Ayala - Cyber-physical attack recovery procedures: a step-by-step preparation and response guide
Here you can read online Ayala - Cyber-physical attack recovery procedures: a step-by-step preparation and response guide full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. City: Berkeley;CA, year: 2016, publisher: Apress, genre: Computer. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
Cyber-physical attack recovery procedures: a step-by-step preparation and response guide: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "Cyber-physical attack recovery procedures: a step-by-step preparation and response guide" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
This book provides a template with step-by-step instructions on how to respond and recover when hackers get into your SCADA system and cause building equipment to act erratically or fail completely. When hackers shut off the water, turn off the building power, disable the sewage effluent pumps and activate the fire alarm, you have to do something quick. It is even more alarming that hackers can do all those things at the same time--even from the other side of the planet. Not every equipment failure or power outage is a cyber-physical attack. When your building is attacked, you probably wont suspect it was a hacker--until you see a pattern. The building control system (BCS) will act squirrelly and you will know--it really is a cyber-physical attack. Once a cyber-physical attack occurs, it can mean years of court cases, job losses, higher insurance rates, and maybe even criminal litigation. It also takes years to overcome the loss of safety credibility to your employees and the local community. Cyber-Physical Attack Recovery Procedures provides a detailed guide to taking the right steps ahead of time, and equipping your facility and employees with the training, knowledge, and tools they need and may save lives. The book contains: A one-of-a-kind action plan describing how hackers attack building equipment, the extent of damage possible, and how to respond when a cyber-physical attack occurs. Detailed descriptions of cyber-physical attacks directed against SCADA systems or building controls, as well as cyber booby traps and cyber drone attacks. Invaluable appendices, including: Emergency Procedures, Team Staffing and Tasking, Alternate Site Procedures, a Documentation List, Software and Hardware Inventories, Vendor Contact Lists, External Support Agreements, and much more.;Chapter 1: Cyber-Physical Attack Recovery Procedures -- Chapter 2: Threats and Attack Detection -- Chapter 3: Prevent Hackers from Destroying a Boiler -- Chapter 4: Prevent Hackers from Destroying a Pressure Vessel -- Chapter 5: Prevent Hackers from Destroying Chillers -- Chapter 6: Prevent Hackers from Destroying a Gas Fuel Train -- Chapter 7: Prevent Hackers from Destroying a Cooling Tower -- Chapter 8: Preventing Hackers from Destroying a Backup Generator -- Chapter 9: Prevent Hackers from Destroying Switchgear -- Chapter 10: Eight Steps to Defend Building Control Systems -- Chapter 11: Block Hacker Surveillance of your Buildings -- Chapter 12: Cyber-Physical Attack Recovery Procedures Template.
Ayala: author's other books
Who wrote Cyber-physical attack recovery procedures: a step-by-step preparation and response guide? Find out the surname, the name of the author of the book and a list of all author's works by series.
Tim Washburn
Masoud Abbaszadeh (editor)
Ayala
Cyber-physical attack recovery procedures: a step-by-step preparation and response guide — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Cyber-physical attack recovery procedures: a step-by-step preparation and response guide" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Light
Font size:
↓
↑
Reset
Interval:
↓
↑
Bookmark:
Make
Luis Ayala 2016
Luis Ayala Cyber-Physical Attack Recovery Procedures 10.1007/978-1-4842-2065-8_11. Cyber-Physical Attack Recovery Procedures
Luis Ayala 1
(1)
Fredericksburg, Virginia, USA
Electronic supplementary material
The online version of this chapter (doi: 10.1007/978-1-4842-2065-8_1 ) contains supplementary material, which is available to authorized users.
Many industrial facilities can have downtime costs of more than one million dollars per day. Equipment replacement times can easily be months. SCADA (Supervisory Control and Data Acquisition ) systems, Building Control System (BCS), Industrial Control Systems (ICS) , and Utility Control Systems (UCS) are extremely complex systems that require engineers and maintenance personnel to learn a new language. Its not enough anymore to simply know what a centrifugal chiller does and how a boiler works. Today, building maintenance personnel also need to know how hackers can attack critical equipment and damage critical infrastructure. Why? Because most building equipment today is computer-controlled and SCADA protocols are insecure by design. That means:
- Control systems protocols have little or no security safeguards
- Migration to TCP/IP networks with its inherent vulnerabilities
- Increased demand for remote diagnostics and maintenance access
- Interconnection with enterprise networks
- Legacy operating systems and applications with poor patching procedures
- Little monitoring of control systems for evidence of hacker presence
- Vendors not securing their product offerings adequately
- The majority of PLCs are ordered with web services enabled and most users leave unused web servers active (not configured), with factory default passwords
- Increased interest in control systems by foreign governments and terrorists
- Evidence that nation-states have already penetrated control systems
- Legacy industrial controls do not have the chip sets and processing capability to authenticate commands or identify malware
Historically, ordinary cyber-attacks were often undetectable and untraceable. A major cyber-physical attack , on the other hand is difficult to hide because building equipment is failing in real time. This is what happens if you want all the benefits of being connected. This book focuses on the damage hackers that can do to building equipment and how they can really ruin your day. I describe potential ways to stop a cyber-physical attack, and then how to restore equipment operation without doing further damage.
Most companies cannot function without a physical presencebe it an office or a manufacturing facility. Large companies tend to link their facilities together in the cloud, not realizing that an attack on one facility can quickly spread to many others. The Repository of Industrial Security Incidents (RISI) claims that the number of incidents directly affecting SCADA controls systems (accidental and malicious) has increased by 20 percent over the last ten years.
In 2005, the Zotob worm attacked 175 companies, including Caterpillar, General Electric, UPS, and Chrysler. At Chrysler, the Zotob worm shut down 13 assembly lines, idling 50,000 employees. Chrysler had professionally installed firewalls between the Internet and the companys network, but the worm was able to travel from plant to plant in seconds. Poor systems design and a failure to contain communications are other key problems. For example, upgrading the business system at the Hatch nuclear reactor zeroed out the control system database, causing the reactor safety system to interpret this as a drop in water cooling levels and triggering a shutdown that took two days to restore.
If your facilities controls systems are not segregated, its only a matter of time before they all go down. Hackers only need to find vulnerabilities at one site to take them all down. It goes without saying that it is a crime to commit a cyber-physical attack, so preservation of evidence is important, but in my world (facilities), it is more important to restore normal building operations quickly.
Purpose of the Recovery Procedures
The purpose of the Cyber-Physical Attack Recovery Procedures (hereinafter referred to as the Recovery Procedures) is to stop a cyber-physical attack and restore mission-critical processes (and the controls system) when an attack causes equipment to fail. I assume that you did not take my advice and your BCS is still connected to the Internet; it has modems, embedded web servers, and wireless routers; and vendors happily log in remotely to equipment (that I recommended you secure) or they regularly bring personal laptops to your mechanical rooms and plug into your BCS with little or no supervision. This book presents examples of cyber-physical attacks that hackers will attempt against your building equipment, so that your maintenance personnel understand the vulnerabilities and are prepared to respond to a cyber-physical incident.
Embedded web server
Web server software built into a building control system device that is provided to configure the device from a web browser. Also used remotely by equipment vendors to update software or troubleshoot problems.
This is an important point because when you ask a maintenance engineer if it is possible to disable the safety controls on a steam boiler so the fuel doesnt cut off automatically when the flame goes out or when the feedwater is stopped, the reply is usually: Sure, but why would you want to?
The Recovery Procedures Template in the Appendix contains generic forms to be customized for your specific building controls. They serve as the central repository for the information, tasks, and procedures that would be necessary to restore critical equipment functions. Having this information readily at hand is especially important because a cyber-physical attack on a building control system is engineered such that a prompt resumption of operations cannot be accomplished by employing normal daily operating procedures. This is not business as usual.
When a cyber-physical attack strikes, you wont be able to simply log on to a vendor website and download the latest drivers. Vendor websites will experience denial of service attacks to prevent you and others like you from recovering after the attacks. If you dont have hard copy of the network diagrams, equipment operation manuals, rescue CD-ROMs and original vendor software, you will be out of luck.
Why do I need Cyber-Physical Attack Recovery Procedures? Cant we just disconnect the Internet and turn the equipment back on?
First of all, when a cyber-physical attack is verified, I recommend you physically pull the computer's power plug from the wall rather than gracefully shutting down. Forensic data can be destroyed if the operating system executes a normal shutdown process. Also, avoid running any antivirus software after the fact as the antivirus scan changes critical file dates and impedes discovery and analysis of suspected malicious files and timelines. Secondly, a well-designed and coordinated cyber-physical attack will include cyber booby-traps intended to continue to cause damage when maintenance personnel attempt to restore normal equipment operation.
Cyber booby-trap
When a hacker embeds malware that is triggered by actions of the building maintenance staff. For example, the initial indication of a cyber-attack may be that the hacker turned off the water to a boiler. The maintenance personnel in the control room are unaware that the malware pumped all the water out of the boiler and turned up the heat. Once the boiler is superheated, the action of turning on the water triggers an explosion. The hacker needed the triggering action by building maintenance personnel to maximize the damage.
Light
Font size:
↓
↑
Reset
Interval:
↓
↑
Bookmark:
Make
Similar books «Cyber-physical attack recovery procedures: a step-by-step preparation and response guide»
Look at similar books to Cyber-physical attack recovery procedures: a step-by-step preparation and response guide. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Tim Washburn
Masoud Abbaszadeh (editor)
Ayala
Reviews about «Cyber-physical attack recovery procedures: a step-by-step preparation and response guide»
Discussion, reviews of the book Cyber-physical attack recovery procedures: a step-by-step preparation and response guide and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.