- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Industrial Network Security, Second Edition
About this book
These days one only needs to read the newspaper headlines to appreciate the importance of industrial network security. Almost daily an article comes out describing the threat to our critical infrastructure, from spies in our electrical grid to the looming threat of cyber war. Whether we talk about process control systems that run chemical plants and refineries, supervisory control and data acquisition (SCADA) systems for utilities, or factory automation systems for discrete manufacturing, the backbone of our nation's critical infrastructure consists of these industrial networks and is dependent on their continued operation. This easy-to-read book introduces managers, engineers, technicians, and operators to methods for keeping our industrial networks secure amid rising threats from hackers, disgruntled employees, and even cyber terrorists.
Frequently asked questions
Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
- Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
- Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weāve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere ā even offline. Perfect for commutes or when youāre on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Industrial Network Security, Second Edition by David Teumim in PDF and/or ePUB format, as well as other popular books in Technology & Engineering & Mechanical Engineering. We have over one million books available in our catalogue for you to explore.
Information
1.0
Industrial Network Security
1.1What Are Industrial Networks?
To define industrial network security, one first has to define industrial networks. For the purposes of this book, industrial networks are the instrumentation, control, and automation networks that exist within three industrial domains:
ā¢Chemical Processing ā The industrial networks in this domain are control systems that operate equipment in chemical plants, refineries, and other industries that involve continuous and batch processing, such as food and beverage, pharmaceutical, pulp and paper, and so on. Using terms from ANSI/ISA-84.00.01-2004 Part 1(6), industrial networks include the Basic Process Control System (BPCS) and the Safety Instrumented Systems (SIS) that provide safety backup.
ā¢Utilities ā These industrial networks serve distribution systems spread out over large geographic areas to provide essential services, such as water, wastewater, electric power, and natural gas, to the public and industry. Utility grids are usually monitored and controlled by Supervisory Control And Data Acquisition (SCADA) systems.
ā¢Discrete Manufacturing ā Industrial networks that serve plants that fabricate discrete objects ranging from autos to zippers.
The term Industrial Automation and Control Systems (IACS) is used by ISA in its committee name and in the recently issued standards and technical report series from the ISA99 Industrial Automation and Control Systems Security standards and technical committee (also, simply ISA99). This term is closely allied with the term Industrial Networks.
The standard, ANSI/ISA-99.00.01-2007-Security for Industrial Automation and Control Systems, Part 1(1), defines the term Industrial Automation and Control Systems to include ācontrol systems used in manufacturing and processing plants and facilities, building environmental control systems, geographically dispersed operations such as utilities (i.e., electricity, gas, and water), pipelines and petroleum production and distribution facilities, and other industries and applications such as transportation networks, that use automated or remotely controlled or monitored assets.ā This standard will be referred to as āISA-99 Part 1ā in the book.
The technical report ANSI/ISA-TR99.00.01-2007 Security Technologies for Industrial Automation and Control Systems (4) succeeds the 2004 version of the document referenced in the first edition of this book. This report will be referred to as āISA-99 TR1.ā Note: At the time of this writing, Part 2 of the ISA-99 standard has just been approved. Part 2 is titled Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program(5).
1.2What Is Industrial Network Security?
When we speak of industrial network security, we are referring to the rapidly expanding field that is concerned with how to keep industrial networks secure, and, by implication, how to keep the people, processes, and equipment that depend on them secure. Secure means free from harm or potential harm, whether it be physical or cyber damage to the industrial network components themselves, or the resultant disruption or damage to things that depend on the correct functioning of industrial networks to meet production, quality, and safety criteria.
Harm to industrial networks and to the related people, processes, or equipment might be through the following:
ā¢Malicious Acts ā Deliberate acts to disrupt service or to cause incorrect functioning of industrial networks. These might range from a ādenial-of-serviceā attack against a Human-Machine Interface (HMI) server to the deliberate downloading of a modified ladder logic program to a PLC (Programmable Logic Controller).
ā¢Accidental Events ā These may be anything from a āfat-fingeredā employee hitting the wrong key and crashing a server to a power line surge.
When we think of industrial networks and computer-controlled equipment, we usually think of what ISA99 documents call āelectronic security,ā but we should also include some aspects of two other branches of security: physical security and personnel security. These other two branches of security will be addressed in Chapter 2.
To illustrate the distinction, letās say we have a disgruntled employee who vents his anger in a chemical plant and:
1.turns a virus loose on the computer workstation that runs the HMI software, allowing the virus to spread through the industrial network;
2.takes a pipe wrench and breaks a liquid level sight glass on a storage tank, causing the liquid to leak out on the floor; and
3.pries open the door to an SIS system controller box and disables the overpressure shutdown by installing jumpers between isolated conductors and bypassing the audible alarms.
By our definition, acts 1 and 3 fall within our definition of industrial network security. Act 2 is deliberate sabotage, but it is physical sabotage of a mechanical indicating instrument, not of an industrial network. Act 3 involves some physical actions, such as breaking the lock and installing jumpers, but the jumpers then alter the electrical flow within an industrial network, a SIS system.
We acknowledge and stress the importance of physical protection of industrial network components, and also the personnel security that applies to the operators of these networks. However, physical and personnel security protective measures have been around for a long time, and information about these protective measures is readily available elsewhere. Chapter 2 introduces physical and personnel security as part of the entire security picture; however, the majority of this book covers the electronic security of industrial networks.
The ISA99 committee also acknowledges that these other branches of security, such as physical and personnel security, are necessary but similarly states that its standards are mainly concerned with the āelectronic securityā of industrial automation and control systems.
1.3The Big Picture: Critical Infrastructure Protection
It is best to introduce the subject of Critical Infrastructure Protection from a historical perspective. In 1996, President Clinton issued PDD63 (Presidential Decision Directive 63) on Critical Infrastructure Protection(2), declaring that the United States had critical infrastructure that is vital to the functioning of the nation and must be protected. PDD63 identified eight critical infrastructure sectors, including these infrastructures using industrial networks:
ā¢Gas and Oil Storage & Delivery
ā¢Water Supply Systems
ā¢Electrical Energy
Along with these three were also government operations, banking and finance, transportation, telecommunications, and emergency services.
In February 2003, President Bush released The National Strategy to Secure Cyberspace(3). In it, some additional critical sectors were listed that use industrial networks, including:
ā¢Chemical Industry
ā¢Defense Industrial Base
ā¢Food Production
Figure 1-1 shows how those original and additional critical infrastructure sectors map to the three industrial domainsāchemical processing, utilities and discrete manufacturingāwe described in Section 1.1 as using industrial networks.
Figure 1-1. Industrial Domain vs. National Critical Infrastructure Areas Using Industrial Networks
The list of critical infrastructure sectors has continued to evolve since February 2003, with the federal government adding ācritical manufacturingā to the list in 2008.
A glance at history shows how much the critical infrastructure sectors depend on each otherātake one critical sector away and others may come tumbling down like dominoes. The Northeast Blackout of August 2003 showed how a failure of one sector may cascade to others. When the power went out in Cleveland, the water supply pumps in that city also shut down, since they ran on electricity. Similarly, the transportation sector in New York was affected when traffic lights ceased functioning and gas stations couldnāt pump gas, since both were electrically operated.
What conclusions can we draw from this discussion of critical infrastructure?
We can conclude that securing industrial networks in our three domains of interest is a prerequisite for securing critical infrastructure at the national level. And this is true for all industrialized nations. In fact, the more automated and computer-dependent a nationās critical infrastructure is, the more it depends on developing and applying industrial network security to ensure its functioning in a new age of worldwide terrorism.
1.4The Challenge: āOpen and Secureā
Letās look at what has happened in the field of industrial networks in the last 12 years or so.
ā¢COTS. Proprietary systems have given way to commercial off-the-shelf (COTS) hardware and software in industrial networks. Now we see everything from Microsoft Windows Ā® to different flavors of Linux and Unix for operating systems, along with Eth...
Table of contents
- Cover
- Title Page
- Copyright
- Acknowledgments
- Table of Contents
- Preface
- Chapter 1.0 Industrial Network Security
- Chapter 2.0 A Security Backgrounder
- Chapter 3.0 COTS and Connectivity
- Chapter 4.0 Cybersecurity in a Nutshell
- Chapter 5.0 Countermeasures
- Chapter 6.0 Cyberdefense Part I ā Design and Planning
- Chapter 7.0 Cyberdefense Part II ā Technology
- Chapter 8.0 Cyberdefense Part III ā People, Policies, and Security Assurance
- Chapter 9.0 New Topics in Industrial Network Security
- Chapter 10.0 Defending Industrial NetworksāCase Histories
- Appendix A ā Acronyms
- About the Author