You are previewing Techno Security's Guide to Securing SCADA.
O'Reilly logo
Techno Security's Guide to Securing SCADA

Book Description

Around the world, SCADA (supervisory control and data acquisition) systems and other real-time process control networks run mission-critical infrastructure--everything from the power grid to water treatment, chemical manufacturing to transportation. These networks are at increasing risk due to the move from proprietary systems to more standard platforms and protocols and the interconnection to other networks. Because there has been limited attention paid to security, these systems are seen as largely unsecured and very vulnerable to attack.

This book addresses currently undocumented security issues affecting SCADA systems and overall critical infrastructure protection. The respective co-authors are among the leading experts in the world capable of addressing these related-but-independent concerns of SCADA security. Headline-making threats and countermeasures like malware, sidejacking, biometric applications, emergency communications, security awareness llanning, personnel & workplace preparedness and bomb threat planning will be addressed in detail in this one of a kind book-of-books dealing with the threats to critical infrastructure protection. They collectivly have over a century of expertise in their respective fields of infrastructure protection. Included among the contributing authors are Paul Henry, VP of Technology Evangelism, Secure Computing, Chet Hosmer, CEO and Chief Scientist at Wetstone Technologies, Phil Drake, Telecommunications Director, The Charlotte Observer, Patrice Bourgeois, Tenable Network Security, Sean Lowther, President, Stealth Awareness and Jim Windle, Bomb Squad Commander, CMPD.

* Internationally known experts provide a detailed discussion of the complexities of SCADA security and its impact on critical infrastructure
* Highly technical chapters on the latest vulnerabilities to SCADA and critical infrastructure and countermeasures
* Bonus chapters on security awareness training, bomb threat planning, emergency communications, employee safety and much more
* Companion Website featuring video interviews with subject matter experts offer a "sit-down" with the leaders in the field

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Lead Author
  6. Contributors
    1. Foreword Contributor
  7. Foreword Contributor
  8. Foreword
  9. Chapter 1. Physical Security: SCADA and the Critical Infrastructure’s Biggest Vulnerability
    1. Introduction
    2. Summary
    3. Solutions Fast Track
    4. Frequently Asked Questions (and Special Interviews)
  10. Chapter 2. Supervisory Control and Data Acquisition
    1. Introduction
    2. Just What Is SCADA?
    3. Summary
    4. Solutions Fast Track
    5. Frequently Asked Questions
  11. Chapter 3. SCADA Security Assessment Methodology
    1. Introduction
    2. Why Do Assessments on SCADA Systems?
    3. Information Protection Requirements
    4. An Approach to SCADA Information Security Assessments
    5. Pre-Project Activities
    6. Pre-Assessment Activities
    7. On-Site Assessment Activities
    8. Post Assessment Activities
    9. Resources
    10. Summary
    11. Solutions Fast Track
    12. Frequently Asked Questions
  12. Chapter 4. Developing an Effective Security Awareness Program
    1. Introduction
    2. Why an Information Security Awareness Program Is Important
    3. How to Design an Effective Information Security Awareness Program
    4. How to Implement an Information Security Awareness Program
    5. How Do You Keep Your Program a Successful Component of Your Company’s Mindset?
    6. How to Measure Your Program
    7. Summary
    8. Solutions Fast Track
  13. Chapter 5. Working with Law Enforcement on SCADA Incidents
    1. Introduction
    2. SCADA System Overview
    3. Secure Network Management
    4. Managing Security Events
    5. Examples of Common Attack Techniques
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  14. Chapter 6. Locked but Not Secure: An Overview of Conventional and High Security Locks
    1. Introduction
    2. Conventional Pin Tumbler Locks
    3. Standards for Conventional and High Security Locks
    4. The Concept of Security
    5. Security Vulnerabilities of Conventional Locks: Why High Security Locks Are Supposed to Offer More Protection Against Methods of Entry
    6. Covert Entry Techniques: Manipulation of Internal Locking Components
    7. High Security to High Insecurity: Real World Attacks
    8. Summary
    9. Solutions Fast Track
    10. Frequently Asked Questions
  15. Chapter 7. Bomb Threat Planning: Things Have Changed
    1. Introduction
    2. The Day Our World Changed
    3. Insider Information: Where Do These Guys Get This Stuff?
    4. The Terrorist Profile
    5. Potential Terror Targets
    6. What Should I Be Looking For?
    7. Searching: What Am I Looking For and Where?
    8. Evacuation Plans
    9. Summary
  16. Chapter 8. Biometric Authentication for SCADA Security
    1. Introduction
    2. Understanding Biometric Systems and How They Are Best Used for SCADA Security
    3. Choosing the Best Form of Measurement for Your System
    4. Where are Biometric Authentication Regimes Vulnerable?
    5. Anticipating Legal and Policy Changes That Will Affect Biometrics
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  17. Appendix. Personal, Workforce, and Family Preparedness
    1. Introduction
    2. Threats
    3. Your Personal Preparedness Plan
    4. The Escape Pack
    5. Workforce Preparedness
    6. Steps for Successful Workforce Preparedness
    7. Get Out, Get Away, and Get in Touch
    8. Family Preparedness Plan
    9. Preparedness Pantry
    10. Water
    11. Cooking
    12. Testing Your Home Preparedness Plan
    13. Family Ready Kit
    14. No Lights? No Problem!
    15. Emergency Power
    16. Staying in Touch
    17. Summary
  18. Index