Cover image for Cybersecurity of Industrial Systems

Cybersecurity of Industrial Systems

Author Jean-Marie Flaus
Release Date: 2019/07/01
ISBN: 9781786304216
Topic:
0%
28
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Book Description

How to manage the cybersecurity of industrial systems is a crucial question.

To implement relevant solutions, the industrial manager must have a clear understanding of IT systems, of communication networks and of control-command systems. They must also have some knowledge of the methods used by attackers, of the standards and regulations involved and of the available security solutions.

Cybersecurity of Industrial Systems presents these different subjects in order to give an in-depth overview and to help the reader manage the cybersecurity of their installation. The book addresses these issues for both classic SCADA architecture systems and Industrial Internet of Things (IIoT) systems.

Table of Contents

  1. Cover
  2. Foreword
  3. Introduction
  4. 1 Components of an Industrial Control System
    1. 1.1. Introduction
    2. 1.2. From the birth of the PLC to the SCADA system
    3. 1.3. Programmable logic controller (PLC)
    4. 1.4. RTU, master terminal unit and intelligent electronic device
    5. 1.5. Programmable Automation Controller
    6. 1.6. Industrial PC
    7. 1.7. Safety instrumented systems
    8. 1.8. Human–machine interface (HMI)
    9. 1.9. Historians
    10. 1.10. Programming and parameter setting stations
    11. 1.11. Industrial Internet of Things (IIoT)
    12. 1.12. Network equipment
    13. 1.13. Data processing platform
    14. 1.14. Lifecycle of an ICS
  5. 2 Architecture and Communication in an Industrial Control System
    1. 2.1. Network architecture
    2. 2.2. Different types of communication networks
    3. 2.3. Transport networks
    4. 2.4. Internet protocols
    5. 2.5. Industrial protocols
    6. 2.6. IoT protocols
  6. 3 IT Security
    1. 3.1. Security objectives
    2. 3.2. Differences between IT and OT systems
    3. 3.3. Risk components
    4. 3.4. Risk analysis and treatment process
    5. 3.5. Principle of defense in depth
    6. 3.6. IT security management
    7. 3.7. Risk treatment process
    8. 3.8. Governance and security policy for IT systems
    9. 3.9. Security management of industrial systems
  7. 4 Threats and Attacks to ICS
    1. 4.1. General principle of an attack
    2. 4.2. Sources of threats
    3. 4.3. Attack vectors
    4. 4.4. Main categories of malware
    5. 4.5. Attacks on equipment and applications
    6. 4.6. Site attacks and via websites
    7. 4.7. Network attacks
    8. 4.8. Physical attacks
    9. 4.9. Attacks using the human factor
    10. 4.10. History of attacks on ICS
    11. 4.11. Some statistics
  8. 5 Vulnerabilities of ICS
    1. 5.1. Introduction
    2. 5.2. Generic approach to vulnerability research
    3. 5.3. Attack surface
    4. 5.4. Vulnerabilities of SCADA industrial systems
    5. 5.5. Vulnerabilities of IoT industrial systems
    6. 5.6. Systematic analysis of vulnerabilities
    7. 5.7. Practical tools to analyze technical vulnerability
  9. 6 Standards, Guides and Regulatory Aspects
    1. 6.1. Introduction
    2. 6.2. ISO 27000 family
    3. 6.3. NIST framework and guides
    4. 6.4. Distribution and production of electrical energy
    5. 6.5. Nuclear industry
    6. 6.6. Transportation
    7. 6.7. Other standards
    8. 6.8. ANSSI’s approach
    9. 6.9. Good practices for securing industrial Internet of Things equipment
    10. 6.10. Legislative and regulatory aspects
  10. 7 The Approach Proposed by Standard 62443
    1. 7.1. Presentation
    2. 7.2. IACS lifecycle and security stakeholders
    3. 7.3. Structure of the IEC 62443 standard
    4. 7.4. General idea of the proposed approach
    5. 7.5. Basics of the standard
    6. 7.6. Risk analysis
    7. 7.7. Security management
    8. 7.8. Assessment of the level of protection
    9. 7.9. Implementation of the IEC 62443 standard
  11. 8 Functional Safety and Cybersecurity
    1. 8.1. Introduction
    2. 8.2. IEC 61508 standard and its derivatives
    3. 8.3. Alignment of safety and security
    4. 8.4. Risk analysis methods used in operational safety
  12. 9 Risk Assessment Methods
    1. 9.1. Introduction
    2. 9.2. General principle of a risk analysis
    3. 9.3. EBIOS method
    4. 9.4. Attack trees
    5. 9.5. Cyber PHA and cyber HAZOP
    6. 9.6. Bowtie cyber diagram
    7. 9.7. Risk analysis of IIoT systems
  13. 10 Methods and Tools to Secure ICS
    1. 10.1. Identification of assets
    2. 10.2. Architecture security
    3. 10.3. Firewall
    4. 10.4. Data diode
    5. 10.5. Intrusion detection system
    6. 10.6. Security incident and event monitoring
    7. 10.7. Secure element
  14. 11 Implementation of the ICS Cybersecurity Management Approach
    1. 11.1. Introduction
    2. 11.2. Simplified process
    3. 11.3. Detailed approach
    4. 11.4. Inventory of assets
    5. 11.5. Risk assessment
    6. 11.6. Governance and ISMS
    7. 11.7. Definition of the security policy and procedures
    8. 11.8. Securing human aspects
    9. 11.9. Physical security
    10. 11.10. Network security
    11. 11.11. Securing exchanges by removable media
    12. 11.12. Securing machines
    13. 11.13. Data security and configuration
    14. 11.14. Securing logical accesses
    15. 11.15. Securing supplier and service provider interactions
    16. 11.16. Incident detection
    17. 11.17. Security monitoring
    18. 11.18. Incident handling
    19. 11.19. Recovery
    20. 11.20. Cybersecurity and lifecycle
  15. Appendix 1: Cryptography Basics
  16. Appendix 2: Blockchain and IIoT Security
  17. Appendix 3: NIST SP 800-82 Security Measures
  18. Appendix 4: ANSSI Security Measures
  19. Appendix 5: Additions to the IEC 62433 Standard
  20. Appendix 6: Some Tools
  21. List of acronyms and abbreviations
  22. References
  23. Index
  24. End User License Agreement
3.139.238.76