InduSoft Application Design and SCADA Deployment Recommendations for Industrial Control System Security
()
About this ebook
InduSoft conducts ongoing product and informational SCADA security webinars, publish Technical Notes and White Papers on application construction and security related topics, and publishes corporate blogs on security and a number of other useful topics by a variety of different authors. Topics from various InduSoft publications and other media are presented in this eBook to help you with your SCADA design and security issues. There are links within the topics that will take you to more in-depth information that is not presented in this handbook. Feel free to explore any of the topics and subjects in more depth by simply clicking on the links provided within the sections and in the footnotes provided for you.
Richard Clark
Technical Specialist and Controls Engineer at InduSoft concentrating on cybersecurity, 3rd party product integration, specialized application development, and product marketing. Mr. Clark has been in Automation, Process System, and Control System design and implementation for more than 25 years and was employed by Wonderware where he developed a non-proprietary means of using IP-Sec for securing current and legacy Automation, SCADA, and Process Control Systems, and developed non-proprietary IT security techniques. Industry expert by peer review and spokesperson on IT security; consultant, analyst and voting member of ISA- SP99. Contributor to PCSF Vendor Forum. Consultant to NIST and other government labs and NSA during the development of NIST Special Publication 800-82. Published engineering white papers, manuals, and instruction documents, developed and given classes and lectures on the topic of ICS/SCADA Security.
Related to InduSoft Application Design and SCADA Deployment Recommendations for Industrial Control System Security
Related ebooks
Framework for SCADA Cybersecurity Rating: 5 out of 5 stars5/5Designing SCADA Application Software: A Practical Approach Rating: 0 out of 5 stars0 ratingsIndustrial Automation and Control System Security Principles Rating: 4 out of 5 stars4/5Wireless Networks for Industrial Automation, Fourth Edition Rating: 0 out of 5 stars0 ratingsOverview of Industrial Process Automation Rating: 4 out of 5 stars4/5Human-Machine Interface Design for Process Control Applications Rating: 4 out of 5 stars4/5Industrial Agents: Emerging Applications of Software Agents in Industry Rating: 0 out of 5 stars0 ratingsLearning RSLogix 5000 Programming Rating: 5 out of 5 stars5/5Internet of Things & Wireless Sensor Network Rating: 0 out of 5 stars0 ratingsModern Cybersecurity Practices: Exploring And Implementing Agile Cybersecurity Frameworks and Strategies for Your Organization Rating: 0 out of 5 stars0 ratingsCertifiable Software Applications 1: Main Processes Rating: 0 out of 5 stars0 ratingsLearn IoT Programming Using Node-RED: Begin to Code Full Stack IoT Apps and Edge Devices with Raspberry Pi, NodeJS, and Grafana Rating: 0 out of 5 stars0 ratingsCloud Computing: Master the Concepts, Architecture and Applications with Real-world examples and Case studies Rating: 0 out of 5 stars0 ratingsLearning AirWatch Rating: 5 out of 5 stars5/5Practical Industrial Data Communications: Best Practice Techniques Rating: 5 out of 5 stars5/5Practical Modern SCADA Protocols: DNP3, 60870.5 and Related Systems Rating: 5 out of 5 stars5/5Collaborative Process Automation Systems Rating: 5 out of 5 stars5/5Practical Industrial Data Networks: Design, Installation and Troubleshooting Rating: 5 out of 5 stars5/5Structured text A Complete Guide Rating: 0 out of 5 stars0 ratingsPractical SCADA for Industry Rating: 4 out of 5 stars4/5Practical Electrical Network Automation and Communication Systems Rating: 3 out of 5 stars3/5PLC Programming Using SIMATIC MANAGER for Beginners: With Basic Concepts of Ladder Logic Programming Rating: 4 out of 5 stars4/5Industrial Network Security, Second Edition Rating: 3 out of 5 stars3/5PLC programmable logic controller A Clear and Concise Reference Rating: 0 out of 5 stars0 ratingsIndustrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems Rating: 0 out of 5 stars0 ratingsPractical TCP/IP and Ethernet Networking for Industry Rating: 4 out of 5 stars4/5Communication and Network Security: CISSP, #4 Rating: 0 out of 5 stars0 ratingsPractical Data Communications for Instrumentation and Control Rating: 4 out of 5 stars4/5
Security For You
How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Dark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsThrough the Firewall: The Alchemy of Turning Crisis into Opportunity Rating: 0 out of 5 stars0 ratingsRemote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsCodes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsMike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Hacking For Dummies Rating: 4 out of 5 stars4/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsUltimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5What is the Dark Web?: The truth about the hidden part of the internet Rating: 4 out of 5 stars4/5
Reviews for InduSoft Application Design and SCADA Deployment Recommendations for Industrial Control System Security
0 ratings0 reviews
Book preview
InduSoft Application Design and SCADA Deployment Recommendations for Industrial Control System Security - Richard Clark
InduSoft Application Design and SCADA Deployment
Recommendations for Industrial Control System Security
Guidelines and Best Practices
By Richard H. Clark, Cybersecurity Engineer, InduSoft, Inc.
Revision A-01.20.2015
Abstract and Target Audience
Purpose: Provides guidance when building and implementing HMI and SCADA systems and describes best practices to secure them against cyber-attacks and known vulnerabilities.
The target audience of this book are as follows:
1) Customers and Users of InduSoft Web Studio of all experience levels.
2) System Integrators who are creating, implementing, or modifying InduSoft Web Studio applications and implementations.
3) Control Systems Managers and Engineers needing to understand how to implement and design procedures and features within controls systems applications and networks that will be secure according to known best practices.
4) IT Managers and Engineers who need to understand the issues and implement cybersecurity within control system networks.
5) Anyone needing basic information on how to understand and implement SCADA cybersecurity and an introduction to cyber-based risk-management.
InduSoft Application Design and SCADA Deployment
Recommendations for Industrial Control System Security
By Richard H. Clark, Cybersecurity Engineer, InduSoft, Inc.
Revision A-01.20.2015
Smashwords Edition
License Notes:
This ebook is available free of charge or for a minimal cost, depending on the requirements of the local ebook distributor or publisher.
Portions or sections of this book may be copied, distributed, reposted, reprinted, or shared as required or needed; simply by including the acknowledgement of the origins of those used or redistributed materials.
eBook ISBN: 978-1311-49042-1
All profits from this ebook are to be directed and donated to the Eastern New Mexico University-Riudoso Foundation, as noted below.
If you find this ebook useful in your business, tax deductible donations to the university 501 (c) (3) foundation are encouraged by contacting:
Copyright 2014 InduSoft, Inc., a Schneider Electric company. All rights reserved. All trademarks are owned by Schneider Electric Industries SAS or its affiliated companies or their respective owners.
This ebook contains original content and materials created by the authors, as well as some materials designated as public domain
or freely distributable
as described within the associated footnotes. The ebook does not contain any known copyrighted information. Copyright violations should be reported to:
InduSoft, Inc., 11044 Research Blvd., Suite A100, Austin, TX 78759 U.S.A, or by email at info@indusoft.com, and every effort will be made to make corrections in subsequent revisions and editions.
Further information about selected subjects within this ebook is available from the website at http://www.indusoft.com and the designated references in Appendix C.
Foreword
InduSoft is proud to be able to provide this Security Guide to our users, customers, and the general public, and we hope that you will find this eBook useful. InduSoft strives to maintain customer awareness and education regarding Industrial Control System and Critical Infrastructure Security and in the use of our products. To this end, we continually conduct ongoing product and informational security webinars, publish Technical Notes and White Papers on application construction and security related topics, and publish corporate blogs on security and a number of other useful topics by a variety of different authors. Topics from various InduSoft publications and other media are presented here to help you with your security issues. There are links within the topics that will take you to more in-depth information that is not presented in this handbook. Feel free to explore any of the topics and subjects in more depth by simply clicking on the links provided within the sections and in the footnotes. We always welcome any new ideas and product suggestions that you may have by sending an email to info@indusoft.com.
InduSoft has also partnered with Eastern New Mexico University (ENMU) - Ruidoso to assist and provide materials in order to facilitate students and faculty in the online Cybersecurity Coursework and Certificate Programs that the University offers. For more information on these online courses please visit the ENMU Cybersecurity Center of Excellence webpage here:
http://www.ruidoso.enmu.edu/~enmu/index.php/using-joomla/extensions/components/content-component/article-categories/280-cybersecurity-center-of-excellence
And the ENMU Online Cybersecurity Certificate Program web page here:
http://academic.enmu.edu/millerst/Online%20Cyber%20Security%20Programs.htm
Table of Contents
Abstract and Target Audience
Foreword
Chapter 1: New Projects and Security as a Design Consideration
Section 1: Building your Project
Extract from the InduSoft Technical Note: Application Guidelines
Chapter 2: Existing Projects
Chapter 3: Cloud Based Applications
Section 1: Working with Cloud Based Applications
The following is an extract from the InduSoft White Paper: Cloud Computing for SCADA
Chapter 4: InduSoft Application Security
Section 1: SCADA System Security Best Practices
The following is a transcript extract from the InduSoft Webinar: SCADA System Security Webinar
Chapter 5: InduSoft Security Discussion for Web Based Applications
Section 1: Using Security with Distributed Web Applications
Extract 1 - From InduSoft White Paper: Security Issues with Distributed Web Applications
Section 2 – Using Security with Web-Based Applications
Extract 2 - From the InduSoft Tech Note: IWS Security System for Web Based Applications
Section 3 – Using Security with Web-Based Applications
Reprint - Control Engineering Magazine - August 2014: Cybersecurity for Smart Mobile Devices
Chapter 6: InduSoft Recommendations for IT Security
Section 1: Firewalls and other SCADA Security Considerations
Transcript extract from the InduSoft Webinar: SCADA and HMI Security in InduSoft Web Studio
Section 2: Control Systems Security Overview
Transcript extract from the InduSoft Webinar: SCADA Security Considerations: Overview
Section 3: SCADA Security - Operational Considerations
Transcript extract from the InduSoft Webinar: SCADA Security Considerations: Operational
Section 4: SCADA Security - Management Considerations
Transcript extract from the InduSoft Webinar: SCADA Security Considerations: Management
Appendix A: NIST Cybersecurity Framework Core
Appendix B: Cyber Security Evaluation Tool (CSET) Information
Appendix C: References
Recommended Publications for Purchase
Further Reading and Links to Organizations
Appendix D: Glossary
Terms Used in this Publication
Acronyms Used in this Publication
Endnotes
About the Author and More Information
Chapter 1: New Projects and Security as a Design Consideration
New projects should be planned with Application Security as a primary goal. Application Safety should follow this primary goal, with Application Functionality filling in the third of these top three project design goals. These three primary design goals create an efficient, smooth operating, and ergonomic application that is operationally obvious; it is well thought out with appropriate