Cybersecurity of Industrial Systems

Standards Information Network (Verlag)
  • 1. Auflage
  • |
  • erschienen am 9. Juli 2019
  • |
  • 420 Seiten
E-Book | ePUB mit Adobe-DRM | Systemvoraussetzungen
978-1-119-64452-1 (ISBN)
How to manage the cybersecurity of industrial systems is a crucial question.

To implement relevant solutions, the industrial manager must have a clear understanding of IT systems, of communication networks and of control-command systems. They must also have some knowledge of the methods used by attackers, of the standards and regulations involved and of the available security solutions.

Cybersecurity of Industrial Systems presents these different subjects in order to give an in-depth overview and to help the reader manage the cybersecurity of their installation. The book addresses these issues for both classic SCADA architecture systems and Industrial Internet of Things (IIoT) systems.

How to manage the cybersecurity of industrial systems is a crucial question.

To implement relevant solutions, the industrial manager must have a clear understanding of IT systems, of communication networks and of control-command systems. They must also have some knowledge of the methods used by attackers, of the standards and regulations involved and of the available security solutions.

Cybersecurity of Industrial Systems presents these different subjects in order to give an in-depth overview and to help the reader manage the cybersecurity of their installation. The book addresses these issues for both classic SCADA architecture systems and Industrial Internet of Things (IIoT) systems.

1. Auflage
  • Englisch
  • USA
John Wiley & Sons Inc
  • Für Beruf und Forschung
  • Reflowable
  • 3,26 MB
978-1-119-64452-1 (9781119644521)

weitere Ausgaben werden ermittelt
Jean-Marie Flaus is Professor at the University of Grenoble, France, and teaches in several engineering schools. He is an expert on the cybersecurity of industrial systems and conducts research at the G-SCOP laboratory, in collaboration with INERIS and large companies.

Jean-Marie Flaus is Professor at the University of Grenoble, France, and teaches in several engineering schools. He is an expert on the cybersecurity of industrial systems and conducts research at the G-SCOP laboratory, in collaboration with INERIS and large companies.

Foreword xiii

Introduction xix

<b>Chapter 1. Components of an Industrial Control System</b> <b>1</b>

1.1. Introduction 1

1.1.1. Definition: automated and cyber-physical systems 1

1.1.2. Definition: Information System (IS) 1

1.1.3. Definition: industrial IS or ICS 2

1.1.4. Definition: IT and OT system 4

1.1.5. Definition: SCADA 4

1.1.6. Definition: Distributed Control Systems (DCS) 5

1.1.7. Definition: Industrial Internet of Things (IIOT) 5

1.1.8. Different types of ICS 6

1.2. From the birth of the PLC to the SCADA system 6

1.3. Programmable logic controller (PLC) 8

1.4. RTU, master terminal unit and intelligent electronic device 12

1.5. Programmable Automation Controller 13

1.6. Industrial PC 13

1.7. Safety instrumented systems 13

1.8. Human-machine interface (HMI) 15

1.9. Historians 17

1.10. Programming and parameter setting stations 17

1.11. Industrial Internet of Things (IIoT) 18

1.12. Network equipment 19

1.12.1. Switch and hub 19

1.12.2. Router and gateway 20

1.12.3. Firewall 20

1.12.4. IoT gateway 20

1.13. Data processing platform 21

1.14. Lifecycle of an ICS 22

<b>Chapter 2. Architecture and Communication in an Industrial Control System</b> <b>25</b>

2.1. Network architecture 25

2.1.1. Purdue model and CIM model 26

2.1.2. Architecture of the Industrial Internet of Things 29

2.2. Different types of communication networks 31

2.2.1. Topology 31

2.2.2. Types of networks 33

2.2.3. Virtual private network 34

2.2.4. OSI model 34

2.3. Transport networks 35

2.3.1. Ethernet 35

2.3.2. Wi-Fi 36

2.3.3. The IEEE 802.15.1 (Bluetooth) standard 36

2.3.4. IEEE 802.15.4 networks 37

2.3.5. LPWAN networks 38

2.3.6. Cellular networks 38

2.4. Internet protocols 39

2.4.1. The Internet protocol 39

2.4.2. Transmission Control Protocol 39

2.4.3. Unified Datagram Protocol (UDP) 42

2.4.4. Address Resolution Protocol (ARP) 42

2.4.5. Internet Control Message Protocol (ICMP) 42

2.4.6. The IPv6 protocol 43

2.5. Industrial protocols 43

2.5.1. Introduction 43

2.5.2. Modbus 45

2.5.3. Profibus and Profinet 46

2.5.4. Actuator/sensor interface 47

2.5.5. Highway Addressable Remote Transducer 48

2.5.6. DNP3 and IEC 60870 48

2.5.7. The CAN bus 49

2.5.8. Ethernet/IP and Common Industrial Protocol (CIP) 49

2.5.9. OLE for Process Control (OPC) 51

2.5.10. Other protocols 52

2.6. IoT protocols 52

2.6.1. 6LowPAN 53

2.6.2. Message Queuing Telemetry Transport 53

2.6.3. CoAP 54

2.6.4. Other protocols 54

<b>Chapter 3. IT Security</b> <b>57</b>

3.1. Security objectives 57

3.1.1. The AIC criteria 57

3.1.2. The different levels of IT security 61

3.2. Differences between IT and OT systems 64

3.2.1. The functionalities 64

3.2.2. The technology 65

3.2.3. System lifecycle 66

3.2.4. Security management 67

3.2.5. IT/OT convergence 68

3.2.6. Summary 68

3.3. Risk components 70

3.3.1. Asset and impact 70

3.3.2. Threats 71

3.3.3. Attacks 71

3.3.4. Vulnerabilities 72

3.3.5. Definition of risk 73

3.3.6. Scenarios and impact 74

3.3.7. Risk measurement 75

3.4. Risk analysis and treatment process 77

3.4.1. Principle 77

3.4.2. Acceptance of risk 79

3.4.3. Risk reduction 79

3.5. Principle of defense in depth 80

3.6. IT security management 82

3.7. Risk treatment process 85

3.8. Governance and security policy for IT systems 86

3.8.1. Governance 86

3.8.2. Security policy 87

3.9. Security management of industrial systems 88

<b>Chapter 4. Threats and Attacks to ICS</b> <b>91</b>

4.1. General principle of an attack 91

4.2. Sources of threats 95

4.3. Attack vectors 98

4.4. Main categories of malware 99

4.4.1. Virus/worms 100

4.4.2. Trojan horse 100

4.4.3. Logical bomb 101

4.4.4. Rootkit 101

4.4.5. Spyware 101

4.4.6. Back doors 101

4.4.7. Botnet 102

4.4.8. Ransomware 103

4.5. Attacks on equipment and applications 103

4.5.1. Buffer overflow and integer overflow 103

4.5.2. Attack by brute force 104

4.5.3. Attack via a zero day flaw 105

4.5.4. Side-channel attacks 105

4.5.5. Attacks specific to ICS equipment 106

4.5.6. Attacks on IIoT systems 107

4.6. Site attacks and via websites 108

4.7. Network attacks 109

4.7.1. Man-in-the-middle 109

4.7.2. Denial of service 110

4.7.3. Network and port scanning 111

4.7.4. Replay attack 112

4.8. Physical attacks 112

4.9. Attacks using the human factor 113

4.9.1. Social engineering 113

4.9.2. Internal fraud 114

4.10. History of attacks on ICS 114

4.11. Some statistics 119

<b>Chapter 5. Vulnerabilities of ICS</b> <b>121</b>

5.1. Introduction 121

5.2. Generic approach to vulnerability research 122

5.3. Attack surface 124

5.4. Vulnerabilities of SCADA industrial systems 126

5.5. Vulnerabilities of IoT industrial systems 128

5.6. Systematic analysis of vulnerabilities 130

5.7. Practical tools to analyze technical vulnerability 136

5.7.1. Databases and information sources 137

5.7.2. Pentest tools 137

5.7.3. Search engines 139

<b>Chapter 6. Standards, Guides and Regulatory Aspects</b> <b>141</b>

6.1. Introduction 141

6.2. ISO 27000 family 142

6.3. NIST framework and guides 144

6.3.1. NIST Cyber Security Framework 144

6.3.2. The guides 145

6.4. Distribution and production of electrical energy 148

6.4.1. NERC CIP 148

6.4.2. IEC 62351 150

6.4.3. IEEE 1686 151

6.5. Nuclear industry 151

6.5.1. The IAEA technical guide 151

6.5.2. IEC 62645 152

6.6. Transportation 153

6.6.1. Vehicles 153

6.6.2. Aeronautics 153

6.7. Other standards. 154

6.7.1. National Information Security Standards 154

6.7.2. Operating safety standards 154

6.8. ANSSI's approach 155

6.9. Good practices for securing industrial Internet of Things equipment 159

6.9.1. Trust base (root of trust) 160

6.9.2. Identity management (endpoint identity) 161

6.9.3. Secure boot 161

6.9.4. Cryptographic services 161

6.9.5. Secure communications 162

6.9.6. Equipment configuration and management 162

6.9.7. Activity dashboard and event management by a SIEM 162

6.10. Legislative and regulatory aspects 163

<b>Chapter 7. The Approach Proposed by Standard 62443</b><b> 167</b>

7.1. Presentation 167

7.2. IACS lifecycle and security stakeholders 169

7.3. Structure of the IEC 62443 standard 170

7.4. General idea of the proposed approach 172

7.5. Basics of the standard 174

7.5.1. Fundamental requirements 174

7.5.2. Security Levels (SL) 177

7.5.3. Zones and conduits 180

7.5.4. Maturity level 182

7.5.5. Protection level 183

7.6. Risk analysis 184

7.6.1. General approach 185

7.6.2. Detailed risk analysis 186

7.6.3. Determination of SL-T 187

7.6.4. Countermeasures 188

7.7. Security management 189

7.8. Assessment of the level of protection 190

7.9. Implementation of the IEC 62443 standard 191

7.9.1. Certification 191

7.9.2. Service providers and integrators 192

7.9.3. IACS Operators 192

<b>Chapter 8. Functional Safety and Cybersecurity</b> <b>193</b>

8.1. Introduction 193

8.1.1. Components of operational safety 193

8.1.2. SIS and SIL levels 198

8.2. IEC 61508 standard and its derivatives 200

8.3. Alignment of safety and security 203

8.4. Risk analysis methods used in operational safety 204

8.4.1. Preliminary hazard analysis 204

8.4.2. Failure Mode and Effects Analysis 205

8.4.3. HAZOP 207

8.4.4. Layer Of Protection Analysis 208

8.4.5. Fault trees and bowtie diagrams 210

<b>Chapter 9. Risk Assessment Methods</b> <b>213</b>

9.1. Introduction 213

9.2. General principle of a risk analysis 214

9.2.1. General information 214

9.2.2. Setting the context 217

9.2.3. Risk identification 218

9.2.4. Estimation of the level of risk 219

9.2.5. Risk assessment and treatment 219

9.2.6. Tailor-made approach and ICS 221

9.3. EBIOS method 221

9.3.1. Workshop 1: framing and security base 222

9.3.2. Workshop 2: sources of risk 226

9.3.3. Workshop 3: study of strategic scenarios 227

9.3.4. Workshop 4: study of operational scenarios 229

9.3.5. Workshop 5: risk treatment 230

9.3.6. Implementation for ICS 233

9.4. Attack trees 234

9.5. Cyber PHA and cyber HAZOP 236

9.5.1. Principle 236

9.5.2. Cyber PHA 239

9.5.3. Cyber HAZOP 243

9.6. Bowtie cyber diagram 245

9.7. Risk analysis of IIoT systems 246

<b>Chapter 10. Methods and Tools to Secure ICS</b><b> 249</b>

10.1. Identification of assets 249

10.2. Architecture security 253

10.2.1. Presentation 253

10.2.2. Secure architecture 254

10.2.3. Partitioning into zones 255

10.3. Firewall 257

10.4. Data diode 260

10.5. Intrusion detection system 261

10.5.1. Principle of operation 261

10.5.2. Detection methods 264

10.5.3. Intrusion detection based on a process model 267

10.6. Security incident and event monitoring 268

10.7. Secure element 270

<b>Chapter 11. Implementation of the ICS Cybersecurity Management Approach</b> <b>273</b>

11.1. Introduction 273

11.1.1. Organization of the process 273

11.1.2. Technical, human and organizational aspects 275

11.1.3. Different levels of implementation and maturity 275

11.2. Simplified process 276

11.3. Detailed approach 277

11.4. Inventory of assets 279

11.4.1. Mapping 279

11.4.2. Documentation management 279

11.5. Risk assessment 280

11.6. Governance and ISMS 281

11.6.1. Governance of the ICS and its enviroment 281

11.6.2. ISMS for ICS 281

11.7. Definition of the security policy and procedures 282

11.8. Securing human aspects 283

11.9. Physical security 284

11.10. Network security 285

11.11. Securing exchanges by removable media 285

11.12. Securing machines 285

11.12.1. Securing workstations and servers 285

11.12.2. Securing engineering stations 286

11.12.3. Securing PLCs 286

11.12.4. Securing IIoT equipment 287

11.12.5. Securing network equipment 287

11.12.6. Antivirus 287

11.13. Data security and configuration 288

11.14. Securing logical accesses 289

11.15. Securing supplier and service provider interactions 290

11.16. Incident detection 291

11.16.1. Logging and alerts 291

11.16.2. Intrusion detection system 291

11.16.3. Centralization of events (SIEM) 291

11.17. Security monitoring 291

11.17.1. Updating mapping and documentation 291

11.17.2. Security patch management 291

11.17.3. Audit of the facility 292

11.18. Incident handling 292

11.19. Recovery 293

11.19.1. Backup 293

11.19.2. Business continuity plan 294

11.20. Cybersecurity and lifecycle 294

Appendix 1 295

Appendix 2 303

Appendix 3 309

Appendix 4 329

Appendix 5 355

Appendix 6 361

List of acronyms and abbreviations 363

References 367

Index 377


Cybersecurity is one of the major concerns of our time. The risk of cyber-attacks accompanies the development of digital systems and their networking, particularly through the Internet. These risks concern all types of installations, and attacks can be carried out by isolated actors - "hackers" who, depending on their ethics (provided they have any) will be qualified as "white, grey or black hats" - but they can also be the work of international criminal organizations, or even State services acting at offensive or counteroffensive level.

The motivations for these attacks are very diverse: the desire to disrupt, harm or even destroy, theft of information, threats, intimidation, blackmail, revenge, extortion, demonstration of force, etc. There are now countless examples of this, and industrial systems, small or large, which were long thought to be protected because of their specific characteristics and their isolation from the outside world (the famous air gap), are no longer immune to threats of very different shapes and sizes.

The consequences of successful attacks can be serious because in the industrial world, the aim will of course be to protect the information system and the data it contains, but the primary objective is to prevent serious disruptions in controlled processes. These disruptions can lead to untenable production stoppages for manufacturers, regardless of their size, and generate damage to the environment, property and people, with consequences that can be major. It is easy to imagine disaster scenarios that could affect sensitive installations in the fields of energy production, water treatment, transport and more generally major infrastructure.

The industry therefore faces a real problem that it can no longer ignore and it is the duty of each manager to assess the risks to which the installation for which he/she is responsible is exposed, and to take appropriate protective measures. However, industrial managers remain perplexed about the measures to be taken and the organization to be put in place. If they are willing to acknowledge the reality of risk, they often have difficulty perceiving its origin and magnitude, and admitting its possible consequences.

Yet, for a long time, the industry has been accustomed to dealing with functional safety and the risks of component and component failure, and operator manipulation errors that can affect essential functionality. The understanding of these risks has given rise to international standards: IEC 61508 on the functional safety of electrical/electronic/electronic programmable systems, and IEC 61511 specific to the processing industries sector, itself based on the ISA-84 standard developed by the ISA (International Society of Automation). These problems can be addressed probabilistically from experimental and experiential data, as the threats are unintentional.

In the case of cybersecurity, we know that there are threats, which will come from the outside, perhaps also from the inside, but in what form, with what magnitude and with what probability? In the case of threats of intentional actions, this is a purely subjective area of assessment that can lead to an overestimation, resulting in a level of protection that will be detrimental to the company's competitiveness, or an underestimation that will pose an intolerable risk to the company.

In addition, attack techniques are evolving and improving. From the simple viruses of the 1990s, detectable by their signature, we have moved on to malicious software, which are complex computer constructions capable of communicating with the outside world, capable of growing and becoming more widespread, and capable of taking remote control of installations. Some attacks are targeted, as were the attacks on Ukrainian power grids in late 2015 and 2016, while others are broad spectrum, such as the Wannacrypt and NotPetya attacks, which have caused serious disruptions on many industrial installations, including in France.

Companies can be held for ransom from ransomware that has become common practice; they can also be complicit without their knowledge in distributed denial-of-service attacks, because connected objects - especially those that are permanently connected to the Internet but are insufficiently protected: surveillance cameras, printers, boxes - can be enrolled in botnets, manipulated at a distance to participate in massive attacks.

The development of the industrial Internet of Things will greatly expand the attack surfaces with the networking of a considerable number of diverse devices that will be impossible to monitor individually, and from which we will have to be wary of the origin, development conditions and the way they store and exchange information.

People working in the industrial world are often confused about how to approach the problem, but the normative and regulatory context forces them not to remain inactive. In France, ANSSI was charged by the Military Programming Act of December 18, 2013 and the decrees of March 27, 2015, with ensuring the security of vital operators' information systems. More recently, the European Network and Information Security (NIS) directive, transposed into French law by the law of February 26, 2018 and the decree of May 23, 2018, introduced obligations for all operators of essential services.

It is likely that insurers will also exert increasing pressure for all companies to take appropriate protective measures.

Jean-Marie Flaus' book is therefore timely and meets an essential need. It is an extremely valuable tool to better understand cybersecurity issues and solutions. Jean-Marie Flaus is a professor at the University of Grenoble Alpes. He is also a teacher-researcher and head of the Department of Management and Control of Production Systems at the G-SCOP Laboratory, Science for Design, Optimization and Production. The laboratory G-SCOP is a multidisciplinary laboratory created in Grenoble in 2007 by the CNRS, Grenoble-INP and the University of Grenoble Alpes, in order to meet the scientific challenges posed by changes to the industrial sector. Cybersecurity is clearly one of them.

The author addresses it in his book with both a teacher's and a practitioner's eye. His approach is deliberately didactic and aims to provide a detailed understanding of the nature and extent of the threats facing the industry. Its purpose is not to alarm unnecessarily, but to provide the keys to an assessment that is as objective as possible of the risks involved, which will be collated with those that a functional safety analysis may have revealed in order to identify the industrial risks involved as completely and as homogeneously as possible.

But Jean-Marie Flaus is also a practitioner, leading in particular the work of the "Cybersecurity of industrial installations and the Internet of Things" group within the Institute for Risk Management (IMdR). Once the overview of threats and vulnerabilities has been established, the author outlines the approach to be followed to address them based, in particular, on the normative standards that can be used. The fabric of standards is often considered complex and abstruse but, without getting lost in their mysteries, Jean-Marie Flaus explains its philosophy and approach, focusing on the two most important ones: the ISO 27000 series of standards and the IEC 62443 series. This last set of standards is the result of a long process of work undertaken within the ISA99 committee of the ISA more than 10 years ago and now in the process of being completed. The IEC 62443 standard is the only normative text specifically dedicated to industrial control systems; it has a double merit:

  • - on the one hand, it segregates the obligations to be met throughout the lifecycle of a control system according to the role played: product developer or manufacturer, integration service provider, operator, maintenance service provider;
  • - on the other hand, it provides the link and synthesis between the technical and organizational measures necessary to achieve a given level of security following a risk analysis.

As Jean-Marie Flaus explains very well, organizational and technical aspects must go hand in hand. There is no point in installing firewalls if the way they are operated and programmed is not defined. Conversely, "policies & procedures", as sophisticated as they may be, are of no interest if they are not technically supported.

The reader will find in the book a description of the traditional and most advanced protection techniques, but also a statement of the rules and method to be followed to build an information security management system adapted to the case of each industrial installation. For such a system to be complete, it is necessary to think in terms of "protection" but also to act at the level of "prevention" and "early detection" of intrusions, in particular abnormal traffic suggesting that an attack is in preparation. It is also necessary, because the hypothesis of a successful attack cannot be ruled out, to consider how to contain it, through appropriate defense in depth, and to restore the normal functioning of the system, starting with essential services.

Jean-Marie Flaus makes a clear and precise presentation of all this, without ever falling into abstraction, and also dealing with a simplified approach to risk management, when the stakes are low and do not justify overly sophisticated analyses.

It is a book from which certain chapters can be extracted for a thorough reading; it is also a book that can be read in its...

Dateiformat: ePUB
Kopierschutz: Adobe-DRM (Digital Rights Management)


Computer (Windows; MacOS X; Linux): Installieren Sie bereits vor dem Download die kostenlose Software Adobe Digital Editions (siehe E-Book Hilfe).

Tablet/Smartphone (Android; iOS): Installieren Sie bereits vor dem Download die kostenlose App Adobe Digital Editions oder die App PocketBook (siehe E-Book Hilfe).

E-Book-Reader: Bookeen, Kobo, Pocketbook, Sony, Tolino u.v.a.m. (nicht Kindle)

Das Dateiformat ePUB ist sehr gut für Romane und Sachbücher geeignet - also für "fließenden" Text ohne komplexes Layout. Bei E-Readern oder Smartphones passt sich der Zeilen- und Seitenumbruch automatisch den kleinen Displays an. Mit Adobe-DRM wird hier ein "harter" Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.

Bitte beachten Sie bei der Verwendung der Lese-Software Adobe Digital Editions: wir empfehlen Ihnen unbedingt nach Installation der Lese-Software diese mit Ihrer persönlichen Adobe-ID zu autorisieren!

Weitere Informationen finden Sie in unserer E-Book Hilfe.

Als Download verfügbar

126,99 €
inkl. 7% MwSt.
E-Book Einzellizenz
ePUB mit Adobe-DRM
siehe Systemvoraussetzungen
E-Book bestellen