Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control System
by Eric D. Knapp
ISBN 978-1-59749-645-2 . Amazon.com, USD: 32.90
Reviewed by Richard Austin November 18, 2011
Whether based on the success of STUXNET, Richard Clarke's "Cyber War" or Joel Brenner's "America the Vulnerable", a convincing case has been made that we, as security professionals, should be concerned about the security measures (or lack thereof) being applied to the industrial control systems that manage power generation and distribution as well as many other critical infrastructure components. At the same time, many of us, like your humble correspondent, would be forced to admit that our knowledge in this area doesn't go much further than being able to spell out the acronym "SCADA". Knapp recognizes this lack and provides a quite readable introduction to industrial networks and how familiar security principles can be translated to apply in this complex area.
The first third of the book provides an introduction to industrial networks, their protocols and how they operate. Peppered throughout the introduction are sidelights on security incidents and previews of how security measures may be applied. Acronyms multiply quickly and readers will likely want to maintain a cheat sheet to avoid having to flip back and forth to find their meanings (many, but not all, are in the glossary).
The majority of the book is devoted to parsing out what "information security" really means in the context of industrial networks. Familiar topics such as "vulnerability and risk management" and "situational awareness" are placed in context and the unique considerations imposed by an industrial control network are identified. For example, many of us will have had the experience of crashing a piece of network equipment when scanning its management interface to assess its attack surface. What is an inconvenience in that context may have a much wider impact when the device is controlling a real-world process.
As you might expect, compliance is a major concern and a very useful chapter reviews the relevant standards/regulations and provides recommendations for demonstrating compliance. Knapp also provides a "reverse mapping" that even identifies the relevant chapter of the book.
The closing chapter's review of why-things-often-go-wrong includes many of the usual suspects ("Compliance vs. Security", "Misconfigurations", etc) and serves as a final reminder that though industrial networks present many unique features, they also have much in common with the more familiar areas of information security.
Whether you are charged with defending an industrial network or curious about all the "buzz" over SCADA security, Knapp's book will provide a solid introduction to this fascinating area. Definitely a recommended read.