Many catastrophic events associated with electrical, natural gas, water and sewage are due to cyber events that are intentional and unintentional. Compliance with government regulations may give a false sense to industry, government and the public that our infrastructure is secure from cyber threats. While multiple industries use similar industrial controls, there is little sharing of information regarding instances of cyber threats or how to deal with them. Information Security Professionals and Industrial Control Professionals don't have a forum to talk with each other.
The one question that lingers after reading this book is why haven't manufacturers of industrial control systems responded with hardware and software to protect systems against cyber threats.
Protecting Industrial Control Systems from Electronic Threats by Joseph Weiss
Certainly there appears to be a market for and a need to protect industrial control systems from such attacks. The answer alluded to it that the focus is on compliance with government regulations at the expense of security. It may also be because the upgrades required are expensive and regulatory bodies are not willing to include these expenditures in customer rate bases at least for power.
Also the bar or need to protect industrial control systems has already been raised by the discovery of the Stuxnet worm.
Frequently bought together
This worm attacked programmable logic controller which are a part of industrial control systems. While the book does not mention Stuxnet, it's message is all the more compelling now that the worm is in the wild and variants of it may follow. Industrial control systems ICS execute large-scale manufacturing and commodity product delivery processes. They run electronic power grids, nuclear power plants, water and sewage treatment plants, transportation signaling, and numerous other recognizably critical infrastructures.
Joe Weiss walks the layman effortlessly through the world of ICS cyber-components: Along the way, he points out the cybersecurity vulnerabilities inherent in the design and operation of these systems.
With examples that can be directly traced to headline news, he describes how easy it is to disrupt these systems with simple cybersecurity hacks. Though it may seem odd to the reader that such obviously critical systems are so easily disrupted, the way that Weiss explains the evolution of ICS and the myths that surround attempts at ICS technical security evaluation, his story line makes sense.
For example, a typical software program lives years before a major architectural change. A typical industrial control system lives That means that the technology components in an ICS are likely to be at least 10 years old, very outdated by technology standards, and correspondingly vulnerable to today's sophisticated cyber-attacks.
- Bruce El Perro Karateca (Spanish Edition).
- Deep In The Heart of Me.
- Recommendations for Protecting Against ICS Security Threats.
- Lessons of the Street:Officer Survival & Training Volume 2!
In addition, cybersecurity threats to ICS are not the same as cybersecurity threats to mainstream information technology. An ICS is typically much more sensitive to very small changes in electronic components. Hence, technology controls that are often proscribed for mainstream information assurance, like scanning and patching, can actually harm these systems more than they help them. Weiss does a great job of bringing attention to this serious national security issue. The book is as engaging as it is rare. It will benefit anyone who is interested in critical infrastructure protection or systems security engineering.
Kindle Edition Verified Purchase. In my current postion I am a member of a team assigned to protect Cybersecurity assets in an ICS environment so I made sure that I purchased the book when it was released. I liked the book and recommend it for any individual that has a strong background in IT security such as myselft yet little or no experience with ICS. The case studies serve to highlight the fact that ICS can and have been subject to "attack".
Typical Distributed Control Systme Procurement Specification provided insights for me to what I need to pay closer attention to when new systems or systems upgrades occur. I could not agree more that a training program needs to be in place to allow security staff not only assure compliance but to know that the systems are secure. See all 8 reviews.
Protecting Industrial Control Systems From Electronic Threats
Most recent customer reviews. Published on February 18, Published on March 19, Published on October 4, Published on August 27, Published on June 25, Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more about Amazon Giveaway. Set up a giveaway. Customers who bought this item also bought. Buildings and Infrastructure Protection Series: Pages with related products.
- Customers who viewed this item also viewed.
- The Beginnings of Jewishness: Boundaries, Varieties, Uncertainties (Hellenistic Culture and Society).
- See a Problem?.
- Praxeology and the Rothbardians.
- Protecting Industrial Control Systems From Electronic Threats.
Want to Read Currently Reading Read. Refresh and try again. Open Preview See a Problem? Thanks for telling us about the problem. Return to Book Page. This book is meant to help both the novice and expert in Information Technology IT security and industrial control systems ICS gain a better understanding of protecting ICSs from electronic threats. Hardcover , pages. Published June 1st by Momentum Press first published January 1st To see what your friends thought of this book, please sign up.
Lists with This Book. This book is not yet featured on Listopia. Aug 27, Benjamin rated it really liked it.
Excellent review of the landscape of industrial control system security, its challenges, and why we must act. This is Joseph Weiss' call to arms. Davor rated it it was ok Feb 04, Chris Poulin rated it it was ok Sep 17, Michael Swearingen rated it it was amazing Dec 06, Security is not the same for the industrial control systems ICS as it is for information technology IT. This difference in part arises from the unique characteristics that set IoT and IT environments apart from one another.
Take IT, for instance. One of the most important business drivers for securing systems in those types of environments is mitigating risk and protecting data.