Handbook of SCADA/Control Systems Security

Edited by Robert Radvanovsky, Jacob Brodsky

© 2013 – CRC Press

383 pages | 17 B/W Illus.

Purchasing Options:
Hardback: 9781466502260
pub: 2013-02-19

e–Inspection Copy

About the Book

The availability and security of many services we rely upon—including water treatment, electricity, healthcare, transportation, and financial transactions—are routinely put at risk by cyber threats. The Handbook of SCADA/Control Systems Security is a fundamental outline of security concepts, methodologies, and relevant information pertaining to the supervisory control and data acquisition (SCADA) systems and technology that quietly operate in the background of critical utility and industrial facilities worldwide.

Divided into five sections, the book examines topics comprising functions within and throughout industrial control systems (ICS) environments. Topics include:

  • Emerging trends and threat factors that plague the ICS security community
  • Risk methodologies and principles that can be applied to safeguard and secure an automated operation
  • Methods for determining events leading to a cyber incident, and methods for restoring and mitigating issues—including the importance of critical communications
  • The necessity and reasoning behind implementing a governance or compliance program
  • A strategic roadmap for the development of a secured SCADA/control systems environment, with examples
  • Relevant issues concerning the maintenance, patching, and physical localities of ICS equipment
  • How to conduct training exercises for SCADA/control systems

The final chapters outline the data relied upon for accurate processing, discusses emerging issues with data overload, and provides insight into the possible future direction of ISC security.

The book supplies crucial information for securing industrial automation/process control systems as part of a critical infrastructure protection program. The content has global applications for securing essential governmental and economic systems that have evolved into present-day security nightmares. The authors present a "best practices" approach to securing business management environments at the strategic, tactical, and operational levels.


I wish that each SCADA developer read this book while developing the software, as the focus on functionality is remarkable in this collection. It explains in an easy way what happens when ‘there are some security and reliability issues around’ and what should be remembered so that it does not appear again. Every aspect is well described with clear examples.

—IEEE Communications Magazine

After Stuxnet, everything has changed in the automation industry. Computer worms devastating power plants and many other sites reminded people managing industrial control systems (ICS) that they are equally as vulnerable as standard IT systems. The book edited by Radvanovsky and Brodsky provides, in a collection of various contributions, a thorough guide on how to design supervisory control and data acquisition (SCADA) systems to prevent most security hazards, what to take into consideration while implementing various methods of authentication, and how to prepare and respond efficiently in case of ICS faults.

The book consists of five sections divided into eighteen compact chapters describing all the aspects of risks and assets related to designing and maintaining ICS. … In short, it is a guidebook on good (automated) security practice. I wish that each SCADA developer read this book while developing the software, as the focus on functionality is remarkable in this collection. It explains in an easy way what happens when ‘there are some security and reliability issues around’ and what should be remembered so that it does not appear again.

—Robert Wojcik writing in IEEE Communications Magazine, May 2014

Table of Contents

Social Implications and Impacts

Introduction; Robert Radvanovsky

Sociological and Cultural Aspects; Jacob Brodsky

Threat Vectors; Jim Butterworth

Risk Management; Wayne Boone

Governance and Management

Disaster Recovery and Business Continuity of SCADA; Steven Young

Incident Response and SCADA; Steven Young

Forensics Management; Craig Wright

Governance and Compliance; Wayne Boone

Architecture and Modeling

Communications and Engineering Systems; Jacob Brodsky

Metrics Framework for a SCADA System; Robert Radvanovsky

Network Topology and Implementation; Jacob Brodsky

Commissioning and Operations

Obsolescence and Procurement of SCADA; Bernie Pella

Patching and Change Management; Bernie Pella

Physical Security Management; Allan McDougall and Jeff Woodruff

Tabletop/Red-Blue Exercises; Robert Radvanovsky

Integrity Monitoring; Craig Wright

Data Management and Records Retention; Jacob Brodsky

Conclusion and References

The Future of SCADA and Control Systems Security; Robert Radvanovsky

Appendix A—Listing of Online Resources SCADA/Control Systems

Appendix B—Terms and Definitions


About the Editors

Robert Radvanovsky is an active professional in the United States with knowledge in security, risk management, business continuity, disaster recovery planning, and remediation. He has significantly contributed to establishing several certification programs, specifically on the topics of "critical infrastructure protection" and "critical infrastructure assurance." He has published a number of articles and white papers regarding this topic. Significantly involved in establishing security training and awareness programs through his company, his extracurricular activities also include working several professional accreditation and educational institutions, specifically on the topics of homeland security, critical infrastructure protection and assurance, and cyber security.

Jacob Brodsky has worked on every aspect of SCADA and control systems for Washington Suburban Sanitary Commission (WSSC)—from the assembly language firmware of the RTU, to the communications protocols, the telecommunications networks, the data networks, systems programming, protocol drivers, HMI design, and PLC programming. In 2012, he was elected chairman of the DNP User group. Jake has contributed to the NIST SP 800-82 effort and to the ISA-99 effort. He is a registered professional engineer of control systems in the state of Maryland.

Subject Categories

BISAC Subject Codes/Headings:
COMPUTERS / Security / General
SOCIAL SCIENCE / Disasters & Disaster Relief