Introduction xxiiiChapter 1 Industrial Control Systems 1Introduction 2Basic Process Control Systems 3Closed- Loop Control Systems 5Industrial Process Controllers 6Supervisory Control and Data Acquisition Systems 20System Telemetry 21Utility Networks 23OT/IT Network Integration 25Industrial Safety and Protection Systems 28Safety Instrument Systems 29Review Questions 39Exam Questions 41Chapter 2 ICS Architecture 43Introduction 44Network Transmission Media 45Copper Cabling 45Fiber- Optic Cabling 46Industrial Network Media Standards 49Ethernet Connectivity 52External Network Communications 53Transmission Media Vulnerabilities 55Field Device Architecture 56PLC I/O Sections 58PLC Implementations 62Industrial Sensors 63Final Control Elements/Actuators 71Relays 73Process Units 76Industrial Network Protocols 79Common Industrial Protocols 79EtherNet/IP Protocol 79Modbus 80ProfiNet/ProfiBus 81Dnp3 82Iccp 83Opc 83BACnet 83Enterprise Network Protocols 84Tcp/ip 84Dynamic Host Configuration Protocol 89Review Questions 90Exam Questions 91Chapter 3 Secure ICS Architecture 95Introduction 96Boundary Protection 97Firewalls 98Proxies 104Security Topologies 105Network Switches 106Routers 108Security Zoning Models 109Flat Network Topologies 113Network Segmentation 122Controlling Intersegment Data Movement 128Tunneling 128Wireless Networking 129Wireless Sensors 131Wireless Gateways 134Modems 135Review Questions 137Exam Questions 139Chapter 4 ICS Module and Element Hardening 143Introduction 145Endpoint Security and Hardening 145User Workstation Hardening 145BIOS Security Subsystems 147Additional Outer Perimeter Access Hardening 148Mobile Device Protection 154OS Security/Hardening 155File System Security 156Operating System Security Choices 160Linux SystemV vs Systemd 160Hardening Operating Systems 162Common Operating System Security Tools 162Virtualization 169Application Software Security 172Software Exploitation 172Information Leakage 173Applying Software Updates and Patches 174Database Hardening 174SQL Injection 175Anti-Malware 177Antivirus 178Anti-spyware 178Anti- Malware: Sanitization 181Embedded Device Security 182Meters 184Network Hardening 189OT/IT Network Security 189Server Security 191Hardening the Server OS 193Logical Server Access Control 194Hardening Network Connectivity Devices 196Review Questions 201Exam Questions 202Chapter 5 Cybersecurity Essentials for ICS 205Introduction 207Basic Security Tenets 208Confidentiality, Integrity, and Availability 208Availability in ICS Networks 209Nonrepudiation 210Principle of Least Privilege 211Separation of Duties 211Vulnerability and Threat Identification 212Nation- States 213Cyberterrorists 213Cybercriminals 214Insider Threats 216Events, Incidents, and Attacks 217Threat Vectors 217Weaponization 230Delivery 230Exploitation 231Installation 232Command and Control 233Actions on Objectives 233Attack Methods 234Unauthorized Access 251Cryptographics 260Encryption 262Digital Certificates 264Public Key Infrastructure 264Hashing 266Resource Constraints 267Review Questions 268Exam Questions 268Chapter 6 Physical Security 271Introduction 272Infrastructure Security 273Access Control 274Physical Security Controls 276Authentication Systems 278Remote Access Monitoring and Automated Access Control Systems 286Intrusion Detection and Reporting Systems 289Security Controllers 290Video Surveillance Systems 295Cameras 297IP Cameras 297Pan- Tilt- Zoom Cameras 298Physical Security for ICS 306Industrial Processes/Generating Facilities 307Control Center/Company Offices 307Nerc Cip-006-1 309Review Questions 311Exam Questions 312Chapter 7 Access Management 315Introduction 316Access Control Models 317Mandatory Access Control 317Discretionary Access Control 318Role- Based Access Control 318Rule- Based Access Control 319Attribute- Based Access Control 319Context- Based Access Control 320Key Security Components within Access Controls 320Directory Services 321Active Directory 321Linux Directory Services 324Application Runtime and Execution Control 326User Access Management 326Establishing User and Group Accounts 328Group Account Security 330Network Authentication Options 331Establishing Resource Controls 332ICS Access Control 334Remote ICS Access Control 336Access Control for Cloud Systems 340Review Questions 343Exam Questions 344Chapter 8 ICS Security Governance and Risk Management 347Introduction 348Security Policies and Procedure Development 348Requirements 349Exceptions and Exemptions 350Standards 351ICS Security Policies 356Risk Management 357Asset Identification 358Risk Assessment 359Risk Identification Vulnerability Assessment 362Impact Assessment 363ICS Risk Assessments 364Risk Mitigation 366Nerc Cip-008 367Review Questions 369Exam Questions 370Chapter 9 ICS Security Assessments 373Introduction 374Security Assessments 374ICS Device Testing 376Vulnerability 376Supply Chain 377Communication Robustness Testing 382Fuzzing 382ICS Penetration Testing 384The Pentest Process 385Security Testing Tools 392Packet Sniffers 392Network Enumeration/Port Scanning 393Port Scanning 395Vulnerability Scanning 395Review Questions 401Exam Questions 402Chapter 10 ICS Security Monitoring and Incident Response 405Introduction 407ICS Lifecycle Challenges 408Change Management 408Establishing a Security Baseline 409Change Management Documentation 411Configuration Change Management 412Controlling Patch Distribution and Installation for Systems 414Monitoring 419Event Monitoring 420Network Monitoring 421Security Monitoring 423Logging and Auditing 424Event Logging 425Incident Management 433The Incident Response Lifecycle 434Preparation 435Incident Response 442Recovery 445Post- Incident Activities 446Review Questions 449Exam Questions 450Chapter 11 Disaster Recovery and Business Continuity 453Introduction 454Business Continuity Plans 455System Redundancy 455Local Virtualized Storage 459System Backup and Restoration 462Backup Options 463Backup Media Rotation 466Securing Backup Media 467Other BCP Considerations 467Disaster Recovery 469Planning 470Documenting the Disaster Recovery Plan 472The Disaster Response/Recovery Team 473Nerc Cip-009-6 475Review Questions 477Exam Questions 478Appendix A GICSP Objective Map 481ICS410.1 ICS: Global Industrial Cybersecurity Professional (GICSP) Objectives 482Overview 482ICS410.2: Architecture and Field Devices 483ICS410.3: Communications and Protocols 484ICS410.4: Supervisory Systems 485ICS410.5: Security Governance 485Appendix B Glossary 487Appendix C Standards and References 533Reference Links 536Appendix D Review and Exam Question Answers 539Chapter 1: Industrial Control Systems 540Review Question Answers 540Exam Question Answers 541Chapter 2: ICS Architecture 542Review Question Answers 542Exam Question Answers 544Chapter 3: Secure ICS Architecture 545Review Question Answers 545Exam Question Answers 547Chapter 4: ICS Modules and Element Hardening 548Review Question Answers 548Exam Question Answers 550Chapter 5: Cybersecurity Essentials for ICS 551Review Question Answers 551Exam Question Answers 553Chapter 6: Physical Security 554Review Question Answers 554Exam Question Answers 556Chapter 7: Access Management 556Review Question Answers 556Exam Question Answers 558Chapter 8: ICS Security Governance and Risk Management 559Review Question Answers 559Exam Question Answers 560Chapter 9: ICS Security Assessments 561Review Question Answers 561Exam Question Answers 563Chapter 10: ICS Security Monitoring and Incident Response 564Review Question Answers 564Exam Question Answers 565Chapter 11: Disaster Recovery and Business Continuity 567Review Question Answers 567Exam Question Answers 568Index 571

CHARLES J. BROOKS is the co-Owner and Vice President of Educational Technologies Group Inc and the co-Owner of eITPrep LLP. He oversees research and product development at those organizations and has authored several books, including the A+ Certification Training Guide and The Complete Introductory Computer Course. For the past eight years Charles has been lecturing and providing Instructor training for cybersecurity teachers throughout the U.S. and abroad. His latest projects have been associated with IT and OT cybersecurity courses and hands-on lab activities that include Cybersecurity Essentials -- Concepts & Practices; Cybersecurity Essentials - Environments & Testing; and Industrial Network Cybersecurity.PHILIP A. CRAIG JR is the founder of BlackByte Cyber Security, LLC, a consultancy formed to develop new cybersecurity tools and tactics for use in U.S Critical Infrastructure. He oversees research and product development for the U.S. Department of Energy (DOE), the Defense Advanced Research Projects Agency (DARPA), and the National Rural Electric Cooperative Association (NRECA), as well as providing expert knowledge in next generation signal isolation techniques to protect automated controls in energy generation, transmission, and distribution systems. Mr. Craig has authored regulation for both the Nuclear Regulatory Commission (NRC) and National Energy Reliability Corporation (NERC) and is an active cyber responder in federal partnerships for incident response.