Book Image

Industrial Cybersecurity

By : Pascal Ackerman
Book Image

Industrial Cybersecurity

By: Pascal Ackerman

Overview of this book

With industries expanding, cyber attacks have increased significantly. Understanding your control system’s vulnerabilities and learning techniques to defend critical infrastructure systems from cyber threats is increasingly important. With the help of real-world use cases, this book will teach you the methodologies and security measures necessary to protect critical infrastructure systems and will get you up to speed with identifying unique challenges.Industrial cybersecurity begins by introducing Industrial Control System (ICS) technology, including ICS architectures, communication media, and protocols. This is followed by a presentation on ICS (in) security. After presenting an ICS-related attack scenario, securing of the ICS is discussed, including topics such as network segmentation, defense-in-depth strategies, and protective solutions. Along with practical examples for protecting industrial control systems, this book details security assessments, risk management, and security program development. It also covers essential cybersecurity aspects, such as threat detection and access management. Topics related to endpoint hardening such as monitoring, updating, and anti-malware implementations are also discussed.
Table of Contents (19 chapters)
Title Page
About the Author
About the Reviewers
Customer Feedback

Segregation exercise

Absolute adherence to the bubble model will theoretically guarantee the integrity and security of any system in the secured area. In practice though, this can become a daunting task, especially as the size of the secured area increases. To make the task at hand more manageable, one must carefully determine what systems should go into the secured area (the CPwE-defined manufacturing zone) and which should stay out (placed in the enterprise zone).

As a rule of thumb, systems that cannot be secured by conventional strategies, such as patching and Antivirus deployment, should be placed in the manufacturing zone. For the remaining systems, it should be determined whether placing them in the enterprise zone versus the manufacturing zone has an adverse effect on the operability of the ICS or the amount of traffic to flow through the conduit (IDMZ), which dictates whether that system is to be placed in the manufacturing zone or the enterprise zone:

As an example, consider an ICS...