2nd Edition

Handbook of SCADA/Control Systems Security

Edited By Robert Radvanovsky, Jacob Brodsky Copyright 2016
    441 Pages
    by Routledge

    442 Pages 26 B/W Illustrations
    by Routledge

    This comprehensive handbook covers fundamental security concepts, methodologies, and relevant information pertaining to supervisory control and data acquisition (SCADA) and other industrial control systems used in utility and industrial facilities worldwide. A community-based effort, it collects differing expert perspectives, ideas, and attitudes regarding securing SCADA and control systems environments toward establishing a strategy that can be established and utilized.

    Including six new chapters, six revised chapters, and numerous additional figures, photos, and illustrations, the second edition serves as a primer or baseline guide for SCADA and industrial control systems security. The book is divided into five focused sections addressing topics in

    • Social implications and impacts

    • Governance and management

    • Architecture and modeling

    • Commissioning and operations

    • The future of SCADA and control systems security

    The book also includes four case studies of well-known public cyber security-related incidents.

    The Handbook of SCADA/Control Systems, Second Edition provides an updated and expanded source of essential concepts and information that are globally applicable to securing control systems within critical infrastructure protection programs. It presents best practices as well as methods for securing a business environment at the strategic, tactical, and operational levels.

    SOCIAL IMPLICATIONS AND IMPACTS. Introduction. Sociological and Cultural Aspects. Threat Vectors. Risk Management. International Implications of Securing Our SCADA/Control System Environments. Aurora Generator Test. GOVERNANCE AND MANAGEMENT. Disaster Recovery and Business Continuity of SCADA. Incident Response and SCADA. Forensics Management. Governance and Compliance. Project Management for SCADA Systems. ARCHITECTURE AND MODELING. Communications and Engineering Systems. Metrics Framework for a SCADA System. Networking Topology and Implementation. Active Defense in Industrial Control-System Networks. Open-Source Intelligence (OSINT). COMMISSIONING AND OPERATIONS. Obsolescence and Procurement of Industrial Control Systems. Patching and Change Management. Physical Security Management. Tabletop/Red–Blue Exercises. Integrity Monitoring. Data Management and Records Retention. CONCLUSION. The Future of SCADA and Control Systems Security. Appendices.


    Robert Radvanovsky, CIPS, is an active security professional in the United States with knowledge in security, risk management, business continuity, disaster recovery planning, and remediation. He obtained his master’s degree in computer science from DePaul University in Chicago, and he has significantly contributed toward establishing several certification programs, specifically on the topics of critical infrastructure protection and critical infrastructure assurance. He has special interest and knowledge in matters of critical infrastructure and has published a number of articles and white papers regarding this topic, and has authored or coauthored several books in the field. Though he has been significantly involved in establishing security training and awareness programs through his company, Infracritical, he also works with several professional accreditation and educational institutions on the topics of homeland security, critical infrastructure protection and assurance, and cybersecurity.

    Jacob Brodsky began his career in computing and telecommunications at the Washington Suburban Sanitary Commission (WSSC) as an instrumentation and telecommunications technician while attending evening classes at the Johns Hopkins University Whiting School of Engineering, from which he received a bachelor’s degree in electrical engineering. He has worked on every aspect of SCADA and control systems for the WSSC, from the assembly language firmware of the remote terminal unit to the communications protocols and the telecommunications networks, including frequency-division multiplexing analog and digital microwave radios, the data networks, systems programming, protocol drivers, human–machine interface design, and programmable logic controller programming. He is a registered professional engineer of control systems in the state of Maryland, and has coauthored chapters on control systems for several books.