Secure your ICS and SCADA systems the battle-tested Hacking Exposed™ way
This hands-on guide exposes the devious methods cyber threat actors use to compromise the hardware and software central to petroleum pipelines, electrical grids, and nuclear refineries. Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets and Solutions shows, step-by-step, how to implement and maintain an ICS-focused risk mitigation framework that is targeted, efficient, and cost-effective. The book arms you with the skills necessary to defend against attacks that are debilitating―and potentially deadly. See how to assess risk, perform ICS-specific threat modeling, carry out penetration tests using “ICS safe” methods, and block malware. Throughout, the authors use case studies of notorious attacks to illustrate vulnerabilities alongside actionable, ready-to-deploy countermeasures.
Learn how to:
• Assess your exposure and develop an effective risk management plan
• Adopt the latest ICS-focused threat intelligence techniques
• Use threat modeling to create realistic risk scenarios
• Implement a customized, low-impact ICS penetration-testing strategy
• See how attackers exploit industrial protocols
• Analyze and fortify ICS and SCADA devices and applications
• Discover and eliminate undisclosed “zero-day” vulnerabilities
• Detect, block, and analyze malware of all varieties
Author(s): Clint Bodungen, Bryan Singer
2. Cybersecurity for Hospitals and Healthcare Facilities: A Guide to Detection and Prevention (2016)
Learn how to detect and prevent the hacking of medical equipment at hospitals and healthcare facilities. A cyber-physical attack on building equipment pales in comparison to the damage a determined hacker can do if he/she gains access to a medical-grade network as a medical-grade network controls the diagnostic, treatment, and life support equipment on which lives depend.
News reports inform us how hackers strike hospitals with ransomware that prevents staff from accessing patient records or scheduling appointments. Unfortunately, medical equipment also can be hacked and shut down remotely as a form of extortion. Criminal hackers will not ask for a $500 payment to unlock an MRI, PET or CT scan, or X-ray machine―they will ask for much more.
Litigation is bound to follow and the resulting punitive awards will drive up hospital insurance costs and healthcare costs in general. This will undoubtedly result in increased regulations for hospitals and higher costs for compliance. Unless hospitals and other healthcare facilities take the steps necessary to secure their medical-grade networks, they will be targeted for cyber-physical attack, possibly with life-threatening consequences.
Cybersecurity for Hospitals and Healthcare Facilities is a wake-up call explaining what hackers can do, why hackers would target a hospital, the way hackers research a target, ways hackers can gain access to a medical-grade network (cyber-attack vectors), and ways hackers hope to monetize their cyber-attack. By understanding and detecting the threats, you can take action now―before your hospital becomes the next victim.
What You Will Learn:
- Determine how vulnerable hospital and healthcare building equipment is to cyber-physical attack
- Identify possible ways hackers can hack hospital and healthcare facility equipment
- Recognize the cyber-attack vectors―or paths by which a hacker or cracker can gain access to a computer, a medical-grade network server, or expensive medical equipment in order to deliver a payload or malicious outcome
- Detect and prevent man-in-the-middle or denial-of-service cyber-attacks
- Find and prevent hacking of the hospital database and hospital web application
Who This Book Is For:
Hospital administrators, healthcare professionals, hospital & healthcare facility engineers and building managers, hospital & healthcare facility IT professionals, and HIPAA professionals
Author(s): Luis Ayala
Author(s): Stuart A. Boyer
Cyber-Physical Attacks: A Growing Invisible Threat presents the growing list of harmful uses of computers and their ability to disable cameras, turn off a building’s lights, make a car veer off the road, or a drone land in enemy hands. In essence, it details the ways cyber-physical attacks are replacing physical attacks in crime, warfare, and terrorism.
The book explores how attacks using computers affect the physical world in ways that were previously only possible through physical means. Perpetrators can now cause damage without the same risk, and without the political, social, or moral outrage that would follow a more overt physical attack.
Readers will learn about all aspects of this brave new world of cyber-physical attacks, along with tactics on how to defend against them. The book provides an accessible introduction to the variety of cyber-physical attacks that have already been employed or are likely to be employed in the near future.
- Demonstrates how to identify and protect against cyber-physical threats
- Written for undergraduate students and non-experts, especially physical security professionals without computer science background
- Suitable for training police and security professionals
- Provides a strong understanding of the different ways in which a cyber-attack can affect physical security in a broad range of sectors
- Includes online resources for those teaching security management
Author(s): George Loukas PhD Imperial College UK; MEng NTUA Greece.
This book provides a template with step-by-step instructions on how to respond and recover when hackers get into your SCADA system and cause building equipment to act erratically or fail completely. When hackers shut off the water, turn off the building power, disable the sewage effluent pumps and activate the fire alarm, you have to do something quick. It is even more alarming that hackers can do all those things at the same time―even from the other side of the planet.
Not every equipment failure or power outage is a cyber-physical attack. When your building is attacked, you probably won’t suspect it was a hacker―until you see a pattern. The building control system (BCS) will act “squirrelly” and you will know―it really is a cyber-physical attack.
Once a cyber-physical attack occurs, it can mean years of court cases, job losses, higher insurance rates, and maybe even criminal litigation. It also takes years to overcome the loss of safety credibility to your employees and the local community. Cyber-Physical Attack Recovery Procedures provides a detailed guide to taking the right steps ahead of time, and equipping your facility and employees with the training, knowledge, and tools they need and may save lives.
The book contains:
- A one-of-a-kind action plan describing how hackers attack building equipment, the extent of damage possible, and how to respond when a cyber-physical attack occurs.
- Detailed descriptions of cyber-physical attacks directed against SCADA systems or building controls, as well as cyber booby traps
- Invaluable appendices, including: Emergency Procedures, Team Staffing and Tasking, Alternate Site Procedures, a Documentation List, Software and Hardware Inventories, Vendor Contact Lists, External Support Agreements, and much more.
What you’ll learn
- Possible ways hackers can cause building equipment to fail.
- How to quickly assess the threat to his facilities in real time, how to stop a cyber-physical attack.
- How to restore equipment operation without doing any more damage.
Who This Book Is For
Architects, Engineers, Building Managers, Students, Researchers and Consultants interested in cybersecurity-attacks against facilities in the real world. Also for IT professionals getting involved in cybersecurity responsibilities.
Author(s): Luis Ayala
6. Techno Security’s Guide to Securing SCADA: A Comprehensive Handbook On Protecting The Critical Infrastructure (2008)
This book addresses currently undocumented security issues affecting SCADA systems and overall critical infrastructure protection. The respective co-authors are among the leading experts in the world capable of addressing these related-but-independent concerns of SCADA security. Headline-making threats and countermeasures like malware, sidejacking, biometric applications, emergency communications, security awareness llanning, personnel & workplace preparedness and bomb threat planning will be addressed in detail in this one of a kind book-of-books dealing with the threats to critical infrastructure protection. They collectivly have over a century of expertise in their respective fields of infrastructure protection. Included among the contributing authors are Paul Henry, VP of Technology Evangelism, Secure Computing, Chet Hosmer, CEO and Chief Scientist at Wetstone Technologies, Phil Drake, Telecommunications Director, The Charlotte Observer, Patrice Bourgeois, Tenable Network Security, Sean Lowther, President, Stealth Awareness and Jim Windle, Bomb Squad Commander, CMPD.
* Internationally known experts provide a detailed discussion of the complexities of SCADA security and its impact on critical infrastructure
* Highly technical chapters on the latest vulnerabilities to SCADA and critical infrastructure and countermeasures
* Bonus chapters on security awareness training, bomb threat planning, emergency communications, employee safety and much more
* Companion Website featuring video interviews with subject matter experts offer a “sit-down” with the leaders in the field
Author(s): Jack Wiles, Ted Claypoole
7. SCADA Principles for Bottle Filling System: PLC Programming | SCADA Implementation | Hardware Interfacing (2012)
Author(s): Adnan Shaffi, Afaq Khan
Author(s): Nathaniel O’Shaughnessey
9. Cyber Security: Analytics, Technology and Automation (Intelligent Systems, Control and Automation: Science and Engineering) (2016)
The book, in addition to the cyber threats and technology, processes cyber security from many sides as a social phenomenon and how the implementation of the cyber security strategy is carried out.
The book gives a profound idea of the most spoken phenomenon of this time. The book is suitable for a wide-ranging audience from graduate to professionals/practitioners and researchers. Relevant disciplines for the book are Telecommunications / Network security, Applied mathematics / Data analysis, Mobile systems / Security, Engineering / Security of critical infrastructure and Military science / Security.
Author(s): Martti Lehto, Pekka Neittaanmäki
10. Computer Security: ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Oslo, Norway, September 14-15, 2017, Revised Selected Papers (Lecture Notes in Computer Science) (2018)
This book constitutes the thoroughly refereed post-conference proceedings of the Third International Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems, CyberICPS 2017, and the First International Workshop on Security and Privacy Requirements Engineering, SECPRE 2017, held in Oslo, Norway, in September 2017, in conjunction with the 22nd European Symposium on Research in Computer Security, ESORICS 2017.
The CyberICPS Workshop received 32 submissions from which 10 full and 2 short papers were selected for presentation. They cover topics related to threats, vulnerabilities and risks that cyber-physical systems and industrial control systems face; cyber attacks that may be launched against such systems; and ways of detecting and responding to such attacks. From the SECPRE Workshop 5 full papers out of 14 submissions are included. The selected papers deal with aspects of security and privacy requirements assurance and evaluation; and security requirements elicitation and modelling.
Author(s): Sokratis K. Katsikas, Frédéric Cuppens
11. 4th International Symposium for ICS & SCADA Cyber Security Research 2016 (Electronic workshops in computing) (2016)
The 4th International Symposium for Industrial Control System & SCADA Cyber Security Research (ICS-CSR) brings together researchers with an interest in the security of industrial control systems in light of their increasing exposure to cyber-space. ICS-CSR is a research conference aimed at high-quality academic research in the cyber security of industrial control system from the hardware, system and human-factor perspectives. The papers in this proceedings range from defence-in-depth concepts for ICS and ICS security scanners, runtime monitoring, firewall performance for industrial applications and forensic readiness for SCADA/ICS incident response. This year, ICS-CSR also has an emphasis on smart grid security topics.
Author(s): Helge Janicke, Kevin Jones
The 3rd International Symposium for Industrial Control System & SCADA Cyber Security Research (ICS-CSR) brings together researchers with an interest in the security of industrial control systems in the light of their increasing exposure to cyber-space. ICS-CSR is a research conference aimed at high-quality academic research in the cyber security of industrial control system from the hardware, system and human-factor perspectives. The papers in this proceedings cover a wide spectrum of ICS cyber security issues and range from automated asset identification over Intrusion Detection to Active Defence using large scale honeypots. Other technical contributions include the extraction of vulnerabilities from ICS designs and the analysis of microgrid cyber security. This year, other topics are covered that address the response to incidents in ICS and SCADA systems as well as their forensically sound investigation. www.ics-csr.com
Author(s): Helge Janicke, Kevin Jones