on 18 July 2012
I'm a former Control Engineer and now work in mainstream IT.
90% of this book contents is run of the mill IT security (i.e. IPv6, etc,). About 10 pages that really start to focus in on control system security and a fair bit on what is a control system. you'd be better searching the internet for this info and its free!
Sent the book back.
on 15 August 2012
This book should be of interest to anyone that has a technical assurance role of critical industrial control systems typically used in energy generation. Although malware targeting critical systems such as Stuxnet and Iran's Natanz Enrichment Facility gain the most media attention, the book explains that SCADA and ICS have legacy design weaknesses that make them far more susceptible to certain types of electronic attack than typical corporate IT systems. It also gives some real world historical attack examples I have not seen publicly disclosed as SCADA attacks.
The book is not alarmist and does not inflate the threat - if anything it rather quietly details why industrial control networks are vulnerable by the protocols, common ICS system design, ICS devices used, physical environment and finally the lack of simulated environments to test fixes to these problems!
My only criticism is that the book lacks real world examples of ICS network designs - it has one or two representative models - but makes it very clear that unfortunately, SCADA and ICS systems probably present a `perfect storm' environment for information security purposes. The book briefly details some suggested hardening measures but ends by concluding that the problem will likely get worse with the introduction of IPv6!