Q. Why were you compelled to publish an updated edition? What differentiates the second edition from the initial version?
A. I wanted to cover the latest thinking and approaches to industrial automation and control system (IACS) security. This new edition addresses the most recent, formal methods and their practical applications to IACS security. The book is able to describe the latest advances in cybersecurity and critical infrastructure protection from industrial, governmental, and commercial sources, and show how they can be practically applied to protect IACS.
Q. Could you outline, in specifics, the new and enhanced areas of content in the second edition?
A. The second edition of my book contains a significant amount of new and enhanced content. This was needed to cover and describe all the significant technologies and methodologies that have been developed since the publication of the first edition.
There is an entirely new chapter, Chapter 9, on emerging approaches to industrial automation and control system security. The new content includes such topics as the Internet of Things (IoT), the Industrial Internet of Things (IIoT), the Open Platform Communications Unified Architecture (OPC UA) (IEC 62541), Industry 4.0, the OWASP “Internet of Things Top Ten” security categories, Big Data Analytics, the NIST Big Data Interoperability Framework, the NIST Framework for Cyber-Physical Systems, the NIST Framework for Improving Critical Infrastructure Cybersecurity, and Software-Defined Elements.
Blog Author Q&A Bonus! Click this link to download a free 29-page excerpt from the new edition of Industrial Automation and Control System Security Principles.
In addition, Chapter 6 has been significantly updated to include the new versions of NIST Special Publication (SP) 800-53 Revision 4, “Recommended Security Controls for Federal Information Systems;” NIST Special Publication 800-82, Revision 2 “Guide to Industrial Control Systems Security;” and North American Electric Reliability Corporation (NERC), Critical Infrastructure Protection (CIP) Cybersecurity Standards, Version 5. As in the previous edition, it also includes coverage of ANSI/ISA-99.01.01-2007, “Security Technologies for Industrial Automation and Control Systems;” Department of Homeland Security; Catalog of Control Systems Security Recommendations for Standards Developers;” Advanced Metering Infrastructure (AMI) System Security Requirements; and a tabular Consolidation of Best Practices Controls for Industrial Automation and Control Systems.
Chapter 5 has been updated to include coverage of the latest attacks on critical infrastructure systems. In addition to Stuxnet, the overview of malware includes the Shamoon Trojan Horse, Flame modular computer malware, the Norway cyberattack, and Havex.
Chapter 8 includes updated coverage of NIST SP 800-1371, “Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations;” in applications to Industrial Automation and Control Systems, The Smart Grid Maturity Model (SGMM); and the Introduction to NISTIR 7628, “Guidelines for Smart Grid Cybersecurity.”
I also have added a new appendix, Appendix B to the second edition. This new appendix comprises ICS Supplemental Guidance for NIST SP 800-53 Security Controls.
The new and updated chapters also include revised end-of-chapter review questions.
Q. What areas of new and enhanced content would you particularly want to highlight and encourage readers to focus on?
I point out the following sections and topic areas as being particularly valuable and informative.
- Industrial Internet of Things (IIoT)
- The Open Platform Communications Unified Architecture (OPC UA) (IEC 62541)
- Industry 4.0
- Big Data Analytics
- The NIST Big Data Interoperability Framework
- NIST Framework for Cyber-Physical Systems
- NIST Framework for Improving Critical Infrastructure Cybersecurity
- NIST Special Publication 800-82, Revision 2 “Guide to Industrial Control Systems Security”
- NIST Special Publication (SP) 800-53 Revision 4, “Recommended Security Controls for Federal Information Systems”
- Coverage of latest IACS malware
Click this link to download a free PDF excerpt from the new edition of Industrial Automation and Control System Security Principles.
ISA Cybersecurity Resources
ISA offers standards-based industrial cybersecurity training, certificate programs, conformity assessment programs, and technical resources. Please visit the following ISA links for more information:
- ISA Global Cybersecurity Alliance
- Cybersecurity Resources Portal
- Cybersecurity Training
- Cybersecurity Blog Posts
- IEC 62443 Conformance Certification
- ISA Suite of Security Standards
- ISA Family of Standards
- ISA/IEC 62443 Cybersecurity Certificate Programs
- Industrial Cybersecurity Technical Resources Brochure