Practical Industrial Internet of Things Security

A practitioner's guide to securing connected industries
 
 
Packt Publishing
  • 1. Auflage
  • |
  • erschienen am 30. Juli 2018
  • |
  • 324 Seiten
 
E-Book | PDF mit Adobe DRM | Systemvoraussetzungen
978-1-78883-085-0 (ISBN)
 
Skillfully navigate through the complex realm of implementing scalable, trustworthy industrial systems and architectures in a hyper-connected business world.Key FeaturesGain practical insight into security concepts in the Industrial Internet of Things (IIoT) architectureDemystify complex topics such as cryptography and blockchainComprehensive references to industry standards and security frameworks when developing IIoT blueprintsBook DescriptionSecuring connected industries and autonomous systems is a top concern for the Industrial Internet of Things (IIoT) community. Unlike cybersecurity, cyber-physical security is an intricate discipline that directly ties to system reliability as well as human and environmental safety. Practical Industrial Internet of Things Security enables you to develop a comprehensive understanding of the entire spectrum of securing connected industries, from the edge to the cloud.This book establishes the foundational concepts and tenets of IIoT security by presenting real-world case studies, threat models, and reference architectures. You'll work with practical tools to design risk-based security controls for industrial use cases and gain practical know-how on the multi-layered defense techniques including Identity and Access Management (IAM), endpoint security, and communication infrastructure. Stakeholders, including developers, architects, and business leaders, can gain practical insights in securing IIoT lifecycle processes, standardization, governance and assess the applicability of emerging technologies, such as blockchain, Artificial Intelligence, and Machine Learning, to design and implement resilient connected systems and harness significant industrial opportunities.What you will learnUnderstand the crucial concepts of a multi-layered IIoT security frameworkGain insight on securing identity, access, and configuration management for large-scale IIoT deploymentsSecure your machine-to-machine (M2M) and machine-to-cloud (M2C) connectivityBuild a concrete security program for your IIoT deploymentExplore techniques from case studies on industrial IoT threat modeling and mitigation approachesLearn risk management and mitigation planningWho this book is forPractical Industrial Internet of Things Security is for the IIoT community, which includes IIoT researchers, security professionals, architects, developers, and business stakeholders. Anyone who needs to have a comprehensive understanding of the unique safety and security challenges of connected industries and practical methodologies to secure industrial assets will find this book immensely helpful. This book is uniquely designed to benefit professionals from both IT and industrial operations backgrounds.
  • Englisch
  • Birmingham
  • |
  • Großbritannien
978-1-78883-085-0 (9781788830850)
weitere Ausgaben werden ermittelt
Sravani Bhattacharjee has been a data communications technologist for over 20 years. As a technology leader at Cisco till 2014, she led the architectural planning and security evaluations of several enterprise cloud/datacenter solutions. As the principal of Irecamedia, She currently collaborates with Industrial IoT innovators to drive awareness and business decisions by creating industry whitepapers and a variety of editorial and technical marketing content. She is a member of the IEEE IoT chapter, a writer, and a speaker. She has a master's degree in Electronics Engineering.
  • Cover
  • Title Page
  • Copyright and Credits
  • Dedication
  • Packt Upsell
  • Foreword
  • Contributors
  • Disclaimer
  • Table of Contents
  • Preface
  • Chapter 1: An Unprecedented Opportunity at Stake
  • Defining the Industrial IoT
  • Industrial IoT, Industrial Internet, and Industrie 4.0
  • Consumer versus Industrial IoT
  • Industrial IoT security - a business imperative
  • Cybersecurity versus cyber-physical IoT security
  • What is a cyber-physical system?
  • Industrial "things," connectivity, and operational technologies
  • Operational technology
  • Machine-to-Machine
  • An overview of SCADA, DCS, and PLC
  • Industrial control system architecture
  • ICS components and data networks
  • ICS network components
  • Fieldbus protocols
  • IT and OT convergence - what it really means
  • Industrial IoT deployment architecture
  • Divergence in IT and OT security fundamentals
  • Operational priorities
  • Attack surface and threat actors
  • Interdependence of critical infrastructures
  • Industrial threats, vulnerabilities, and risk factors
  • Threats and threat actors
  • Vulnerabilities
  • Policy and procedure vulnerabilities
  • Platform vulnerabilities
  • Software platform vulnerabilities
  • Network vulnerability
  • Risks
  • Evolution of cyber-physical attacks
  • Industrial IoT use cases - examining the cyber risk gap
  • Energy and smart grids
  • Manufacturing
  • Cyberattack on industrial control systems - Stuxnet case study
  • Event flow
  • Key points
  • Risk gap summary
  • Smart city and autonomous transportation
  • Healthcare and pharmaceuticals
  • The ransomware attack on the healthcare enterprise - "WannaCry" case study
  • Cyber risk gap summary
  • Summary
  • Chapter 2: Industrial IoT Dataflow and Security Architecture
  • Primer on IIoT attacks and countermeasures
  • Attack surfaces and attack vectors
  • OWASP IoT attack surfaces
  • Attack trees
  • Fault tree analysis
  • Threat modeling
  • STRIDE threat model
  • DREAD threat model
  • Trustworthiness of an IIoT system
  • Industrial big data pipeline and architectures
  • Industrial IoT security architecture
  • Business viewpoint
  • Usage viewpoint
  • Functional viewpoint
  • Implementation viewpoint
  • IIoT architecture patterns
  • Pattern 1 - Three-tier architectural model
  • Pattern 2 - Layered databus architecture
  • Building blocks of industrial IoT security architecture
  • A four-tier IIoT security model
  • Summary
  • Chapter 3: IIoT Identity and Access Management
  • A primer on identity and access control
  • Identification
  • Authentication
  • Authorization
  • Account management
  • Distinguishing features of IAM in IIoT
  • Diversity of IIoT endpoints
  • Resource-constrained and brownfield considerations
  • Physical safety and reliability
  • Autonomy and scalability
  • Event logging is a rarity
  • Subscription-based models
  • Increasing sophistication of identity attacks
  • Risk-based access control policy
  • Identity management across the device lifecycle
  • Authentication and authorization frameworks for IIoT
  • Password-based authentication
  • Biometrics
  • Multi-factor authentication
  • Key-based authentication
  • Symmetric keys
  • Asymmetric keys
  • Zero-knowledge keys
  • Certificate-based authentication
  • Trust models - public key infrastructures and digital certificates
  • PKI certificate standards for IIoT
  • ITU-T X.509
  • IEEE 1609.2
  • Certificate management in IIoT deployments
  • Extending the OAuth 2.0 authorization framework for IoT access control
  • IEEE 802.1x
  • Identity support in messaging protocols
  • MQTT
  • CoAP
  • DDS
  • REST
  • Monitoring and management capabilities
  • Activity logging support
  • Revocation support and OCSP
  • Building an IAM strategy for IIoT deployment
  • Risk-based policy management
  • Summary
  • Chapter 4: Endpoint Security and Trustworthiness
  • Defining an IIoT endpoint
  • Motivation and risk-based endpoint protection
  • Resource-constrained endpoint protection
  • Brownfield scenario considerations
  • Endpoint security enabling technologies
  • IIoT endpoint vulnerabilities
  • Case study - White hack exposes smart grid meter vulnerability
  • Use case
  • Developing the exploit
  • Demonstration
  • Establishing trust in hardware
  • Hardware security components
  • Root of trust - TPM, TEE, and UEFI
  • Securing secrets, or sealing
  • Endpoint identity and access control
  • Initialization and boot process integrity
  • Establishing endpoint trust during operations
  • Secure updates
  • A trustworthy execution ecosystem
  • Endpoint data integrity
  • Endpoint configuration and management
  • Endpoint visibility and control
  • Endpoint security using isolation techniques
  • Process isolation
  • Container isolation
  • Virtual isolation
  • Physical isolation
  • Endpoint physical security
  • Machine learning enabled endpoint security
  • Endpoint security testing and certification
  • Endpoint protection industry standards
  • Summary
  • Chapter 5: Securing Connectivity and Communications
  • Definitions - networking, communications, and connectivity
  • Distinguishing features of IIoT connectivity
  • Deterministic behavior
  • Interoperability - proprietary versus open standards
  • Performance characteristics - latency, jitter, and throughput
  • Legacy networks with disappearing air gaps
  • Access to resource-constrained networks
  • Massive transition by connecting the unconnected
  • IIoT connectivity architectures
  • Multi-tier IIoT-secured connectivity architecture
  • Layered databus architecture
  • Controls for IIoT connectivity protection
  • Secure tunnels and VPNs
  • Cryptography controls
  • Network segmentation
  • Industrial demilitarized zones
  • Boundary defense with firewalls and filtering
  • Comprehensive access control
  • Core and edge gateways
  • Unidirectional gateway protection
  • Asset discovery, visibility, and monitoring
  • Physical security - the first line of defense
  • Security assessment of IIoT connectivity standards and protocols
  • Fieldbus protocols
  • Connectivity framework standards
  • Data Distribution Service
  • DDS security
  • oneM2M
  • oneM2M security
  • Open Platform Communications Unified Architecture (OPC UA)
  • OPC UA security
  • Web services and HTTP
  • Web services and HTTP security
  • Connectivity transport standards
  • Transmission Control Protocol (TCP)
  • TCP security
  • User Datagram Protocol (UDP)
  • UDP security
  • MQTT and MQTT-SN
  • MQTT security
  • Constrained Application Protocol (CoAP)
  • CoAP security
  • Advanced Message Queuing Protocol (AMQP)
  • Connectivity network standards
  • Data link and physical access standards
  • IEEE 802.15.4 WPAN
  • IEEE 802.11 wireless LAN
  • Cellular communications
  • Wireless wide area network standards
  • IEEE 802.16 (WiMAX)
  • LoRaWAN
  • Summary
  • Chapter 6: Securing IIoT Edge, Cloud, and Apps
  • Defining edge, fog, and cloud computing
  • IIoT cloud security architecture
  • Secured industrial site
  • Secured edge intelligence
  • Secure edge cloud transport
  • Secure cloud services
  • Cloud security - shared responsibility model
  • Defense-in-depth cloud security strategy
  • Infrastructure security
  • Identity and access management
  • Application security
  • Microservice architecture
  • Container security
  • Credential store and vault
  • Data protection
  • Data governance
  • Data encryption
  • Key and digital certificate management
  • Securing the data life cycle
  • Cloud security operations life cycle
  • Business continuity plan and disaster recovery
  • Secure patch management
  • Security monitoring
  • Vulnerability management
  • Threat intelligence
  • Incident response
  • Secure device management
  • Cloud security standards and compliance
  • Case study of IIoT cloud platforms
  • Case study 1 - Predix IIoT platform
  • Case study 2 - Microsoft Azure IoT
  • Case study 3 - Amazon AWS IoT
  • Cloud security assessment
  • Summary
  • Chapter 7: Secure Processes and Governance
  • Challenges of unified security governance
  • Securing processes across the IIoT life cycle
  • Business cases
  • System definitions
  • Development
  • Deployment
  • Evaluating security products
  • Operations
  • Understanding security roles
  • Solution provider
  • Hardware manufacturers
  • Industry governance
  • Solution owner
  • Elements of an IIoT security program
  • Risk assessment
  • Regulatory compliance
  • Security policy
  • Security monitoring
  • Security analysis
  • Incident response and management
  • Security audits
  • Security maturity model
  • Implementing an IIoT security program
  • Establishing an IIoT security team
  • Deciding on regulatory compliance
  • Assessing and managing risks
  • Managing third-party security
  • Enforcing the security policy
  • Continuous monitoring and analysis
  • Conducting security training
  • Implementing incident management
  • Defining security audits
  • Security revisions and maturity
  • Summary
  • Chapter 8: IIoT Security Using Emerging Technologies
  • Blockchain to secure IIoT transactions
  • Public and private blockchains
  • Digital identity with blockchains
  • Securing the supply chain
  • Blockchain challenges
  • Cognitive countermeasures - AI, machine learning, and deep learning
  • Practical considerations for AI-based IIoT security
  • Time-sensitive networking - Next-gen industrial connectivity
  • Time synchronization
  • Traffic scheduling
  • Network and system configuration
  • TSN security
  • Other Promising Trends
  • Summary
  • Chapter 9: Real-World Case Studies in IIoT Security
  • Analysis of a real-world cyber-physical attack
  • Background and impact
  • The sequence of events
  • Exploit loopholes to perform the attack
  • Trigger the attack with impact
  • Impair operations and delay recovery
  • Inside the attack anatomy
  • Reconnaissance
  • Spear phishing
  • Credential theft
  • Data exfiltration
  • Remote access exploit
  • Impair recovery - Malicious firmware, TDOS, and UPS failure
  • Cyber-physical defense - Lessons learned
  • Case study 2 - Building a successful IIoT security program
  • Background
  • Defining the security program
  • Implementation
  • Concluding remarks
  • Case study 3 - ISA/IEC 62443 based industrial endpoint protection
  • Background
  • Solution
  • Concluding remarks
  • Summary
  • Chapter 10: The Road Ahead
  • An era of decentralized autonomy
  • Endpoint security
  • Standards and reference architecture
  • Industrial collaboration
  • Interoperability
  • Green patches in brownfield
  • Technology trends
  • Summary
  • Appendix A: I
  • Appendix B: II
  • Security standards - quick reference
  • Device endpoint security
  • Industrial connectivity infrastructure security
  • Edge-cloud security
  • Other Books You May Enjoy
  • Index

Dateiformat: PDF
Kopierschutz: Adobe-DRM (Digital Rights Management)

Systemvoraussetzungen:

Computer (Windows; MacOS X; Linux): Installieren Sie bereits vor dem Download die kostenlose Software Adobe Digital Editions (siehe E-Book Hilfe).

Tablet/Smartphone (Android; iOS): Installieren Sie bereits vor dem Download die kostenlose App Adobe Digital Editions (siehe E-Book Hilfe).

E-Book-Reader: Bookeen, Kobo, Pocketbook, Sony, Tolino u.v.a.m. (nicht Kindle)

Das Dateiformat PDF zeigt auf jeder Hardware eine Buchseite stets identisch an. Daher ist eine PDF auch für ein komplexes Layout geeignet, wie es bei Lehr- und Fachbüchern verwendet wird (Bilder, Tabellen, Spalten, Fußnoten). Bei kleinen Displays von E-Readern oder Smartphones sind PDF leider eher nervig, weil zu viel Scrollen notwendig ist. Mit Adobe-DRM wird hier ein "harter" Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.

Bitte beachten Sie bei der Verwendung der Lese-Software Adobe Digital Editions: wir empfehlen Ihnen unbedingt nach Installation der Lese-Software diese mit Ihrer persönlichen Adobe-ID zu autorisieren!

Weitere Informationen finden Sie in unserer E-Book Hilfe.


Download (sofort verfügbar)

44,59 €
inkl. 19% MwSt.
Download / Einzel-Lizenz
PDF mit Adobe DRM
siehe Systemvoraussetzungen
E-Book bestellen