This comprehensive handbook covers fundamental security concepts, methodologies, and relevant information pertaining to supervisory control and data acquisition (SCADA) and other industrial control systems used in utility and industrial facilities worldwide. A community-based effort, it collects differing expert perspectives, ideas, and attitudes regarding securing SCADA and control systems environments toward establishing a strategy that can be established and utilized.
Including six new chapters, six revised chapters, and numerous additional figures, photos, and illustrations, the second edition serves as a primer or baseline guide for SCADA and industrial control systems security. The book is divided into five focused sections addressing topics in
- Social implications and impacts
- Governance and management
- Architecture and modeling
- Commissioning and operations
- The future of SCADA and control systems security
The book also includes four case studies of well-known public cyber security-related incidents.
The Handbook of SCADA/Control Systems, Second Edition provides an updated and expanded source of essential concepts and information that are globally applicable to securing control systems within critical infrastructure protection programs. It presents best practices as well as methods for securing a business environment at the strategic, tactical, and operational levels.
SOCIAL IMPLICATIONS AND IMPACTS. Introduction. Sociological and Cultural Aspects. Threat Vectors. Risk Management. International Implications of Securing Our SCADA/Control System Environments. Aurora Generator Test. GOVERNANCE AND MANAGEMENT. Disaster Recovery and Business Continuity of SCADA. Incident Response and SCADA. Forensics Management. Governance and Compliance. Project Management for SCADA Systems. ARCHITECTURE AND MODELING. Communications and Engineering Systems. Metrics Framework for a SCADA System. Networking Topology and Implementation. Active Defense in Industrial Control-System Networks. Open-Source Intelligence (OSINT). COMMISSIONING AND OPERATIONS. Obsolescence and Procurement of Industrial Control Systems. Patching and Change Management. Physical Security Management. Tabletop/Red–Blue Exercises. Integrity Monitoring. Data Management and Records Retention. CONCLUSION. The Future of SCADA and Control Systems Security. Appendices.