The use of cyber warfare as a prelude or substitute for conventional attacks has gone from conjecture to reality. The obvious targets of such assaults are a nation’s defense establishment, critical infrastructure, and production capabilities. Contrary to popular opinion, there are effective, structured defenses against such aggression, if they are conscientiously and properly implemented and maintained. This text merges the fundamentals of information system security and the unique requirements of industrial automation and control systems and presents a clear and implementable formula to defend crucial elements, such as refineries, chemical plants, manufacturing operations, power plants and pipelines. This work develops a novel protection approach based on the merging of the best relevant and proven government and industry standards, resulting in a practical instrument that can be straightforwardly applied to secure our valuable resources.

Table of Contents

Chapter 1 Industrial Automation and Control System Fundamental Concepts

Chapter 2 Information System Security Technology

Chapter 3 Industrial Automation and Control System Culture versus IT Paradigms

Chapter 4 The Continuing Technological Evolution Affecting IAC Systems

Chapter 5 Risk Management for Industrial Automation and Control Systems

Chapter 6 IAC Systems Security Methodologies and Approaches

Chapter 7 Industrial Automation and Control System Security Training

Chapter 8 Industrial Automation and Control System Trends, Approaches, and Issues

Chapter 9 Emerging Approaches to Industrial Automation and Control System Security

Appendix A Review Questions and Answers

Appendix B ICS Supplemental Guidance for NIST SP 800-53 Security Controls

About the Author

Ronald L. Krutz is Chief Scientist for Security Risk Solutions, Inc. He has more than 30 years of experience in industrial automation and control systems, distributed computing systems, computer architectures, information assurance methodologies, and information security training. He has been a Senior Information Security Consultant at Lockheed Martin, BAE Systems, and REALTECH Systems Corporation, an Associate Director of the Carnegie Mellon Research Institute (CMRI), and a faculty member in the Carnegie Mellon University Department of Electrical and Computer Engineering. Dr. Krutz founded the CMRI Cyber Security Center and was founder and director of the CMRI Computer, Automation and Robotics Group. He was also a lead instructor for (ISC)2 Inc. in its Certified Information Systems Security Professionals (CISSP) training seminars.