In Practical Industrial Cybersecurity: ICS, Industry 4.0, and IIoT, veteran electronics and computer security author Charles J. Brooks and electrical grid cybersecurity expert Philip Craig deliver an authoritative and robust discussion of how to meet modern industrial cybersecurity challenges. The book outlines the tools and techniques used by practitioners in the industry today, as well as the foundations of the professional cybersecurity skillset required to succeed on the SANS Global Industrial Cyber Security Professional (GICSP) exam.
Full of hands-on explanations and practical guidance, this book also includes: - Comprehensive coverage consistent with the National Institute of Standards and Technology guidelines for establishing secure industrial control systems (ICS) - Rigorous explorations of ICS architecture, module and element hardening, security assessment, security governance, risk management, and more
Practical Industrial Cybersecurity is an indispensable read for anyone preparing for the Global Industrial Cyber Security Professional (GICSP) exam offered by the Global Information Assurance Certification (GIAC). It also belongs on the bookshelves of cybersecurity personnel at industrial process control and utility companies.
Practical Industrial Cybersecurity provides key insights to the Purdue ANSI/ISA 95 Industrial Network Security reference model and how it is implemented from the production floor level to the Internet connection of the corporate network. It is a valuable tool for professionals already working in the ICS/Utility network environment, IT cybersecurity personnel transitioning to the OT network environment, and those looking for a rewarding entry point into the cybersecurity field.
Table of Contents
Introduction xxiii
Chapter 1 Industrial Control Systems 1
Introduction 2
Basic Process Control Systems 3
Closed- Loop Control Systems 5
Industrial Process Controllers 6
Supervisory Control and Data Acquisition Systems 20
System Telemetry 21
Utility Networks 23
OT/IT Network Integration 25
Industrial Safety and Protection Systems 28
Safety Instrument Systems 29
Review Questions 39
Exam Questions 41
Chapter 2 ICS Architecture 43
Introduction 44
Network Transmission Media 45
Copper Cabling 45
Fiber- Optic Cabling 46
Industrial Network Media Standards 49
Ethernet Connectivity 52
External Network Communications 53
Transmission Media Vulnerabilities 55
Field Device Architecture 56
PLC I/O Sections 58
PLC Implementations 62
Industrial Sensors 63
Final Control Elements/Actuators 71
Relays 73
Process Units 76
Industrial Network Protocols 79
Common Industrial Protocols 79
EtherNet/IP Protocol 79
Modbus 80
ProfiNet/ProfiBus 81
Dnp3 82
Iccp 83
Opc 83
BACnet 83
Enterprise Network Protocols 84
Tcp/ip 84
Dynamic Host Configuration Protocol 89
Review Questions 90
Exam Questions 91
Chapter 3 Secure ICS Architecture 95
Introduction 96
Boundary Protection 97
Firewalls 98
Proxies 104
Security Topologies 105
Network Switches 106
Routers 108
Security Zoning Models 109
Flat Network Topologies 113
Network Segmentation 122
Controlling Intersegment Data Movement 128
Tunneling 128
Wireless Networking 129
Wireless Sensors 131
Wireless Gateways 134
Modems 135
Review Questions 137
Exam Questions 139
Chapter 4 ICS Module and Element Hardening 143
Introduction 145
Endpoint Security and Hardening 145
User Workstation Hardening 145
BIOS Security Subsystems 147
Additional Outer Perimeter Access Hardening 148
Mobile Device Protection 154
OS Security/Hardening 155
File System Security 156
Operating System Security Choices 160
Linux SystemV vs Systemd 160
Hardening Operating Systems 162
Common Operating System Security Tools 162
Virtualization 169
Application Software Security 172
Software Exploitation 172
Information Leakage 173
Applying Software Updates and Patches 174
Database Hardening 174
SQL Injection 175
Anti-Malware 177
Antivirus 178
Anti-spyware 178
Anti- Malware: Sanitization 181
Embedded Device Security 182
Meters 184
Network Hardening 189
OT/IT Network Security 189
Server Security 191
Hardening the Server OS 193
Logical Server Access Control 194
Hardening Network Connectivity Devices 196
Review Questions 201
Exam Questions 202
Chapter 5 Cybersecurity Essentials for ICS 205
Introduction 207
Basic Security Tenets 208
Confidentiality, Integrity, and Availability 208
Availability in ICS Networks 209
Nonrepudiation 210
Principle of Least Privilege 211
Separation of Duties 211
Vulnerability and Threat Identification 212
Nation- States 213
Cyberterrorists 213
Cybercriminals 214
Insider Threats 216
Events, Incidents, and Attacks 217
Threat Vectors 217
Weaponization 230
Delivery 230
Exploitation 231
Installation 232
Command and Control 233
Actions on Objectives 233
Attack Methods 234
Unauthorized Access 251
Cryptographics 260
Encryption 262
Digital Certificates 264
Public Key Infrastructure 264
Hashing 266
Resource Constraints 267
Review Questions 268
Exam Questions 268
Chapter 6 Physical Security 271
Introduction 272
Infrastructure Security 273
Access Control 274
Physical Security Controls 276
Authentication Systems 278
Remote Access Monitoring and Automated Access Control Systems 286
Intrusion Detection and Reporting Systems 289
Security Controllers 290
Video Surveillance Systems 295
Cameras 297
IP Cameras 297
Pan- Tilt- Zoom Cameras 298
Physical Security for ICS 306
Industrial Processes/Generating Facilities 307
Control Center/Company Offices 307
Nerc Cip-006-1 309
Review Questions 311
Exam Questions 312
Chapter 7 Access Management 315
Introduction 316
Access Control Models 317
Mandatory Access Control 317
Discretionary Access Control 318
Role- Based Access Control 318
Rule- Based Access Control 319
Attribute- Based Access Control 319
Context- Based Access Control 320
Key Security Components within Access Controls 320
Directory Services 321
Active Directory 321
Linux Directory Services 324
Application Runtime and Execution Control 326
User Access Management 326
Establishing User and Group Accounts 328
Group Account Security 330
Network Authentication Options 331
Establishing Resource Controls 332
ICS Access Control 334
Remote ICS Access Control 336
Access Control for Cloud Systems 340
Review Questions 343
Exam Questions 344
Chapter 8 ICS Security Governance and Risk Management 347
Introduction 348
Security Policies and Procedure Development 348
Requirements 349
Exceptions and Exemptions 350
Standards 351
ICS Security Policies 356
Risk Management 357
Asset Identification 358
Risk Assessment 359
Risk Identification Vulnerability Assessment 362
Impact Assessment 363
ICS Risk Assessments 364
Risk Mitigation 366
Nerc Cip-008 367
Review Questions 369
Exam Questions 370
Chapter 9 ICS Security Assessments 373
Introduction 374
Security Assessments 374
ICS Device Testing 376
Vulnerability 376
Supply Chain 377
Communication Robustness Testing 382
Fuzzing 382
ICS Penetration Testing 384
The Pentest Process 385
Security Testing Tools 392
Packet Sniffers 392
Network Enumeration/Port Scanning 393
Port Scanning 395
Vulnerability Scanning 395
Review Questions 401
Exam Questions 402
Chapter 10 ICS Security Monitoring and Incident Response 405
Introduction 407
ICS Lifecycle Challenges 408
Change Management 408
Establishing a Security Baseline 409
Change Management Documentation 411
Configuration Change Management 412
Controlling Patch Distribution and Installation for Systems 414
Monitoring 419
Event Monitoring 420
Network Monitoring 421
Security Monitoring 423
Logging and Auditing 424
Event Logging 425
Incident Management 433
The Incident Response Lifecycle 434
Preparation 435
Incident Response 442
Recovery 445
Post- Incident Activities 446
Review Questions 449
Exam Questions 450
Chapter 11 Disaster Recovery and Business Continuity 453
Introduction 454
Business Continuity Plans 455
System Redundancy 455
Local Virtualized Storage 459
System Backup and Restoration 462
Backup Options 463
Backup Media Rotation 466
Securing Backup Media 467
Other BCP Considerations 467
Disaster Recovery 469
Planning 470
Documenting the Disaster Recovery Plan 472
The Disaster Response/Recovery Team 473
Nerc Cip-009-6 475
Review Questions 477
Exam Questions 478
Appendix A GICSP Objective Map 481
ICS410.1 ICS: Global Industrial Cybersecurity Professional (GICSP) Objectives 482
Overview 482
ICS410.2: Architecture and Field Devices 483
ICS410.3: Communications and Protocols 484
ICS410.4: Supervisory Systems 485
ICS410.5: Security Governance 485
Appendix B Glossary 487
Appendix C Standards and References 533
Reference Links 536
Appendix D Review and Exam Question Answers 539
Chapter 1: Industrial Control Systems 540
Review Question Answers 540
Exam Question Answers 541
Chapter 2: ICS Architecture 542
Review Question Answers 542
Exam Question Answers 544
Chapter 3: Secure ICS Architecture 545
Review Question Answers 545
Exam Question Answers 547
Chapter 4: ICS Modules and Element Hardening 548
Review Question Answers 548
Exam Question Answers 550
Chapter 5: Cybersecurity Essentials for ICS 551
Review Question Answers 551
Exam Question Answers 553
Chapter 6: Physical Security 554
Review Question Answers 554
Exam Question Answers 556
Chapter 7: Access Management 556
Review Question Answers 556
Exam Question Answers 558
Chapter 8: ICS Security Governance and Risk Management 559
Review Question Answers 559
Exam Question Answers 560
Chapter 9: ICS Security Assessments 561
Review Question Answers 561
Exam Question Answers 563
Chapter 10: ICS Security Monitoring and Incident Response 564
Review Question Answers 564
Exam Question Answers 565
Chapter 11: Disaster Recovery and Business Continuity 567
Review Question Answers 567
Exam Question Answers 568
Index 571
