Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS, 1st Edition (Hardback) book cover

Cybersecurity for Industrial Control Systems

SCADA, DCS, PLC, HMI, and SIS, 1st Edition

By Tyson Macaulay, Bryan L. Singer

Auerbach Publications

203 pages | 35 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9781439801963
pub: 2011-12-13
SAVE ~$19.39
eBook (VitalSource) : 9780429163807
pub: 2016-04-19
from $48.48

FREE Standard Shipping!


As industrial control systems (ICS), including SCADA, DCS, and other process control networks, become Internet-facing, they expose crucial services to attack. Threats like Duqu, a sophisticated worm found in the wild that appeared to share portions of its code with the Stuxnet worm, emerge with increasing frequency.

Explaining how to develop and implement an effective cybersecurity program for ICS, Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS provides you with the tools to ensure network security without sacrificing the efficiency and functionality of ICS.

Highlighting the key issues that need to be addressed, the book begins with a thorough introduction to ICS. It discusses business, cost, competitive, and regulatory drivers and the conflicting priorities of convergence. Next, it explains why security requirements differ from IT to ICS. It differentiates when standard IT security solutions can be used and where SCADA-specific practices are required.

The book examines the plethora of potential threats to ICS, including hi-jacking malware, botnets, spam engines, and porn dialers. It outlines the range of vulnerabilities inherent in the ICS quest for efficiency and functionality that necessitates risk behavior such as remote access and control of critical equipment. Reviewing risk assessment techniques and the evolving risk assessment process, the text concludes by examining what is on the horizon for ICS security, including IPv6, ICSv6 test lab designs, and IPv6 and ICS sensors.


I had high hopes for this book since Bryan Singer is very experienced in ICS, ICS security, and IT security — and Bryan and co-author Tyson McCauley did not disappoint. To date this is clearly the best book on ICS Security by far. The two best things about this book are: 1) They got the facts right about both ICS and IT security. This is not as easy as it sounds as most books have failed or been simplistic in one area or another. 2) They provided the background information for a beginner to understand, but followed that up with significant technical detail and examples. It’s a good book for a beginner or intermediate in either area, and even those with years of experience in both areas will learn something. For me the best new info was the Overall Equipment Effectiveness (OEE) and Security OEE as a future risk assessment technique in Chapter 4. … I could go on and on as I highlighted sentences throughout the chapter and was muttering yes as I read. … This is clearly the book to get or give if you want to read about ICS security today.

—Dale G Peterson, writing on

(For the full review, visit:

Table of Contents


Where This Book Starts and Stops

Our Audience

What Is an Industrial Control System?

Is Industrial Control System Security Different Than Regular IT Security?

Where Are ICS Used?

ICS Compared to Safety Instrumented Systems

What Has Changed in ICS That Raises New Concerns?

Naming, Functionality, and Components of Typical ICS / SCADA Systems

Analogue versus IP Industrial Automation

Convergence 101: It’s Not Just Process Data Crowding onto IP

Convergence by Another Name

Taxonomy of Convergence

The Business Drivers of IP Convergence

Cost Drivers

Competitive Drivers

Regulatory Drivers

The Conflicting Priorities of Convergence

ICS Security Architecture and Convergence

The Discussions to Follow in This Book


Threats to ICS

Threats to ICS: How Security Requirements Are Different from ICS to IT

Threats to ICS

Threat-To and Threat-From

The Most Serious Threat to ICS

Hi-Jacking Malware

No Room for Amateurs

Taxonomy of Hi-Jacking Malware and Botnets

The Reproductive Cycle of Modern Malware

A Socks 4/Sock 5/HTTP Connect Proxy

SMTP Spam Engines

Porn Dialers

Conclusions on ICS Threats


ICS Vulnerabilities

ICS Vulnerability versus IT Vulnerabilities

Availability, Integrity, and Confidentiality

Purdue Enterprise Reference Architecture (PERA)1

Data at Rest, Data in Use, Data in Motion

Distinguishing Business, Operational, and Technical Features of ICS

ICS Vulnerabilities

Taxonomy of Vulnerabilities

ICS Technical Vulnerability Class Breakdown

IT Devices on the ICS Network

Interdependency with IT

Green Network Stacks

Protocol Inertia

Limited Processing Power and Memory Size

Storms/DOS of Various Forms


MITM and Packet Injection



Risk Assessment Techniques


Contemporary ICS Security Analysis Techniques

INL National SCADA Test Bed Program: Control System

Security Assessment

INL Vulnerability Assessment Methodology

INL Metrics-Based Reporting for Risk Ass

CCSP Cyber Security Evaluation Tool (CSET)8

Evolving Risk Assessment Processes

Security Assurance Level

SAL-Based Assessments

SAL Workflow

Future of SAL

Security OEE

Putting OEE Metrics Together

Network-Centric Compromise Indicators

Other Network Infrastructure That Can Be Used for Network-Centric Analysis and ICS Security

Network-Centric Assessment Caveats



What Is Next in ICS Security?

The Internet of Things (IOT)


ICS v6 Test Lab Designs

IPv6 and ICS Sensors

A Few Years Yet…


About the Authors

Tyson Macaulay is the security liaison officer (SLO) for Bell Canada. In this role, he is responsible for technical and operational risk management solutions for Bell’s largest enterprise clients. Macaulay leads security initiatives addressing large, complex, technology solutions including physical and logical (IT) assets, and regulatory/legal compliance requirements. He supports engagements involving multinational companies and international governments.

Macaulay also supports the development of engineering and security standards through the Professional Engineers of Ontario and the International Standards Organization (ISO) SC 27 Committee. Macaulay leadership encompasses a broad range of industry sectors from the defense industry to high-tech start-ups. His expertise includes operational risk management programs, technical services, and incident management processes. He has successfully served as prime architect for large-scale security implementations in both public and private sector institutions, working on projects from conception through development to implementation. Macaulay is a respected thought leader with publications dating from 1993. His work has covered authorship of peer-reviewed white papers, IT security governance programs, technical and integration services, and incident management processes. Further information on Macaulay publications and practice areas can be found online at:

Previously, Macaulay served as director of risk management for a U.S. defense contractor in Ottawa, Electronic Warfare Associates (EWA; 2001–2005), and founded General Network Services (GNS; 1996–2001). Macaulay career began as a research consultant for the Federal Department of Communications (DoC) on information networks, where he helped develop the first generation of Internet services for the DoC in the 1990s.

Bryan L. Singer, CISM, CISSP, CAP, is principal consultant for Kenexis Consulting Corporation. Singer has more than 15 years experience in information technology security, including 7 years specializing in industrial automation and control systems security, critical infrastructure protection, and counterterrorism. His background focuses on software development, network design, information security, and industrial security. Industry experience includes health care, telecommunications, water/wastewater, automotive, food and beverage, pharmaceuticals, fossil and hydropower generation, oil and gas, and several others. He has specialized in process intelligence and manufacturing disciplines such as historians, industrial networking, power and energy management (PEMS), manufacturing enterprise systems (MES), laboratory information management systems (LIMS), enterprise resource planning (ERP), condition-based monitoring (CBM), and others.

Singer began his professional career with the U.S. Army as an intelligence analyst. After the military, he worked in various critical infrastructure fields in software development and systems design, including security. Singer has worked for great companies such as EnteGreat, Rockwell Automation, FluidIQs, and Wurldtech before joining Kenexis Consulting and cofounding Kenexis Security in 2008. At Kenexis, he is responsible for development, deployment, and management of industrial network design and security services from both a safety and a system architecture perspective.

Singer is also the cochairman of ISA-99 Security Standard, a former board member of the Department of Homeland Security’s Process Control Systems Forum, member of Idaho National Labs recommended practices commission, U.S. technical expert to IEC, North American Electronics Reliability Corporation (NERC) drafting team member for NERC CIP, and other industry roles.

Subject Categories

BISAC Subject Codes/Headings:
COMPUTERS / Security / General
COMPUTERS / Speech & Audio Processing
SOCIAL SCIENCE / Criminology