Perimeters
    5. Summary
    6. Endnotes
  10. 3 Introduction to Industrial Network Security
    1. The Importance of Securing Industrial Networks
    2. The Impact of Industrial Network Incidents
      1. Safety Controls
      2. Consequences of a Successful Cyber Incident
    3. Examples of Industrial Network Incidents
      1. Dissecting Stuxnet
      2. Night Dragon
    4. APT and Cyber War
      1. The Advanced Persistent Threat
      2. Cyber War
      3. Emerging Trends in APT and Cyber War
      4. Still to Come
      5. Defending Against APT
      6. Responding to APT
    5. Summary
    6. Endnotes
  11. 4 Industrial Network Protocols
    1. Overview of Industrial Network Protocols
    2. Modbus
      1. What It Does
      2. How It Works
      3. Variants
      4. Where It Is Used
      5. Security Concerns
      6. Security Recommendations
    3. ICCP/TASE.2
      1. What It Does
      2. How It Works
      3. Where It Is Used
      4. Security Concerns
      5. Security Improvements over Modbus
      6. Security Recommendations
    4. DNP3
      1. What It Does
      2. How It Works
      3. Secure DNP3
      4. Where It Is Used
      5. Security Concerns
      6. Security Recommendations
    5. OLE for Process Control
      1. What It Does
      2. How It Works
      3. OPC-UA and OPC-XI
      4. Where It Is Used
      5. Security Concerns
      6. Security Recommendations
    6. Other Industrial Network Protocols
      1. Ethernet/IP
      2. Profibus
      3. EtherCAT
      4. Ethernet Powerlink
      5. SERCOS III
    7. AMI and the Smart Grid
      1. Security Concerns
      2. Security Recommendations
    8. Summary
    9. Endnotes
  12. 5 How Industrial Networks Operate
    1. Control System Assets
      1. IEDs
      2. RTUs
      3. PLCs
      4. HMIs
      5. Supervisory Workstations
      6. Data Historians
      7. Business Information Consoles and Dashboards
      8. Other Assets
    2. Network Architectures
      1. Topologies Used
    3. Control System Operations
      1. Control Loops
      2. Control Processes
      3. Feedback Loops
      4. Business Information Management
    4. Control Process Management
    5. Smart Grid Operations
    6. Summary
    7. Endnotes
  13. 6 Vulnerability and Risk Assessment
    1. Basic Hacking Techniques
      1. The Attack Process
      2. Targeting an Industrial Network
      3. Threat Agents
    2. Accessing Industrial Networks
      1. The Business Network
      2. The SCADA DMZ
      3. The Control System
      4. Common Vulnerabilities
      5. The Smart Grid
    3. Determining Vulnerabilities
      1. Why Vulnerability Assessment Is Important
      2. Vulnerability Assessment in Industrial Networks
      3. Vulnerability Scanning for Configuration Assurance
      4. Where to Perform VA Scans
      5. Cyber Security Evaluation Tool
    4. Vulnerability Management
      1. Patch Management
      2. Configuration Management
      3. Device Removal and Quarantine
    5. Summary
    6. Endnotes
  14. 7 Establishing Secure Enclaves
    1. Identifying Functional Groups
      1. Network Connectivity
      2. Control Loops
      3. Supervisory Controls
      4. Control Processes
      5. Control Data Storage
      6. Trading Communications
      7. Remote Access
      8. Users and Roles
      9. Protocols
      10. Criticality
      11. Using Functional Groups to Identify Enclaves
    2. Establishing Enclaves
      1. Identifying Enclave Perimeters
      2. Network Alterations
      3. Enclaves and Security Policy Development
      4. Enclaves and Security Device Configurations
    3. Securing Enclave Perimeters
      1. Selecting Perimeter Security Devices
      2. Implementing Perimeter Security Devices
      3. Intrusion Detection and Prevention (IDS/IPS) Configuration Guidelines
    4. Securing Enclave Interiors
      1. Selecting Interior Security Systems
    5. Summary
    6. Endnotes
  15. 8 Exception, Anomaly, and Threat Detection
    1. Exception Reporting
    2. Behavioral Anomaly Detection
      1. Measuring Baselines
      2. Anomaly Detection
    3. Behavioral Whitelisting
      1. User Whitelists
      2. Asset Whitelists
      3. Application Behavior Whitelists
    4. Threat Detection
      1. Event Correlation
      2. Correlating between IT and OT Systems
    5. Summary
    6. Endnotes
  16. 9 Monitoring Enclaves
    1. Determining What to Monitor
      1. Security Events
      2. Assets
      3. Configurations
      4. Applications
      5. Networks
      6. User Identities and Authentication
      7. Additional Context
      8. Behavior
    2. Successfully Monitoring Enclaves
      1. Log Collection
      2. Direct Monitoring
      3. Inferred Monitoring
      4. Information Collection and Management Tools (Log Management Systems, SIEMs)
      5. Monitoring Across Secure Boundaries
    3. Information Management
      1. Queries
      2. Reports
      3. Alerts
      4. Incident Investigation and Response
    4. Log Storage and Retention
      1. Nonrepudiation
      2. Data Retention/Storage
      3. Data Availability
    5. Summary
    6. Endnotes
  17. 10 Standards and Regulations
    1. Common Standards and Regulations
      1. NERC CIP
      2. CFATS
      3. ISO/IEC 27002:2005
      4. NRC Regulation 5.71
      5. NIST SP 800-82
    2. Mapping Industrial Network Security to Compliance
      1. Perimeter Security Controls
      2. Host Security Controls
      3. Security Monitoring Controls
    3. Mapping Compliance Controls to Network Security Functions
    4. Common Criteria and FIPS Standards
      1. Common Criteria
      2. FIPS 140-2
    5. Summary
    6. Endnotes
  18. 11 Common Pitfalls and Mistakes
    1. Complacency
      1. Vulnerability Assessments vs. Zero-Days
      2. Real Security vs. Policy and Awareness
      3. The Air Gap Myth
    2. Misconfigurations
      1. Default Accounts and Passwords
      2. Lack of Outbound Security and Monitoring
      3. The Executive Override
      4. The Ronco Perimeter
    3. Compliance vs. Security
      1. Audit Fodder
      2. The “One Week Compliance Window”
    4. Scope and Scale
      1. Project-Limited Thinking
      2. Insufficiently Sized Security Controls
    5. Summary
    6. Endnotes
  19. Glossary
  20. Appendix A
    1. Modbus Organization
    2. DNP3 Users Group
    3. OPC Foundation
    4. Common Industrial Protocol/ODVA
  21. Appendix B
    1. North American Reliability Corporation (NERC)
    2. The United States Nuclear Regulatory Commission (NRC)
    3. United States Department of Homeland Security (DHS)
    4. International Standards Association (ISA)
    5. The International Standards Organization (ISO) and International Electrotechnical Commission (IEC)
  22. Appendix C
  23. Index