Book Image

Industrial Cybersecurity

By : Pascal Ackerman
Book Image

Industrial Cybersecurity

By: Pascal Ackerman

Overview of this book

With industries expanding, cyber attacks have increased significantly. Understanding your control system’s vulnerabilities and learning techniques to defend critical infrastructure systems from cyber threats is increasingly important. With the help of real-world use cases, this book will teach you the methodologies and security measures necessary to protect critical infrastructure systems and will get you up to speed with identifying unique challenges.Industrial cybersecurity begins by introducing Industrial Control System (ICS) technology, including ICS architectures, communication media, and protocols. This is followed by a presentation on ICS (in) security. After presenting an ICS-related attack scenario, securing of the ICS is discussed, including topics such as network segmentation, defense-in-depth strategies, and protective solutions. Along with practical examples for protecting industrial control systems, this book details security assessments, risk management, and security program development. It also covers essential cybersecurity aspects, such as threat detection and access management. Topics related to endpoint hardening such as monitoring, updating, and anti-malware implementations are also discussed.
Table of Contents (19 chapters)
Title Page
About the Author
About the Reviewers
Customer Feedback

ICS application patching

After discovering vulnerabilities, the most effective mitigation process is to patch or update the vulnerable applications. If the application was developed in-house, a change request should be send to the development team. If neither a patch nor a fix is applicable, a compensating control should be applied. Compensating controls can consist of adding a firewall rule to block access to the vulnerable service of the application or the decision to shop around for a better product. Sometimes the compensating control can be the decision to do nothing at all. The decision of what to do depends on the criticality of the application and the specifics of the vulnerability.

ICS patch management is a complex process, largely because of the uptime requirements and the sensitive nature of the ICS equipment. Not including those found in level 3 - site operations, applications, systems, and devices in the industrial zone of an ICS are unlikely to be able to receive automatic updates...