Industrial Network Security and over 2 million other books are available for Amazon Kindle . Learn more


or
Sign in to turn on 1-Click ordering.
Trade in Yours
For a 3.70 Gift Card
Trade in
More Buying Choices
Have one to sell? Sell yours here
Sorry, this item is not available in
Image not available for
Colour:
Image not available

 
Start reading Industrial Network Security on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Industrial Network Security [Paperback]

Eric Knapp
4.0 out of 5 stars  See all reviews (1 customer review)
RRP: 30.99
Price: 24.07 & FREE Delivery in the UK. Details
You Save: 6.92 (22%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Only 8 left in stock (more on the way).
Dispatched from and sold by Amazon. Gift-wrap available.
Want it tomorrow, 11 July? Choose Express delivery at checkout. Details

Formats

Amazon Price New from Used from
Kindle Edition 19.15  
Paperback 24.07  
Trade In this Item for up to 3.70
Trade in Industrial Network Security for an Amazon Gift Card of up to 3.70, which you can then spend on millions of items across the site. Trade-in values may vary (terms apply). Learn more

Book Description

26 Sep 2011
For a decade now we have been hearing the same thing - that our critical infrastructure is vulnerable and it needs to be secured. "Industrial Network Security" examines the unique protocols and applications that are the foundation of industrial control systems and provides you with comprehensive guidelines for their protection. While covering compliance guidelines, attacks and vectors, and even evolving security tools, this book gives you a clear understanding of SCADA and Control System protocols and how they operate. It: covers implementation guidelines for security measures of critical infrastructure; applies the security measures for system-specific compliance; and, discusses common pitfalls and mistakes and how to avoid them.

Frequently Bought Together

Industrial Network Security + Guide to Industrial Control Systems (ICS) Security - Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and ... such as Programmable Logic Controllers (PLC) + SCADA and Me: A Book for Children and Management
Price For All Three: 36.62

Buy the selected items together


Product details

  • Paperback: 336 pages
  • Publisher: Syngress (26 Sep 2011)
  • Language: English
  • ISBN-10: 1597496456
  • ISBN-13: 978-1597496452
  • Product Dimensions: 2.3 x 18.5 x 22.8 cm
  • Average Customer Review: 4.0 out of 5 stars  See all reviews (1 customer review)
  • Amazon Bestsellers Rank: 538,941 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, and more.

Product Description

Review

"One of the most mysterious areas of information security is industrial system security...What raises the mystery even higher is that the stakes in the area of industrial security are extremely high. While the loss of trade secret information may kill a business, the loss of electricity generating capability may kill not just one person, but potentially thousands. And finally the mystery is solved-with this well-researched book on industrial system network security."--Dr. Anton A. Chuvakin, Security Warrior Consulting "For those looking to get a handle on how to effectively secure critical infrastructure networks, Industrial Network Security is an excellent reference. The reality is that industrial system security can be effectively secured, and the book shows the reader exactly how to do that. In 11 densely written chapters, the book covers all of the necessary areas in which to secure critical infrastructure systems. For those looking for a solid overview of the topic, Industrial Network Security is an excellent reference."--Security Management

About the Author

Eric D. Knapp is a globally recognized expert in industrial control systems cyber security, and continues to drive the adoption of new security technology in order to promote safer and more reliable automation infrastructures. He firsst specialized in industrial control cyber security while at Nitrosecurity, where he focused on the collection and correlation of SCADA and ICS data for the detection of advanced threats against these environments. He was later responsible for the development and implementation of end-to-end ICS cyber security solutions for McAfee, Inc. in his role as Global Director for Critical Infrastructure Markets. He is currently the Director of Strategic Alliances for Wurldtech Security Technologies, where he continues to promote the advancement of embedded security technology in order to better protect SCADA, ICS and other connected, real-time devices. He is a long-time advocate of improved industrial control system cyber security and participates in many Critical Infrastructure industry groups, where he brings a wealth of technology expertise. He has over 20 years of experience in Infromation Technology, specializing in industrial automation technologies, infrastructure security, and applied Ethernet protocols as well as the design and implementation of Intrusion Prevention Systems and Security Information and Event Management systems in both enterprise and industrial networks. In addition to his work in information security, he is an award-winning author of cition. He studied at the University of New Hampshire and the University of London. He can be found on Twitter @ericdknapp Joel Langill is the SCADAhacker. His expertise was developed over nearly 30 years through in-depth, comprehensive industrial control systems architecture, product development, implementation, upgrade and remediation in a variety of roles covering manufacturing of consumer products, oil and gas, including petroleum refining, automation solution sales and development, and system engineering. His employers include major companies such as General Electric, Shell Oil Company, Honeywell Process Solutions, and ENGlobal Automation, offering him rare and insightful expertise in the risks and mitigation of cyber vulnerabilities in industrial control systems.

Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index
Search inside this book:


Customer Reviews

5 star
0
3 star
0
2 star
0
1 star
0
4.0 out of 5 stars
4.0 out of 5 stars
Most Helpful Customer Reviews
4.0 out of 5 stars Review 31 Oct 2012
Format:Paperback
A useful introduction to security from the perspective of industrial control as well as geographically dispersed electrical networks and not just general IT. Also a useful introduction to some common industrial control protocols for people with office IT backgrounds.
Includes a helpful chapter outlining the main security standards, how they overlap and how to comply with them. One weakness is that the solutions are focused on standard IT security tools for IP networks and doesn't fully discuss the alternatives of using SCADA protocols for managing remote devices.
Comment | 
Was this review helpful to you?
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com: 4.2 out of 5 stars  9 reviews
20 of 23 people found the following review helpful
3.0 out of 5 stars Mixed Bag But Good On Detection and Monitoring of ICS 5 Sep 2011
By Dale Peterson - Published on Amazon.com
Format:Paperback|Verified Purchase
Eric Knapp's book Industrial Network Security shipped this month and is also available for the Kindle. It is a tough book to review because the quality and accuracy was very uneven. As compared to other ICS Security books available today, grading on a curve, it deserves 4 stars out of a possible 5. However, it would only rate 2 stars if there was a high quality book on applying technical and administrative IT security to control systems. Unfortunately that book has not yet been written.

The highlights of this book are Chapter 8: Exception, Anomaly and Threat Detection and Chapter 9: Monitoring Enclaves. Not surprising since Eric works for SIEM vendor NitroSecurity (fd: NitroSecurity advertises on digitalbond.com). He covers in detail detection and monitoring for general networks and then with specific ICS examples. For example, Figure 9.12 shows a SIEM dashboard monitoring PI activity such as PI Trust Granted, PI Point Deletion and PI Point Alteration. I'll be rereading these chapters, and they would be helpful for a control system engineer trying to learn security.

Unfortunately I cannot recommend this book for an IT security professional who wants to learn about control systems. There is a lot of important information and good advice, but they would also be misled in important and numerous ways. The two most egregious examples are:

1. The author spends a lot of time on enclaves, his term for security zones. He follows that basics of the Purdue model, but his use of the SCADA DMZ is troubling. It is likely that an IT Security professional reading this would think that pipeline, water canal or transmission SCADA servers and workstations should go in a SCADA DMZ and be directly accessible from the corporate network through a perimeter security device. This does not reflect what is going on in actual ICS, what you would want if you were developing an ICS security architecture, nor the recommendations in the standards and guidelines today. It is missing important, real world discussions of control centers, plant floors, SCADA field sites, and DMZ's between control centers and business networks.

2. When defining components in an ICS the author has all of the HMI's communicating directly with the PLC's; he is missing the SCADA or Realtime Server that is common, especially in larger, critical infrastructure control systems. This is one of the most important servers to secure and it is not even mentioned.

There are enough other instances that were either wrong or not characterized as well as they should be that an IT Security Professional would be led down the wrong path by reading this book because they don't have the experience to know what is accurate.

There are gems in this book where I wrote YES in the margin, the reader just has to sift through the earth to find them. However, at 341-pages there is a lot of earth here and a control system engineer would learn from reading this book. It clearly is better than the Techno Security book because it does speak directly to ICS and a lot more detailed than the ISA/Teumim book with the same title that is 200 pages shorter and with a big font.

My reading recommendation is to start with Chapter 5, then Chapter 4, followed by Chapters 7, 8, and 9. Some other reading suggestions:

- The Tips that are broken out are some of the best and most concise info in the book.

- Also excellent are the tables that pull out the key requirements from various NIST, NISCC, ISA and other standards and guideline documents. The author then adds context and information on meeting the requirements. The tables are dense with info, but are worth reading.

- Skip the frustrating Chapters 2 and 3. The title of the chapters does not reflect what is in the chapter. For example, Chapter 3: Introduction to Industrial Network Security is mostly about APT and Cyber War, and even there the APT discussion is wrong. Chapter 2: About Industrial Networks is actually covered better in Chapter 5 -- just go straight to Chapter 5. I blame the editor for allowing Chapters 2 and 3, and hopefully not too many readers will lose interest before getting to the much better content.

- Smart Grid is discussed in a cursory way that is just a distraction. But again this is mostly in the earlier chapters that you should skip. (Note: this book continues the annoying trend in the US of saying smart grid but really meaning AMI rather than the diversity of projects under the smart grid umbrella.)

- Chapter 7: Establishing Secure Enclaves should be read just as background for the excellent Chapters 8 and 9. The author makes creating security zones unnecessarily complex, and even states that 5 different security zone levels is likely to be insufficient. I would have also preferred some priorities of zones. For example, first to segment the control systems from untrusted networks such as the business network -- and mediate the minimal required communication through a DMZ. Next to segment SCADA field sites from the control center and other field sites, ...

- Securing remote access is not covered in detail in this book. This is a significant omission given that almost every ICS requires for emergency remote access and vendor support.

As I wrote in the beginning, this was a tough book to review with all its highlights and lowlights. Salute the authors serious and substantial effort to produce a book of this size and detail, focus on Chapters 8 and 9, and hope for an improved second edition.

And we still await the definitive book on applying security technical and administrative controls to ICS.
2 of 2 people found the following review helpful
4.0 out of 5 stars Solid SCADA overview 2 Sep 2012
By Ben Rothke - Published on Amazon.com
Format:Paperback
The Stuxnet computer worm of mid-2010 was a huge wake-up call for the energy industry. It also catapulted SCADA from an obscure term to the forefront of industrial security. But nearly two years later, it is unclear if the energy sector is adequately prepared for sophisticated information security threats.

For those looking to get a handle on how to effectively secure critical infrastructure networks, Industrial Network Security is an excellent reference.

In the book's forward, Dr. Anton Chuvakin writes that "one of the most mysterious areas of information security is industrial system security." The reality is that industrial system security can be effectively secured, and the book shows the reader exactly how to do that. In 11 densely written chapters, the book covers all of the necessary areas in which to secure critical infrastructure systems.

The first three chapters provide an introduction to industrial security, SCADA, and control systems. Chapter four then goes into detail about industrial network protocols. The obscurity of these protocols was thought to be a boon to SCADA systems in the past in that attackers were oblivious to their inner workings. In today's world, however, those who intend to attack can learn how to do it.

The book concludes with a chapter on common pitfalls and mistakes. This is a particularly valuable chapter because many companies look for quick and easy approaches to information security but do not provide adequate staff, budget, or time to get the job done. Firms that make those mistakes are likely to be victims of a security breach.

For those looking for a solid overview of the topic, Industrial Network Security is an excellent reference.
1 of 1 people found the following review helpful
5.0 out of 5 stars Industrial Network Security 25 May 2013
By D.F. NAGY - Published on Amazon.com
Format:Kindle Edition|Verified Purchase
Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems

Title: Industrial Network Security,

Author: Eric D. Knapp

ISBN 978-1-59749-645-2

Date of publication: 29th August 2011

Number of Pages: 360

I am a networking professional with over 20 years experience. In the last few months I moved into a new role working with industrial networks. Therefore I was looking for a book that would provide me with an overview of network security in the industrial environments.

The content appears to be structured as follows:

Chapters 1-4 gives and introduction into the terminology and standards used. Here the security concepts are briefly explained. The life cycle of an industrial network and in part also relates this to some of the security weaknesses. This section also covers a brief discussion into vulnerabilities that can provide threats to a network. There is also a description of industrial networking protocol which gives you an idea of what the requirements such as timing and availability.

Chapter 5-7 provides a more detailed description into the components that make up an industrial network. This also looks into network design in how secure enclaves are established and the enforcement of demarcation points. These chapters provide bases for the network design architecture for a typical industrial network. These chapters also talk about the types of attacks, possible attackers and motives and the vulnerabilities that may exist.

Chapter 8-9 describes the operational behavior of an industrial network. This is essentially determining what abnormal behavior verses normal behavior is. This looks at the tools that are available to correlate events logs, audit logs, statistics and event records from the industrial systems. Chapter 9 provides an appreciation that the amount of logged data could be quite considerable since every network component\machine produces one or more type of logs. Often a number of logs may need to be correlated to detect that the network is under attack. This chapter also makes you aware that there are tools that will help to perform much of the work to process the collected data.

Chapter 10 describes various standards relating the network and information security some of which are specific to the industrial sector. These standards mentioned in the chapter range from what a network conforms to and also what is legally required. Most of this chapter consists of a table that gives conformance controls and recommendations to satisfy these. This can provide use input into the design phase of a project for the roll out of a network.

Chapter 11 looks at the common mistakes made in building, designing and operating industrial networks. This chapter does place an emphasis that the main weakness is the humans that work with the network. These weaknesses are highlighted and complacency, error or malicious behavior. Therefore it does place an emphasis on communicating security awareness. The text highlights the fact that security is an on going process as opposed to an implement once project.

The content covers the breadth of subjects that you are likely to find in an industrial network. If you require greater depth then often there are references to standards that you can refer to. With respect to some the networking components like firewalls, IPS/IDS systems it provides a description but it won't turn you into an expert in these areas.

With respect to readability I would day that that it is easy to follow and clearly explains the concepts and components of network security with good use of diagrams to highlight the points in the text. There are a number of tables in particular for tables and standards with suggested recommendations that can be translated to good design practices.

Having read this book it met my personal objective of obtaining a good overview of industrial networking. From my experience so far with industrial network many of it all of the areas covered in this book are relevant to what I encounter as a plant network security engineer.

I would recommend the book for anyone who is new to industrial networking and security as it will provide you with good background information. Additionally I think it provide a good reference book for network designers as it provides good explanations into the security concepts. If you already have a technical background where you already have a network and/or information security background then this book will help you to understand the specifics that are relevant to industrial network.

To sum up this is a very good book and would recommend this to professionals involved in industrial networking security.
1 of 1 people found the following review helpful
4.0 out of 5 stars Not for the Chicken-Hearted 2 May 2013
By Andrew A. Bochman - Published on Amazon.com
Format:Paperback|Verified Purchase
In order to attempt to consume the info in Eric Knapp's book, you've either got to be working with ICS on a daily basis, or else have an incredible burning need and passion to know more about how these systems and networks are put together, how they are exposed to bad guys, and how to begin to better protect them.

I'm in the latter category, and have to admit that even though my zeal for national and energy security could often be categorized as bordering on incendiary, there were times reading this book when my flame flickered a bit. Nevertheless, I found the text approachable, informative and largely engaging.

I think that Dale Peterson's comprehensive Amazon review, which gives credit for what he finds helpful but also critiques several aspects of the book as sub-optimal, is nevertheless a generous effort motivated by an urge to advance the state of understanding on this very important topic. Actually, depending on the level of expertise and experience you bring to this book, his review can help you navigate it in ways that suit your needs.

Final comment: I would like to challenge Eric to combine his worlds and get a little fowl humor into his technical writing and a little more tech into his chicken-zombie narratives. Eric - please keep me/us posted on your success with this challenge. ab
1 of 1 people found the following review helpful
4.0 out of 5 stars I love this book.. 28 Jan 2013
By P. Kamal - Published on Amazon.com
Format:Paperback|Verified Purchase
I am a security professional who has worked in the SCADA Industry in the past. My current role requires me to be up to speed on cyber security as well as security for Industrial Control Systems.

I found this book had just the right mix of technical detail and conceptual elements to be very useful to me. I have used this book, reading it from cover to cover to gain useful insight into almost all elements of Industrial Control Security.

I find myself coming back to the book as a reference source to review concepts. To that end I really like the logical flow of how the book is organized. For me the progression of Industrial Networks, Industrial Network Security, then protocols, establishing enclaves, monitoring enclaves, common pitfalls, all make sense.

The chapters on Vulnerabilities and Risk Asessment, Exceptions and Anomalies, Standard and Regulations are nice add-ons as well.

Unlike many super technical books, Eric's writing style is great and makes it easy to get through the book. Thats the part I like the best. I would recommend this book to people looking to learn more about Industrial Control Security. I would also recommend this book to people already in thie field or related security fields.

- Pan Kamal.
Vice President, Marketing,
AlertEnterprise.
Were these reviews helpful?   Let us know
Search Customer Reviews
Only search this product's reviews

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
Topic:
First post:
Prompts for sign-in
 

Search Customer Discussions
Search all Amazon discussions
   


Look for similar items by category


Feedback