Mustard - Industrial Cybersecurity Case Studies and Best Practices

Industrial Cybersecurity Case Studies and Best Practices

Also by Steve Mustard

Author

Mission Critical Operations Primer

Reviews

This author definitely has long term and recent real world experience and is not a typical cybersecurity academic. New and experienced people will benefit from taking the time to read this.

If you are looking for a resource in ICS, this book is very thorough.

One of the better books on OT security, the writer shows an in-depth understanding of the various topics covered. If OT security is your profession, I suggest everyone to read it.

Contributor to

Water Environment Federation, Design of Water Resource Recovery Facilities, Manual of Practice No. 8 , Sixth Edition

Industrial Cybersecurity Case Studies and Best Practices

Steve Mustard, PE, CAP, GICSP

Notice

The information presented in this publication is for the general education of the reader. Because neither the author nor the publisher has any control over the use of the information by the reader, both the author and the publisher disclaim any and all liability of any kind arising out of such use. The reader is expected to exercise sound professional judgment in using any of the information presented in a particular application.

Additionally, neither the author nor the publisher has investigated or considered the effect of any patents on the ability of the reader to use any of the information in a particular application. The reader is responsible for reviewing any possible patents that may affect any particular use of the information presented.

Any references to commercial products in the work are cited as examples only. Neither the author nor the publisher endorses any referenced commercial product. Any trademarks or tradenames referenced belong to the respective owner of the mark or name. Neither the author nor the publisher makes any representation regarding the availability of any referenced commercial product at any time. The manufacturers instructions on the use of any commercial product must be followed at all times, even if in conflict with the information in this publication.

Copyright 2022 International Society of Automation (ISA)

All rights reserved.

Printed in the United States of America.

Version: 1.0

ISBN-13: 978-1-64331-154-8 (print)

ISBN-13: 978-1-64331-155-5 (ePub)

ISBN-13: 978-1-64331-156-2 (Kindle)

No part of this work may be reproduced, stored in a retrieval system, or transmitted in any form or by

any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the publisher.

ISA

P.O. Box 12277

Research Triangle Park, NC 27709

Library of Congress Cataloging-in-Publication Data in process

Dedication

To the people who dedicate their lives to the advancement of knowledge and the dissemination of truth to a world inclusive of everyone. To Charlotte, Benjamin, and Toby for their unwavering support as I continue to dedicate my life to this aim.

Contents

Acknowledgments

Throughout my engineering career of more than 30 years, I have been fortunate to work with many people around the world and for that I am forever grateful. This book would not exist without some key individuals.

To Nick Spencely, Majella Fernando, and Simon FitzGerald for their guidance in my early days, which continues to provide the foundation for everything I do today.

To Nick Rogers, for guiding me through my first (and only) management buyout, which led me to so many more opportunities and, ultimately, to this book.

To Neil Tubman and Mark Davison, the two most brilliant minds I have ever come across, for your continued support throughout the years.

To Mike Morrissey, for showing me how to establish great partnerships between staff and volunteers in professional associations and how to achieve positive results in the process.

To Bryan Parker, Clint Bodungen, Scott Keenon, and Andrew Wadsworth for the Bakersfield experience.

To Elizabeth Selvina and Jason Schurmann for all the experiences, doubles, and pies we shared in La Vertiente, Port of Spain, Reading, and Chinchilla.

To Lauren Goodwin, for your support, and the Clase Azul Reposado.

To Ken Nguyen, for the opportunity to work on one of the most exciting and fulfilling projects of my career, and to all my friends on the digital team for making it fun along the way.

To Steve Huffman, Steve Pflantz, Leo Staples, and Mike Marlowe, for your friendship, mentorship, support, and chicken pot pie.

To Blair Traynor, Nicky Jones, John Flynn, and Paul Holland for your invaluable comments on drafts of this book.

To Liegh Elrod, for your never-ending support and never-failing belief that I would one day finish this book, and to all the ISA publications team for all your hard work turning the material into a professional product.

To Andrea Holovach, for supporting me throughout my ISA presidency, reviewing memes, and consistently demonstrating your eligibility for a place on the Ark Fleet Ship A.

To the ISA staff, for working together with the member community to create a better world through automation.

To Bill Furlow, for painstakingly reviewing and fixing my writing, while simultaneously being an expert mixologist, part time bon vivant, and full time Bojack Horseman fan.

Finally, to David Boyle, my friend and colleague for too many years to count. A true friend accepts who you are, but also helps you become who you should be. Thank you for helping me be better.

About the Author

Steve Mustard is an independent automation consultant and a subject matter expert of the International Society of Automation (ISA).

Backed by more than 30 years of engineering experience, Mustard specializes in the development and management of real-time embedded equipment and automation systems. He serves as president of National Automation, Inc., and served as the 2021 president of ISA.

Mustard is a recognized authority on industrial cybersecurity, having developed and delivered cybersecurity management systems, procedures, training, and guidance to various global critical infrastructure organizations.

Mustard is a licensed Professional Engineer in Texas and Kansas, a UK registered Chartered Engineer, a European registered Eur Ing, an ISA Certified Automation Professional (CAP), a certified Global Industrial Cybersecurity Professional (GICSP), and a Certified Mission Critical Professional. He also is a Fellow in the Institution of Engineering and Technology (IET), a Senior Member of ISA, a member of the Safety and Security Committee of the Water Environment Federation (WEF), a board member of the Mission Critical Global Alliance (MCGA), and a member of the American Water Works Association (AWWA).

Mustard writes and presents on a wide array of technical topics and is the author of Mission Critical Operations Primer , published by ISA. He has also contributed to other technical books, including the Water Environment Federations Design of Water Resource Recovery Facilities, Manual of Practice No.8, sixth edition.