Tuesday, March 9, 2010

Another ICS Security Book

One of the problems with developing a facility security program for industrial control systems is the lack of information available on the problems and solutions that must be addressed in such a program. Early last month I noted that Joe Weiss had a book coming out on this topic. Yesterday I learned that CRC Press (a noted engineering publisher) has announced the publication plans for Industrial Automation and Process Control Security in February of next year. The publisher’s web site includes the following summary of the book:
“SCADA -- Supervisory Control and Data Acquisition --. Systems don’t necessarily mesh well with standard IT security, although combined the two can create deepened levels of protection. This book demonstrates how to develop a SCADA cyber security program and how to work with internal and external IT resources in order to implement it. The technical level of this text ensures that it does not provide a detailed "cookbook" that can be used to attack SCADA systems, but the text still provides sufficient technical detail to address areas of concern.”
I understand the concern about not providing attackers the necessary information to penetrate a security system; it is a problem every writer about security issues has to wrestle with. Unfortunately, I’m not sure that a useful book on how to develop a SCADA cyber security system could have this concern as a major focus of its development. Of course this could just be a publisher blurb effect rather than a focus of the author. We will have to wait to see the actual book. In any case, almost any additional information could help expand the knowledge base in this particular area. It’s just a shame we will have to wait almost a year to get this particular input.

No comments:

/* Use this with templates/template-twocol.html */