InduSoft Application Design and SCADA Deployment Recommendations for Industrial Control System Security
()
About this ebook
InduSoft conducts ongoing product and informational SCADA security webinars, publish Technical Notes and White Papers on application construction and security related topics, and publishes corporate blogs on security and a number of other useful topics by a variety of different authors. Topics from various InduSoft publications and other media are presented in this eBook to help you with your SCADA design and security issues. There are links within the topics that will take you to more in-depth information that is not presented in this handbook. Feel free to explore any of the topics and subjects in more depth by simply clicking on the links provided within the sections and in the footnotes provided for you.
Richard Clark
Technical Specialist and Controls Engineer at InduSoft concentrating on cybersecurity, 3rd party product integration, specialized application development, and product marketing. Mr. Clark has been in Automation, Process System, and Control System design and implementation for more than 25 years and was employed by Wonderware where he developed a non-proprietary means of using IP-Sec for securing current and legacy Automation, SCADA, and Process Control Systems, and developed non-proprietary IT security techniques. Industry expert by peer review and spokesperson on IT security; consultant, analyst and voting member of ISA- SP99. Contributor to PCSF Vendor Forum. Consultant to NIST and other government labs and NSA during the development of NIST Special Publication 800-82. Published engineering white papers, manuals, and instruction documents, developed and given classes and lectures on the topic of ICS/SCADA Security.
Related to InduSoft Application Design and SCADA Deployment Recommendations for Industrial Control System Security
Related ebooks
Industrial Automation and Control System Security Principles Rating: 4 out of 5 stars4/5Framework for SCADA Cybersecurity Rating: 5 out of 5 stars5/5Human-Machine Interface Design for Process Control Applications Rating: 4 out of 5 stars4/5Designing SCADA Application Software: A Practical Approach Rating: 0 out of 5 stars0 ratingsIndustrial Agents: Emerging Applications of Software Agents in Industry Rating: 0 out of 5 stars0 ratingsCloud Computing: Master the Concepts, Architecture and Applications with Real-world examples and Case studies Rating: 0 out of 5 stars0 ratingsLearning RSLogix 5000 Programming Rating: 5 out of 5 stars5/5Industrial Automation: Learn the current and leading-edge research on SCADA security Rating: 0 out of 5 stars0 ratingsOverview of Industrial Process Automation Rating: 4 out of 5 stars4/5Learn IoT Programming Using Node-RED: Begin to Code Full Stack IoT Apps and Edge Devices with Raspberry Pi, NodeJS, and Grafana Rating: 0 out of 5 stars0 ratingsInternet of Things & Wireless Sensor Network Rating: 0 out of 5 stars0 ratingsPractical Industrial Data Communications: Best Practice Techniques Rating: 5 out of 5 stars5/5Practical Modern SCADA Protocols: DNP3, 60870.5 and Related Systems Rating: 5 out of 5 stars5/5Practical Industrial Cybersecurity: ICS, Industry 4.0, and IIoT Rating: 0 out of 5 stars0 ratingsPractical Electrical Network Automation and Communication Systems Rating: 3 out of 5 stars3/5Practical TCP/IP and Ethernet Networking for Industry Rating: 4 out of 5 stars4/5Practical SCADA for Industry Rating: 4 out of 5 stars4/5Structured text A Complete Guide Rating: 0 out of 5 stars0 ratingsWhy Industry 4.0 Sucks! Rating: 0 out of 5 stars0 ratingsINSTANT PLC Programming with RSLogix 5000 Rating: 4 out of 5 stars4/5Practical Data Communications for Instrumentation and Control Rating: 4 out of 5 stars4/5Practical Industrial Data Networks: Design, Installation and Troubleshooting Rating: 5 out of 5 stars5/5Industrial Network Security, Second Edition Rating: 3 out of 5 stars3/5Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems Rating: 0 out of 5 stars0 ratingsPLC programmable logic controller A Clear and Concise Reference Rating: 0 out of 5 stars0 ratingsProgrammable Logic Controllers: A Practical Approach to IEC 61131-3 using CoDeSys Rating: 0 out of 5 stars0 ratingsCollaborative Process Automation Systems Rating: 5 out of 5 stars5/5
Security For You
CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHacking For Dummies Rating: 4 out of 5 stars4/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5CompTIA Security+ Certification Study Guide, Fourth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsWireless Hacking 101 Rating: 4 out of 5 stars4/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5CompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002) Rating: 5 out of 5 stars5/5Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsUltimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5Blockchain Basics: A Non-Technical Introduction in 25 Steps Rating: 5 out of 5 stars5/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5
Reviews for InduSoft Application Design and SCADA Deployment Recommendations for Industrial Control System Security
0 ratings0 reviews
Book preview
InduSoft Application Design and SCADA Deployment Recommendations for Industrial Control System Security - Richard Clark
InduSoft Application Design and SCADA Deployment
Recommendations for Industrial Control System Security
Guidelines and Best Practices
By Richard H. Clark, Cybersecurity Engineer, InduSoft, Inc.
Revision A-01.20.2015
Abstract and Target Audience
Purpose: Provides guidance when building and implementing HMI and SCADA systems and describes best practices to secure them against cyber-attacks and known vulnerabilities.
The target audience of this book are as follows:
1) Customers and Users of InduSoft Web Studio of all experience levels.
2) System Integrators who are creating, implementing, or modifying InduSoft Web Studio applications and implementations.
3) Control Systems Managers and Engineers needing to understand how to implement and design procedures and features within controls systems applications and networks that will be secure according to known best practices.
4) IT Managers and Engineers who need to understand the issues and implement cybersecurity within control system networks.
5) Anyone needing basic information on how to understand and implement SCADA cybersecurity and an introduction to cyber-based risk-management.
InduSoft Application Design and SCADA Deployment
Recommendations for Industrial Control System Security
By Richard H. Clark, Cybersecurity Engineer, InduSoft, Inc.
Revision A-01.20.2015
Smashwords Edition
License Notes:
This ebook is available free of charge or for a minimal cost, depending on the requirements of the local ebook distributor or publisher.
Portions or sections of this book may be copied, distributed, reposted, reprinted, or shared as required or needed; simply by including the acknowledgement of the origins of those used or redistributed materials.
eBook ISBN: 978-1311-49042-1
All profits from this ebook are to be directed and donated to the Eastern New Mexico University-Riudoso Foundation, as noted below.
If you find this ebook useful in your business, tax deductible donations to the university 501 (c) (3) foundation are encouraged by contacting:
Copyright 2014 InduSoft, Inc., a Schneider Electric company. All rights reserved. All trademarks are owned by Schneider Electric Industries SAS or its affiliated companies or their respective owners.
This ebook contains original content and materials created by the authors, as well as some materials designated as public domain
or freely distributable
as described within the associated footnotes. The ebook does not contain any known copyrighted information. Copyright violations should be reported to:
InduSoft, Inc., 11044 Research Blvd., Suite A100, Austin, TX 78759 U.S.A, or by email at info@indusoft.com, and every effort will be made to make corrections in subsequent revisions and editions.
Further information about selected subjects within this ebook is available from the website at http://www.indusoft.com and the designated references in Appendix C.
Foreword
InduSoft is proud to be able to provide this Security Guide to our users, customers, and the general public, and we hope that you will find this eBook useful. InduSoft strives to maintain customer awareness and education regarding Industrial Control System and Critical Infrastructure Security and in the use of our products. To this end, we continually conduct ongoing product and informational security webinars, publish Technical Notes and White Papers on application construction and security related topics, and publish corporate blogs on security and a number of other useful topics by a variety of different authors. Topics from various InduSoft publications and other media are presented here to help you with your security issues. There are links within the topics that will take you to more in-depth information that is not presented in this handbook. Feel free to explore any of the topics and subjects in more depth by simply clicking on the links provided within the sections and in the footnotes. We always welcome any new ideas and product suggestions that you may have by sending an email to info@indusoft.com.
InduSoft has also partnered with Eastern New Mexico University (ENMU) - Ruidoso to assist and provide materials in order to facilitate students and faculty in the online Cybersecurity Coursework and Certificate Programs that the University offers. For more information on these online courses please visit the ENMU Cybersecurity Center of Excellence webpage here:
http://www.ruidoso.enmu.edu/~enmu/index.php/using-joomla/extensions/components/content-component/article-categories/280-cybersecurity-center-of-excellence
And the ENMU Online Cybersecurity Certificate Program web page here:
http://academic.enmu.edu/millerst/Online%20Cyber%20Security%20Programs.htm
Table of Contents
Abstract and Target Audience
Foreword
Chapter 1: New Projects and Security as a Design Consideration
Section 1: Building your Project
Extract from the InduSoft Technical Note: Application Guidelines
Chapter 2: Existing Projects
Chapter 3: Cloud Based Applications
Section 1: Working with Cloud Based Applications
The following is an extract from the InduSoft White Paper: Cloud Computing for SCADA
Chapter 4: InduSoft Application Security
Section 1: SCADA System Security Best Practices
The following is a transcript extract from the InduSoft Webinar: SCADA System Security Webinar
Chapter 5: InduSoft Security Discussion for Web Based Applications
Section 1: Using Security with Distributed Web Applications
Extract 1 - From InduSoft White Paper: Security Issues with Distributed Web Applications
Section 2 – Using Security with Web-Based Applications
Extract 2 - From the InduSoft Tech Note: IWS Security System for Web Based Applications
Section 3 – Using Security with Web-Based Applications
Reprint - Control Engineering Magazine - August 2014: Cybersecurity for Smart Mobile Devices
Chapter 6: InduSoft Recommendations for IT Security
Section 1: Firewalls and other SCADA Security Considerations
Transcript extract from the InduSoft Webinar: SCADA and HMI Security in InduSoft Web Studio
Section 2: Control Systems Security Overview
Transcript extract from the InduSoft Webinar: SCADA Security Considerations: Overview
Section 3: SCADA Security - Operational Considerations
Transcript extract from the InduSoft Webinar: SCADA Security Considerations: Operational
Section 4: SCADA Security - Management Considerations
Transcript extract from the InduSoft Webinar: SCADA Security Considerations: Management
Appendix A: NIST Cybersecurity Framework Core
Appendix B: Cyber Security Evaluation Tool (CSET) Information
Appendix C: References
Recommended Publications for Purchase
Further Reading and Links to Organizations
Appendix D: Glossary
Terms Used in this Publication
Acronyms Used in this Publication
Endnotes
About the Author and More Information
Chapter 1: New Projects and Security as a Design Consideration
New projects should be planned with Application Security as a primary goal. Application Safety should follow this primary goal, with Application Functionality filling in the third of these top three project design goals. These three primary design goals create an efficient, smooth operating, and ergonomic application that is operationally obvious; it is well thought out with appropriate