Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems
Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems. By Eric Knapp. Syngress, www.syngress.com; 360 pages; $49.95 .
The Stuxnet computer worm of mid-2010 was a huge wake-up call for the energy industry. It also catapulted SCADA from an obscure term to the forefront of industrial security. But nearly two years later, it is unclear if the energy sector is adequately prepared for sophisticated information security threats.
For those looking to get a handle on how to effectively secure critical infrastructure networks, Industrial Network Security is an excellent reference.
In the book’s forward, Dr. Anton Chuvakin writes that “one of the most mysterious areas of information security is industrial system security.” The reality is that industrial system security can be effectively secured, and the book shows the reader exactly how to do that. In 11 densely written chapters, the book covers all of the necessary areas in which to secure critical infrastructure systems.
The first three chapters provide an introduction to industrial security, SCADA, and control systems. Chapter four then goes into detail about industrial network protocols. The obscurity of these protocols was thought to be a boon to SCADA systems in the past in that attackers were oblivious to their inner workings. In today’s world, however, those who intend to attack can learn how to do it.
The book concludes with a chapter on common pitfalls and mistakes. This is a particularly valuable chapter because many companies look for quick and easy approaches to information security but do not provide adequate staff, budget, or time to get the job done. Firms that make those mistakes are likely to be victims of a security breach.
For those looking for a solid overview of the topic, Industrial Network Security is an excellent reference.
Reviewer: Ben Rothke, CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), is an information security manager with Wyndham Worldwide. The views expressed are exclusively his own.