فهرست مطالب

• Cover image
• Title page
• Table of Contents
• Copyright
• Biography
• Acknowledgments
• 1. Introduction
• Book overview and key learning points
• Book audience
• Diagrams and figures
• The smart grid
• OT, IoT, IIoT, and xIoT
• How this book is organized
• Changes made to the third edition
• Conclusion
• 2. About Industrial Networks
• The use of terminology within this book
• Critical infrastructure
• Understanding “OT” versus “IT”
• Common Industrial Security Recommendations
• Common Misperceptions About Industrial Network Security
• Assumptions made in this book
• Summary
• 3. Industrial Cybersecurity History and Trends
• The convergence of OT and IT
• Importance of securing industrial networks
• The evolution of the cyber threat
• Defending against modern cyber threats
• Summary
• 4. Introduction to Industrial Control Systems and Operations
• System assets
• System operations
• Process management
• Safety instrumented systems
• The smart grid
• Network architectures
• Summary
• 5. Industrial Network Design and Architecture
• Introduction to industrial networking
• Common topologies
• Network segmentation
• Network services
• Wireless networks
• Remote access
• Performance considerations
• Safety instrumented systems
• Special considerations
• Summary
• 6. Industrial Network Protocols
• Overview of industrial network protocols
• Fieldbus protocols
• Industrial ethernet protocols
• Backend protocols
• Summary
• 7. Hacking Industrial Control Systems
• Motives and consequences
• Common industrial targets
• The evolution of the industrial cyberattack
• Weaponized industrial cyberthreats
• Attack trends
• Summary
• 8. Risk and Vulnerability Assessments
• Cybersecurity and risk management
• Methodologies for assessing risk within industrial control systems
• System characterization
• Threat identification
• Vulnerability identification
• Risk classification and ranking
• Cyber-physical threat modeling
• Cybersecurity HAZOP
• Risk reduction and mitigation
• Summary
• 9. Establishing Zones and Conduits
• Security zones and conduits explained
• Identifying and classifying security zones and conduits
• Recommended security zone separation
• Establishing security zones and conduits
• Creating a zone and conduit map
• Summary
• 10. OT Attack and Defense Lifecycles
• Attack lifecycles and kill chains
• Defense lifecycles
• The importance of understanding lifecycles
• Summary
• 11. Implementing Security and Access Controls
• Network segmentation
• Implementing network security controls
• Implementing host security and access controls
• Malware detection methods
• From theory to practice
• Summary
• 12. Exception, Anomaly, and Threat Detection
• Exception reporting
• Behavioral anomaly detection
• Behavioral whitelisting
• Advanced threat detection
• Summary
• 13. Security Monitoring of Industrial Control Systems
• Determining what to monitor
• Information management
• Log storage and retention
• Summary
• 14. Standards and Regulations
• Common standards and regulations
• ISA/IEC-62443
• Mapping industrial network security to compliance
• Industry best practices for conducting ICS assessments
• Common Criteria and FIPS standards
• Summary
• 15. Common Pitfalls and Mistakes
• The basics
• Lack of proper operationalization
• Lack of awareness
• Misunderstanding vulnerability
• Worlds are colliding!
• The mistake that you are making right now
• Summary
• Glossary
• Index