Handbook of SCADA/Control Systems Security

Robert Radvanovsky, CIPS, is an active security professional in the United States with knowledge in security, risk management, business continuity, disaster recovery planning, and remediation. He obtained his master’s degree in computer science from DePaul University in Chicago, and he has significantly contributed toward establishing several certification programs, specifically on the topics of critical infrastructure protection and critical infrastructure assurance. He has special interest and knowledge in matters of critical infrastructure and has published a number of articles and white papers regarding this topic, and has authored or coauthored several books in the field. Though he has been significantly involved in establishing security training and awareness programs through his company, Infracritical, he also works with several professional accreditation and educational institutions on the topics of homeland security, critical infrastructure protection and assurance, and cybersecurity. Jacob Brodsky began his career in computing and telecommunications at the Washington Suburban Sanitary Commission (WSSC) as an instrumentation and telecommunications technician while attending evening classes at the Johns Hopkins University Whiting School of Engineering, from which he received a bachelor’s degree in electrical engineering. He has worked on every aspect of SCADA and control systems for the WSSC, from the assembly language firmware of the remote terminal unit to the communications protocols and the telecommunications networks, including frequency-division multiplexing analog and digital microwave radios, the data networks, systems programming, protocol drivers, human–machine interface design, and programmable logic controller programming. He is a registered professional engineer of control systems in the state of Maryland, and has coauthored chapters on control systems for several books.

SOCIAL IMPLICATIONS AND IMPACTS. Introduction. Sociological and Cultural Aspects. Threat Vectors. Risk Management. International Implications of Securing Our SCADA/Control System Environments. Aurora Generator Test. GOVERNANCE AND MANAGEMENT. Disaster Recovery and Business Continuity of SCADA. Incident Response and SCADA. Forensics Management. Governance and Compliance. Project Management for SCADA Systems. ARCHITECTURE AND MODELING. Communications and Engineering Systems. Metrics Framework for a SCADA System. Networking Topology and Implementation. Active Defense in Industrial Control-System Networks. Open-Source Intelligence (OSINT). COMMISSIONING AND OPERATIONS. Obsolescence and Procurement of Industrial Control Systems. Patching and Change Management. Physical Security Management. Tabletop/Red–Blue Exercises. Integrity Monitoring. Data Management and Records Retention. CONCLUSION. The Future of SCADA and Control Systems Security. Appendices.