Rating: 5 out of 5 stars
5/5
Ebook147 pages50 minutes
InduSoft Application Design and SCADA Deployment Recommendations for Industrial Control System Security
Rating: 0 out of 5 stars
()
About this ebook
InduSoft conducts ongoing product and informational SCADA security webinars, publish Technical Notes and White Papers on application construction and security related topics, and publishes corporate blogs on security and a number of other useful topics by a variety of different authors. Topics from various InduSoft publications and other media are presented in this eBook to help you with your SCADA design and security issues. There are links within the topics that will take you to more in-depth information that is not presented in this handbook. Feel free to explore any of the topics and subjects in more depth by simply clicking on the links provided within the sections and in the footnotes provided for you.
Author
Richard Clark
Technical Specialist and Controls Engineer at InduSoft concentrating on cybersecurity, 3rd party product integration, specialized application development, and product marketing. Mr. Clark has been in Automation, Process System, and Control System design and implementation for more than 25 years and was employed by Wonderware where he developed a non-proprietary means of using IP-Sec for securing current and legacy Automation, SCADA, and Process Control Systems, and developed non-proprietary IT security techniques. Industry expert by peer review and spokesperson on IT security; consultant, analyst and voting member of ISA- SP99. Contributor to PCSF Vendor Forum. Consultant to NIST and other government labs and NSA during the development of NIST Special Publication 800-82. Published engineering white papers, manuals, and instruction documents, developed and given classes and lectures on the topic of ICS/SCADA Security.
Related to InduSoft Application Design and SCADA Deployment Recommendations for Industrial Control System Security
Related ebooks
Framework for SCADA Cybersecurity Designing SCADA Application Software: A Practical Approach Rating: 0 out of 5 stars0 ratingsIndustrial Automation and Control System Security Principles Rating: 4 out of 5 stars4/5Wireless Networks for Industrial Automation, Fourth Edition Rating: 0 out of 5 stars0 ratingsOverview of Industrial Process Automation Rating: 4 out of 5 stars4/5Human-Machine Interface Design for Process Control Applications Rating: 4 out of 5 stars4/5Industrial Agents: Emerging Applications of Software Agents in Industry Rating: 0 out of 5 stars0 ratingsLearning RSLogix 5000 Programming Rating: 5 out of 5 stars5/5Internet of Things & Wireless Sensor Network Rating: 0 out of 5 stars0 ratingsModern Cybersecurity Practices: Exploring And Implementing Agile Cybersecurity Frameworks and Strategies for Your Organization Rating: 0 out of 5 stars0 ratingsCertifiable Software Applications 1: Main Processes Rating: 0 out of 5 stars0 ratingsLearn IoT Programming Using Node-RED: Begin to Code Full Stack IoT Apps and Edge Devices with Raspberry Pi, NodeJS, and Grafana Rating: 0 out of 5 stars0 ratingsCloud Computing: Master the Concepts, Architecture and Applications with Real-world examples and Case studies Rating: 0 out of 5 stars0 ratingsLearning AirWatch Rating: 5 out of 5 stars5/5Practical Industrial Data Communications: Best Practice Techniques Rating: 5 out of 5 stars5/5Practical Modern SCADA Protocols: DNP3, 60870.5 and Related Systems Rating: 5 out of 5 stars5/5Collaborative Process Automation Systems Rating: 5 out of 5 stars5/5Practical Industrial Data Networks: Design, Installation and Troubleshooting Rating: 5 out of 5 stars5/5Structured text A Complete Guide Rating: 0 out of 5 stars0 ratingsPractical SCADA for Industry Rating: 4 out of 5 stars4/5Practical Electrical Network Automation and Communication Systems Rating: 3 out of 5 stars3/5PLC Programming Using SIMATIC MANAGER for Beginners: With Basic Concepts of Ladder Logic Programming Rating: 4 out of 5 stars4/5Industrial Network Security, Second Edition Rating: 3 out of 5 stars3/5PLC programmable logic controller A Clear and Concise Reference Rating: 0 out of 5 stars0 ratingsIndustrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems Rating: 0 out of 5 stars0 ratingsPractical TCP/IP and Ethernet Networking for Industry Rating: 4 out of 5 stars4/5Communication and Network Security: CISSP, #4 Rating: 0 out of 5 stars0 ratingsPractical Data Communications for Instrumentation and Control Rating: 4 out of 5 stars4/5
Security For You
How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Dark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsThrough the Firewall: The Alchemy of Turning Crisis into Opportunity Rating: 0 out of 5 stars0 ratingsRemote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsCodes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsMike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Hacking For Dummies Rating: 4 out of 5 stars4/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsUltimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5What is the Dark Web?: The truth about the hidden part of the internet Rating: 4 out of 5 stars4/5
Related podcast episodes
Rick Caldwell, President of SCADAware - Episode 6: Interview with a System Integrator 0% found this document usefulCyberWire Pro Interview Selects: Jaclyn Miller from NTT, Ltd. 0% found this document useful48: A GUI for pytest: The story of how I discovered the current best GUI to run pytest. 0% found this document usefulDeveloper Security 0% found this document usefulWhat's the Best Way to Threat Model? - Nick Selby - ASW #229 0% found this document usefulBuilding ML Apps 0% found this document useful
Related articles
Rolling Your Own NAS, 2021 Edition TechLifeArticle
Rolling Your Own NAS, 2021 Edition
Mar 8, 2021
4 min readMicro-controllers Linux FormatArticle
Micro-controllers
Jan 12, 2021
If you want to use JavaScript and interface directly with Arduino and other system-on-chip boards, consider these simpler systems. They’re designed to interface directly to a large amount of boards, including the Arduino, Raspberry Pi and other small
1 min readRemote Support Software 2020 PC Pro MagazineArticle
Remote Support Software 2020
Aug 13, 2020
3 min readNetwork-monitoring software 2024 PC Pro MagazineArticle
Network-monitoring software 2024
Feb 8, 2024
4 min readWithSecure Elements Endpoint Protection PC Pro MagazineArticle
WithSecure Elements Endpoint Protection
Nov 10, 2022
2 min readBusiness Endpoint Protection 2022 PC Pro MagazineArticle
Business Endpoint Protection 2022
Nov 10, 2022
4 min readAll-in-one Business Protection 2023 PC Pro MagazineArticle
All-in-one Business Protection 2023
Aug 10, 2023
4 min readSophos Intercept X Advanced PC Pro MagazineArticle
Sophos Intercept X Advanced
Nov 9, 2023
2 min readRemote Support Software 2022 PC Pro MagazineArticle
Remote Support Software 2022
Sep 11, 2022
4 min readRemote-support software 2021 PC Pro MagazineArticle
Remote-support software 2021
Sep 9, 2021
3 min readVipre Endpoint Security Cloud PC Pro MagazineArticle
Vipre Endpoint Security Cloud
Nov 10, 2022
2 min read01 Super Apps Are Here, But Are They Secure Enough? HWM SingaporeArticle
01 Super Apps Are Here, But Are They Secure Enough?
May 12, 2023
3 min readPowering Costing With Artificial Intelligence: The Case Of Vodafone Procurement The European Business ReviewArticle
Powering Costing With Artificial Intelligence: The Case Of Vodafone Procurement
May 25, 2021
8 min readBUSINESS FOCUS BUYER’SGUIDETO Business Protection In2021 PC Pro MagazineArticle
BUSINESS FOCUS BUYER’SGUIDETO Business Protection In2021
Mar 11, 2021
3 min readProtect Your Business PC Pro MagazineArticle
Protect Your Business
Jul 9, 2022
3 min readRemote Support Software 2023 PC Pro MagazineArticle
Remote Support Software 2023
Sep 7, 2023
3 min readSupply Chain Attacks TechLifeArticle
Supply Chain Attacks
Aug 23, 2021
4 min readNetwork monitoring 2022 PC Pro MagazineArticle
Network monitoring 2022
Feb 10, 2022
4 min readThe Security Dilemma Of Iot Devices And Potential Consequences HWM SingaporeArticle
The Security Dilemma Of Iot Devices And Potential Consequences
Jan 10, 2021
3 min readF-Secure Elements Endpoint Protection PC Pro MagazineArticle
F-Secure Elements Endpoint Protection
Nov 11, 2021
2 min readAvast Premium Business Security PC Pro MagazineArticle
Avast Premium Business Security
Nov 10, 2022
2 min readBuyer’s Guide Network Monitoring PC Pro MagazineArticle
Buyer’s Guide Network Monitoring
Feb 9, 2023
4 min readRobo-marshal Racecar EngineeringArticle
Robo-marshal
May 3, 2019
8 min readWithSecure Elements EPP and EDR PC Pro MagazineArticle
WithSecure Elements EPP and EDR
Nov 9, 2023
2 min readHow End User Computing (EUC) is Digitally Transforming the Post-Pandemic Workplace TechfastlyArticle
How End User Computing (EUC) is Digitally Transforming the Post-Pandemic Workplace
Jun 1, 2022
4 min readTaking Guard Business TodayArticle
Taking Guard
Sep 2, 2021
6 min readAcronis Cyber Protect Connect Professional PC Pro MagazineArticle
Acronis Cyber Protect Connect Professional
Sep 11, 2022
2 min read8 Network Security For Your Home And Office TechfastlyArticle
8 Network Security For Your Home And Office
Nov 30, 2020
7 min readEdge Computing Ecosystem Architecture, Use Cases, and Examples TechfastlyArticle
Edge Computing Ecosystem Architecture, Use Cases, and Examples
Jun 1, 2022
6 min readBusiness Endpoint Protection PC Pro MagazineArticle
Business Endpoint Protection
Nov 11, 2021
3 min read
Reviews for InduSoft Application Design and SCADA Deployment Recommendations for Industrial Control System Security
Rating: 0 out of 5 stars
0 ratings
0 ratings0 reviews
Book preview
InduSoft Application Design and SCADA Deployment Recommendations for Industrial Control System Security - Richard Clark
InduSoft Application Design and SCADA Deployment
Recommendations for Industrial Control System Security
Guidelines and Best Practices
By Richard H. Clark, Cybersecurity Engineer, InduSoft, Inc.
Revision A-01.20.2015
Abstract and Target Audience
Purpose: Provides guidance when building and implementing HMI and SCADA systems and describes best practices to secure them against cyber-attacks and known vulnerabilities.
The target audience of this book are as follows:
1) Customers and Users of InduSoft Web Studio of all experience levels.
2) System Integrators who are creating, implementing, or modifying InduSoft Web Studio applications and implementations.
3) Control Systems Managers and Engineers needing to understand how to implement and design procedures and features within controls systems applications and networks that will be secure according to known best practices.
4) IT Managers and Engineers who need to understand the issues and implement cybersecurity within control system networks.
5) Anyone needing basic information on how to understand and implement SCADA cybersecurity and an introduction to cyber-based risk-management.
InduSoft Application Design and SCADA Deployment
Recommendations for Industrial Control System Security
By Richard H. Clark, Cybersecurity Engineer, InduSoft, Inc.
Revision A-01.20.2015
Smashwords Edition
License Notes:
This ebook is available free of charge or for a minimal cost, depending on the requirements of the local ebook distributor or publisher.
Portions or sections of this book may be copied, distributed, reposted, reprinted, or shared as required or needed; simply by including the acknowledgement of the origins of those used or redistributed materials.
eBook ISBN: 978-1311-49042-1
All profits from this ebook are to be directed and donated to the Eastern New Mexico University-Riudoso Foundation, as noted below.
If you find this ebook useful in your business, tax deductible donations to the university 501 (c) (3) foundation are encouraged by contacting:
Copyright 2014 InduSoft, Inc., a Schneider Electric company. All rights reserved. All trademarks are owned by Schneider Electric Industries SAS or its affiliated companies or their respective owners.
This ebook contains original content and materials created by the authors, as well as some materials designated as public domain
or freely distributable
as described within the associated footnotes. The ebook does not contain any known copyrighted information. Copyright violations should be reported to:
InduSoft, Inc., 11044 Research Blvd., Suite A100, Austin, TX 78759 U.S.A, or by email at info@indusoft.com, and every effort will be made to make corrections in subsequent revisions and editions.
Further information about selected subjects within this ebook is available from the website at http://www.indusoft.com and the designated references in Appendix C.
Foreword
InduSoft is proud to be able to provide this Security Guide to our users, customers, and the general public, and we hope that you will find this eBook useful. InduSoft strives to maintain customer awareness and education regarding Industrial Control System and Critical Infrastructure Security and in the use of our products. To this end, we continually conduct ongoing product and informational security webinars, publish Technical Notes and White Papers on application construction and security related topics, and publish corporate blogs on security and a number of other useful topics by a variety of different authors. Topics from various InduSoft publications and other media are presented here to help you with your security issues. There are links within the topics that will take you to more in-depth information that is not presented in this handbook. Feel free to explore any of the topics and subjects in more depth by simply clicking on the links provided within the sections and in the footnotes. We always welcome any new ideas and product suggestions that you may have by sending an email to info@indusoft.com.
InduSoft has also partnered with Eastern New Mexico University (ENMU) - Ruidoso to assist and provide materials in order to facilitate students and faculty in the online Cybersecurity Coursework and Certificate Programs that the University offers. For more information on these online courses please visit the ENMU Cybersecurity Center of Excellence webpage here:
http://www.ruidoso.enmu.edu/~enmu/index.php/using-joomla/extensions/components/content-component/article-categories/280-cybersecurity-center-of-excellence
And the ENMU Online Cybersecurity Certificate Program web page here:
http://academic.enmu.edu/millerst/Online%20Cyber%20Security%20Programs.htm
Table of Contents
Abstract and Target Audience
Foreword
Chapter 1: New Projects and Security as a Design Consideration
Section 1: Building your Project
Extract from the InduSoft Technical Note: Application Guidelines
Chapter 2: Existing Projects
Chapter 3: Cloud Based Applications
Section 1: Working with Cloud Based Applications
The following is an extract from the InduSoft White Paper: Cloud Computing for SCADA
Chapter 4: InduSoft Application Security
Section 1: SCADA System Security Best Practices
The following is a transcript extract from the InduSoft Webinar: SCADA System Security Webinar
Chapter 5: InduSoft Security Discussion for Web Based Applications
Section 1: Using Security with Distributed Web Applications
Extract 1 - From InduSoft White Paper: Security Issues with Distributed Web Applications
Section 2 – Using Security with Web-Based Applications
Extract 2 - From the InduSoft Tech Note: IWS Security System for Web Based Applications
Section 3 – Using Security with Web-Based Applications
Reprint - Control Engineering Magazine - August 2014: Cybersecurity for Smart Mobile Devices
Chapter 6: InduSoft Recommendations for IT Security
Section 1: Firewalls and other SCADA Security Considerations
Transcript extract from the InduSoft Webinar: SCADA and HMI Security in InduSoft Web Studio
Section 2: Control Systems Security Overview
Transcript extract from the InduSoft Webinar: SCADA Security Considerations: Overview
Section 3: SCADA Security - Operational Considerations
Transcript extract from the InduSoft Webinar: SCADA Security Considerations: Operational
Section 4: SCADA Security - Management Considerations
Transcript extract from the InduSoft Webinar: SCADA Security Considerations: Management
Appendix A: NIST Cybersecurity Framework Core
Appendix B: Cyber Security Evaluation Tool (CSET) Information
Appendix C: References
Recommended Publications for Purchase
Further Reading and Links to Organizations
Appendix D: Glossary
Terms Used in this Publication
Acronyms Used in this Publication
Endnotes
About the Author and More Information
Chapter 1: New Projects and Security as a Design Consideration
New projects should be planned with Application Security as a primary goal. Application Safety should follow this primary goal, with Application Functionality filling in the third of these top three project design goals. These three primary design goals create an efficient, smooth operating, and ergonomic application that is operationally obvious; it is well thought out with appropriate
Enjoying the preview?
Page 1 of 1