cta quote button

Best SCADA Books to Read

Read More

How Much Does It Cost to Hire Web Developers in Ukraine?

Our pricing is completely transparent: you pay your engineers’ salaries and a flat monthly fee for our services. No hidden charges.

Read More

1. Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions (2016)

Secure your ICS and SCADA systems the battle-tested Hacking Exposed™ way

This hands-on guide exposes the devious methods cyber threat actors use to compromise the hardware and software central to petroleum pipelines, electrical grids, and nuclear refineries. Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets and Solutions shows, step-by-step, how to implement and maintain an ICS-focused risk mitigation framework that is targeted, efficient, and cost-effective. The book arms you with the skills necessary to defend against attacks that are debilitating―and potentially deadly. See how to assess risk, perform ICS-specific threat modeling, carry out penetration tests using “ICS safe” methods, and block malware. Throughout, the authors use case studies of notorious attacks to illustrate vulnerabilities alongside actionable, ready-to-deploy countermeasures.

Learn how to:
• Assess your exposure and develop an effective risk management plan
• Adopt the latest ICS-focused threat intelligence techniques
• Use threat modeling to create realistic risk scenarios
• Implement a customized, low-impact ICS penetration-testing strategy
• See how attackers exploit industrial protocols
• Analyze and fortify ICS and SCADA devices and applications
• Discover and eliminate undisclosed “zero-day” vulnerabilities
• Detect, block, and analyze malware of all varieties

Author(s): Clint Bodungen, Bryan Singer

2. Cybersecurity for Hospitals and Healthcare Facilities: A Guide to Detection and Prevention (2016)

Learn how to detect and prevent the hacking of medical equipment at hospitals and healthcare facilities. A cyber-physical attack on building equipment pales in comparison to the damage a determined hacker can do if he/she gains access to a medical-grade network as a medical-grade network controls the diagnostic, treatment, and life support equipment on which lives depend.

News reports inform us how hackers strike hospitals with ransomware that prevents staff from accessing patient records or scheduling appointments. Unfortunately, medical equipment also can be hacked and shut down remotely as a form of extortion. Criminal hackers will not ask for a $500 payment to unlock an MRI, PET or CT scan, or X-ray machine―they will ask for much more.

Litigation is bound to follow and the resulting punitive awards will drive up hospital insurance costs and healthcare costs in general. This will undoubtedly result in increased regulations for hospitals and higher costs for compliance. Unless hospitals and other healthcare facilities take the steps necessary to secure their medical-grade networks, they will be targeted for cyber-physical attack, possibly with life-threatening consequences.

Cybersecurity for Hospitals and Healthcare Facilities is a wake-up call explaining what hackers can do, why hackers would target a hospital, the way hackers research a target, ways hackers can gain access to a medical-grade network (cyber-attack vectors), and ways hackers hope to monetize their cyber-attack. By understanding and detecting the threats, you can take action now―before your hospital becomes the next victim.

What You Will Learn:

  • Determine how vulnerable hospital and healthcare building equipment is to cyber-physical attack
  • Identify possible ways hackers can hack hospital and healthcare facility equipment
  • Recognize the cyber-attack vectors―or paths by which a hacker or cracker can gain access to a computer, a medical-grade network server, or expensive medical equipment in order to deliver a payload or malicious outcome
  • Detect and prevent man-in-the-middle or denial-of-service cyber-attacks
  • Find and prevent hacking of the hospital database and hospital web application

Who This Book Is For:

Hospital administrators, healthcare professionals, hospital & healthcare facility engineers and building managers, hospital & healthcare facility IT professionals, and HIPAA professionals

Author(s): Luis Ayala

3. SCADA: Supervisory Control and Data Acquisition, 3rd Edition (2004)

Supervisory control and data acquisition (SCADA) technology has evolved over the past 30 years as a method of monitoring and controlling large processes. This newly revised reference book offers overviews of SCADA’s component technologies, as well as details necessary to understand the big picture. SCADA processes cover areas that may be measured in the thousands of square miles, and have dimensions that may be hundreds, occasionally thousands, of miles long. Now a mature technology, SCADA includes, but is not limited to, software packages that can be incorporated in a larger system. After completing its 14 self-study units, readers should be conversant with SCADA nomenclature and architecture, understand the basic technology of the system’s building blocks, understand its limitations, understand how it can benefit particular operations, and have a basis for selecting appropriate SCADA technologies for their operational requirements.

Author(s): Stuart A. Boyer

4. Cyber-Physical Attacks: A Growing Invisible Threat (2015)

Cyber-Physical Attacks: A Growing Invisible Threat presents the growing list of harmful uses of computers and their ability to disable cameras, turn off a building’s lights, make a car veer off the road,  or a drone land in enemy hands. In essence, it details the ways cyber-physical attacks are replacing physical attacks in crime, warfare, and terrorism.

The book explores how attacks using computers affect the physical world in ways that were previously only possible through physical means. Perpetrators can now cause damage without the same risk, and without the political, social, or moral outrage that would follow a more overt physical attack.

Readers will learn about all aspects of this brave new world of cyber-physical attacks, along with tactics on how to defend against them. The book provides an accessible introduction to the variety of cyber-physical attacks that have already been employed or are likely to be employed in the near future.

  • Demonstrates how to identify and protect against cyber-physical threats
  • Written for undergraduate students and non-experts, especially physical security professionals without computer science background
  • Suitable for training police and security professionals
  • Provides a strong understanding of the different ways in which a cyber-attack can affect physical security in a broad range of sectors
  • Includes online resources for those teaching security management

Author(s): George Loukas PhD Imperial College UK; MEng NTUA Greece.

5. Cyber-Physical Attack Recovery Procedures: A Step-by-Step Preparation and Response Guide (2016)

This book provides a template with step-by-step instructions on how to respond and recover when hackers get into your SCADA system and cause building equipment to act erratically or fail completely. When hackers shut off the water, turn off the building power, disable the sewage effluent pumps and activate the fire alarm, you have to do something quick. It is even more alarming that hackers can do all those things at the same time―even from the other side of the planet.

Not every equipment failure or power outage is a cyber-physical attack. When your building is attacked, you probably won’t suspect it was a hacker―until you see a pattern. The building control system (BCS) will act “squirrelly” and you will know―it really is a cyber-physical attack.

Once a cyber-physical attack occurs, it can mean years of court cases, job losses, higher insurance rates, and maybe even criminal litigation. It also takes years to overcome the loss of safety credibility to your employees and the local community. Cyber-Physical Attack Recovery Procedures provides a detailed guide to taking the right steps ahead of time, and equipping your facility and employees with the training, knowledge, and tools they need and may save lives.

The book contains:

  • A one-of-a-kind action plan describing how hackers attack building equipment, the extent of damage possible, and how to respond when a cyber-physical attack occurs.
  • Detailed descriptions of cyber-physical attacks directed against SCADA systems or building controls, as well as cyber booby traps 
  • Invaluable appendices, including: Emergency Procedures, Team Staffing and Tasking, Alternate Site Procedures, a Documentation List, Software and Hardware Inventories, Vendor Contact Lists, External Support Agreements, and much more.

What you’ll learn

  • Possible ways hackers can cause building equipment to fail.
  • How to quickly assess the threat to his facilities in real time, how to stop a cyber-physical attack.
  • How to restore equipment operation without doing any more damage.

Who This Book Is For

Architects, Engineers, Building Managers, Students, Researchers and Consultants interested in cybersecurity-attacks against facilities in the real world. Also for IT professionals getting involved in cybersecurity responsibilities.

Author(s): Luis Ayala

6. Techno Security’s Guide to Securing SCADA: A Comprehensive Handbook On Protecting The Critical Infrastructure (2008)

Around the world, SCADA (supervisory control and data acquisition) systems and other real-time process control networks run mission-critical infrastructure–everything from the power grid to water treatment, chemical manufacturing to transportation. These networks are at increasing risk due to the move from proprietary systems to more standard platforms and protocols and the interconnection to other networks. Because there has been limited attention paid to security, these systems are seen as largely unsecured and very vulnerable to attack.

This book addresses currently undocumented security issues affecting SCADA systems and overall critical infrastructure protection. The respective co-authors are among the leading experts in the world capable of addressing these related-but-independent concerns of SCADA security. Headline-making threats and countermeasures like malware, sidejacking, biometric applications, emergency communications, security awareness llanning, personnel & workplace preparedness and bomb threat planning will be addressed in detail in this one of a kind book-of-books dealing with the threats to critical infrastructure protection. They collectivly have over a century of expertise in their respective fields of infrastructure protection. Included among the contributing authors are Paul Henry, VP of Technology Evangelism, Secure Computing, Chet Hosmer, CEO and Chief Scientist at Wetstone Technologies, Phil Drake, Telecommunications Director, The Charlotte Observer, Patrice Bourgeois, Tenable Network Security, Sean Lowther, President, Stealth Awareness and Jim Windle, Bomb Squad Commander, CMPD.

* Internationally known experts provide a detailed discussion of the complexities of SCADA security and its impact on critical infrastructure
* Highly technical chapters on the latest vulnerabilities to SCADA and critical infrastructure and countermeasures
* Bonus chapters on security awareness training, bomb threat planning, emergency communications, employee safety and much more
* Companion Website featuring video interviews with subject matter experts offer a “sit-down” with the leaders in the field

Author(s): Jack Wiles, Ted Claypoole

7. SCADA Principles for Bottle Filling System: PLC Programming | SCADA Implementation | Hardware Interfacing (2012)

It’s been more than a decade since 21st century and countries world over are on the brink of increasing their economy by setting up as many industries as possible and in contrast investors are eager to put as minimum amount of finances as possible due to inflation in the global market. However cutting down different financial attributes, investors and engineers both expect a favorable yield which proves sufficient not only for the growth of one’s industry but also in foreign trade. Hence this is where PLCs with SCADA kicks in by not only saving staggering amounts of finances to set up an automated industry; it also reduces the amount of labor and energy resources. An automated industry equipped with PLCs including a wide range of digital and analogue modules is more than capable of producing not twice, thrice but more than four times as compared to a normal industry which truly gives a wider edge to PLCs. Realizing the agile attributes of PLCs which is being used in almost every kind of industry whether its related to product packaging, assembling, textile, oil extractions, mining, etc.

Author(s): Adnan Shaffi, Afaq Khan

8. Machine, Meet Human: Designing a Useful Interface (2010)

“Machine, Meet Human: Designing a Useful Interface” is written to help anyone from any background get up to speed with the state of SCADA HMI graphics design and to teach the concepts of the most effective design ideas. The idea of graphic creation covered here is a holistic approach starting with the need. Then it progresses to understanding the aspects of the Machine and the Human; what makes them unique and what makes them similar. Finally we see how we can design with those understandings in mind to leverage existing habits and natural tendencies to create graphics that enhance efficiency and safety by working with the processing of the human component. This is not a “How-To”, but rather a “Why-To” for graphics design. It is not intended to build templates or libraries for you. Rather it is intended to enable and empower you to build your own graphics, templates, libraries and palettes on any system platform in any operational environment. If you have human machine interface graphics to design you will want to read this. Whether you’re an experienced designer or this is your first project, there is something here for you.

Author(s): Nathaniel O’Shaughnessey

9. Cyber Security: Analytics, Technology and Automation (Intelligent Systems, Control and Automation: Science and Engineering) (2016)

The book, in addition to the cyber threats and technology, processes cyber security from many sides as a social phenomenon and how the implementation of the cyber security strategy is carried out.

The book gives a profound idea of the most spoken phenomenon of this time. The book is suitable for a wide-ranging audience from graduate to professionals/practitioners and researchers. Relevant disciplines for the book are Telecommunications / Network security, Applied mathematics / Data analysis, Mobile systems / Security, Engineering / Security of critical infrastructure and Military science / Security.

Author(s): Martti Lehto, Pekka Neittaanmäki

10. Computer Security: ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Oslo, Norway, September 14-15, 2017, Revised Selected Papers (Lecture Notes in Computer Science) (2018)

This book constitutes the thoroughly refereed post-conference proceedings of the Third International Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems, CyberICPS 2017, and the First International Workshop on Security and Privacy Requirements Engineering, SECPRE 2017, held in Oslo, Norway, in September 2017, in conjunction with the 22nd European Symposium on Research in Computer Security, ESORICS 2017.
The CyberICPS Workshop received 32 submissions from which 10 full and 2 short papers were selected for presentation. They cover topics related to threats, vulnerabilities and risks that cyber-physical systems and industrial control systems face; cyber attacks that may be launched against such systems; and ways of detecting and responding to such attacks. From the SECPRE Workshop 5 full papers out of 14 submissions are included. The selected papers deal with aspects of security and privacy requirements assurance and evaluation; and security requirements elicitation and modelling.

Author(s): Sokratis K. Katsikas, Frédéric Cuppens

11. 4th International Symposium for ICS & SCADA Cyber Security Research 2016 (Electronic workshops in computing) (2016)

 

The 4th International Symposium for Industrial Control System & SCADA Cyber Security Research (ICS-CSR) brings together researchers with an interest in the security of industrial control systems in light of their increasing exposure to cyber-space. ICS-CSR is a research conference aimed at high-quality academic research in the cyber security of industrial control system from the hardware, system and human-factor perspectives. The papers in this proceedings range from defence-in-depth concepts for ICS and ICS security scanners, runtime monitoring, firewall performance for industrial applications and forensic readiness for SCADA/ICS incident response. This year, ICS-CSR also has an emphasis on smart grid security topics.

Author(s): Helge Janicke, Kevin Jones

12. Third International Symposium for ICS & SCADA Cyber Security Research 2015 (2015)

The 3rd International Symposium for Industrial Control System & SCADA Cyber Security Research (ICS-CSR) brings together researchers with an interest in the security of industrial control systems in the light of their increasing exposure to cyber-space. ICS-CSR is a research conference aimed at high-quality academic research in the cyber security of industrial control system from the hardware, system and human-factor perspectives. The papers in this proceedings cover a wide spectrum of ICS cyber security issues and range from automated asset identification over Intrusion Detection to Active Defence using large scale honeypots. Other technical contributions include the extraction of vulnerabilities from ICS designs and the analysis of microgrid cyber security. This year, other topics are covered that address the response to incidents in ICS and SCADA systems as well as their forensically sound investigation. www.ics-csr.com

Author(s): Helge Janicke, Kevin Jones