|
Hurry - Only 2 left in stock!
|
Table of Contents v List of Figures xi List of Tables xiii Acronyms and Abbreviations xvii Glossary xxiii Acknowledgments xxix Preface xxxiii Part 1: Introduction, Background, and History of Cybersecurity 1 1 Purpose of this Book 1 1.1 Target Audience 6 1.2 What is Cybersecurity? 6 1.3 What is Operational Technology (OT)? 10 1.4 Which industries have OT? 13 1.5 Scope 15 1.6 Organization of the Book 17 2 Types of Cyber-Attacks, Who Engages in Them and Why 19 2.1 Types of Cyber-Attacks 19 2.2 Who Commits Cybercrimes and Their Motives 26 2.3 Summary 30 3 Types of Risk Receptors / Targets 33 3.1 What is Cybersecurity Risk 35 3.2 What are Common Cybersecurity Targets? 38 3.3 Types of Cybersecurity Consequences 43 3.4 Summary 45 4 Threat Sources and Types of Attacks 47 4.1 Non-Targeted Attacks 49 4.2 Targeted Attacks 53 4.3 Advanced Persistent Threats (APT) 58 4.4 Summary 62 5 Who Could Create a Cyber Risk? Insider vs Outsider Threats 65 5.1 Insider Cybersecurity Risk 65 5.2 Outsider Cybersecurity Risk 69 5.3 Summary 71 6 Case Histories 73 6.1 Maroochy Shire 73 6.2 Stuxnet 77 6.3 German Steel Mill 81 6.4 Ukrainian Power Grid 84 6.5 NotPetya 91 6.6 Triton 95 6.7 Düsseldorf Hospital Ransomware 99 6.8 SolarWinds 101 6.9 Florida Water System 105 6.10 Colonial Pipeline Ransomware 107 6.11 Summary 110 Part 2: Integrating Cybersecurity Management into the Process Safety Framework 113 7 General Model for Understanding Cybersecurity Risk 113 7.1 Cybersecurity Lifecycle 113 7.2 Integrated Cybersecurity and Safety Lifecycle 121 7.3 NIST Cybersecurity Framework 129 7.4 Summary 138 8 Designing a Secure Industrial Automation and Control System 141 8.1 The Disconnect between IT and OT Risk Management 141 8.2 Inherently Safer vs Inherently More Secure 146 8.3 Defense-in-Depth 149 8.4 Network Segmentation 153 8.5 System Hardening 173 8.6 Security Monitoring 176 8.7 Risk Compatibility Assessment 180 8.8 Summary 182 9 Hazard Identification and Risk Analysis (HIRA) 183 9.1 Use of Process Safety Tools to Identify and Manage Cybersecurity Risk 185 9.2 Qualitative Methods 187 9.3 Quantitative Methods 217 9.4 How to Prioritize Risk Reduction Measures? 231 9.5 Revalidation/Reassessment 232 9.6 Summary 233 10 Manage the Risk 235 10.1 Management Approach 235 10.2 Initial Steps 236 10.3 Cybersecurity Culture 240 10.4 Compliance with Standards 242 10.5 Cybersecurity Competency 246 10.6 Workforce Involvement 248 10.7 Stakeholder Outreach 251 10.8 Process Knowledge Management 252 10.9 Operating Procedures 256 10.10 Safe Work Practices 259 10.11 Management of Change 262 10.12 Asset Integrity and Reliability 266 10.13 Contractor Management 272 10.14 Training and Performance Assurance 275 10.15 Operational Readiness 278 10.16 Conduct of Operations 281 10.17 Emergency Management 285 10.18 Incident Investigation 290 10.19 Measurements and Metrics 295 10.20 Auditing 300 10.21 Management Review and Continuous Improvement 304 10.22 Summary 307 11 Implementing a Holistic Approach to Safety and Cybersecurity 311 11.1 Cybersecurity Management Systems (CSMS) 312 11.2 Integrating CSMS with Process Safety Management 327 11.3 Summary 334 Part 3: Where Do We Go from Here? 337 12 What's Next? A Look at Future Development Opportunities 337 12.1 Cybersecurity Adoption Trends 338 12.2 Emerging Technologies 350 12.3 Summary 353 13 Available Resources 355 13.1 Local, Regional, and Global Topics 355 13.2 Cybersecurity Incident Repositories 362 13.3 Competency Requirements and Training Availability 363 13.4 Administration vs Accountability Functions 368 13.5 Summary 370 Appendix A Excerpt from NIST Cybersecurity Framework 371 Appendix B Detailed Cybersecurity PHA and LOPA Example 377 B.1 System Basis 377 B.2 Initial Risk Assessment 382 B.3 Detailed Risk Assessment (Cyber PHA/HAZOP) 387 B.4 LOPA/ Semi-Quantitative SL Verification 405 Appendix C Example Cybersecurity Metrics 411 Appendix D Cybersecurity Sample Audit Question List 413 Appendix E Management System Review Examples 419 References 421 Index 437
Show moreTable of Contents v List of Figures xi List of Tables xiii Acronyms and Abbreviations xvii Glossary xxiii Acknowledgments xxix Preface xxxiii Part 1: Introduction, Background, and History of Cybersecurity 1 1 Purpose of this Book 1 1.1 Target Audience 6 1.2 What is Cybersecurity? 6 1.3 What is Operational Technology (OT)? 10 1.4 Which industries have OT? 13 1.5 Scope 15 1.6 Organization of the Book 17 2 Types of Cyber-Attacks, Who Engages in Them and Why 19 2.1 Types of Cyber-Attacks 19 2.2 Who Commits Cybercrimes and Their Motives 26 2.3 Summary 30 3 Types of Risk Receptors / Targets 33 3.1 What is Cybersecurity Risk 35 3.2 What are Common Cybersecurity Targets? 38 3.3 Types of Cybersecurity Consequences 43 3.4 Summary 45 4 Threat Sources and Types of Attacks 47 4.1 Non-Targeted Attacks 49 4.2 Targeted Attacks 53 4.3 Advanced Persistent Threats (APT) 58 4.4 Summary 62 5 Who Could Create a Cyber Risk? Insider vs Outsider Threats 65 5.1 Insider Cybersecurity Risk 65 5.2 Outsider Cybersecurity Risk 69 5.3 Summary 71 6 Case Histories 73 6.1 Maroochy Shire 73 6.2 Stuxnet 77 6.3 German Steel Mill 81 6.4 Ukrainian Power Grid 84 6.5 NotPetya 91 6.6 Triton 95 6.7 Düsseldorf Hospital Ransomware 99 6.8 SolarWinds 101 6.9 Florida Water System 105 6.10 Colonial Pipeline Ransomware 107 6.11 Summary 110 Part 2: Integrating Cybersecurity Management into the Process Safety Framework 113 7 General Model for Understanding Cybersecurity Risk 113 7.1 Cybersecurity Lifecycle 113 7.2 Integrated Cybersecurity and Safety Lifecycle 121 7.3 NIST Cybersecurity Framework 129 7.4 Summary 138 8 Designing a Secure Industrial Automation and Control System 141 8.1 The Disconnect between IT and OT Risk Management 141 8.2 Inherently Safer vs Inherently More Secure 146 8.3 Defense-in-Depth 149 8.4 Network Segmentation 153 8.5 System Hardening 173 8.6 Security Monitoring 176 8.7 Risk Compatibility Assessment 180 8.8 Summary 182 9 Hazard Identification and Risk Analysis (HIRA) 183 9.1 Use of Process Safety Tools to Identify and Manage Cybersecurity Risk 185 9.2 Qualitative Methods 187 9.3 Quantitative Methods 217 9.4 How to Prioritize Risk Reduction Measures? 231 9.5 Revalidation/Reassessment 232 9.6 Summary 233 10 Manage the Risk 235 10.1 Management Approach 235 10.2 Initial Steps 236 10.3 Cybersecurity Culture 240 10.4 Compliance with Standards 242 10.5 Cybersecurity Competency 246 10.6 Workforce Involvement 248 10.7 Stakeholder Outreach 251 10.8 Process Knowledge Management 252 10.9 Operating Procedures 256 10.10 Safe Work Practices 259 10.11 Management of Change 262 10.12 Asset Integrity and Reliability 266 10.13 Contractor Management 272 10.14 Training and Performance Assurance 275 10.15 Operational Readiness 278 10.16 Conduct of Operations 281 10.17 Emergency Management 285 10.18 Incident Investigation 290 10.19 Measurements and Metrics 295 10.20 Auditing 300 10.21 Management Review and Continuous Improvement 304 10.22 Summary 307 11 Implementing a Holistic Approach to Safety and Cybersecurity 311 11.1 Cybersecurity Management Systems (CSMS) 312 11.2 Integrating CSMS with Process Safety Management 327 11.3 Summary 334 Part 3: Where Do We Go from Here? 337 12 What's Next? A Look at Future Development Opportunities 337 12.1 Cybersecurity Adoption Trends 338 12.2 Emerging Technologies 350 12.3 Summary 353 13 Available Resources 355 13.1 Local, Regional, and Global Topics 355 13.2 Cybersecurity Incident Repositories 362 13.3 Competency Requirements and Training Availability 363 13.4 Administration vs Accountability Functions 368 13.5 Summary 370 Appendix A Excerpt from NIST Cybersecurity Framework 371 Appendix B Detailed Cybersecurity PHA and LOPA Example 377 B.1 System Basis 377 B.2 Initial Risk Assessment 382 B.3 Detailed Risk Assessment (Cyber PHA/HAZOP) 387 B.4 LOPA/ Semi-Quantitative SL Verification 405 Appendix C Example Cybersecurity Metrics 411 Appendix D Cybersecurity Sample Audit Question List 413 Appendix E Management System Review Examples 419 References 421 Index 437
Show moreList of Figures xi
List of Tables xiii
Acronyms and Abbreviations xvii
Glossary xxiii
Acknowledgments xxix
Preface xxxiii
Part 1: Introduction, Background, and History of Cybersecurity 1
1 Purpose of this Book 1
1.1 Target Audience 6
1.2 What is Cybersecurity? 6
1.3 What is Operational Technology (OT)? 10
1.4 Which industries have OT? 13
1.5 Scope 15
1.6 Organization of the Book 17
2 Types of Cyber-Attacks, Who Engages in Them and Why 19
2.1 Types of Cyber-Attacks 19
2.2 Who Commits Cybercrimes and Their Motives 26
2.3 Summary 30
3 Types of Risk Receptors / Targets 33
3.1 What is Cybersecurity Risk 35
3.2 What are Common Cybersecurity Targets? 38
3.3 Types of Cybersecurity Consequences 43
3.4 Summary 45
4 Threat Sources and Types of Attacks 47
4.1 Non-Targeted Attacks 49
4.2 Targeted Attacks 53
4.3 Advanced Persistent Threats (APT) 58
4.4 Summary 62
5 Who Could Create a Cyber Risk? Insider vs Outsider Threats 65
5.1 Insider Cybersecurity Risk 65
5.2 Outsider Cybersecurity Risk 69
5.3 Summary 71
6 Case Histories 73
6.1 Maroochy Shire 73
6.2 Stuxnet 77
6.3 German Steel Mill 81
6.4 Ukrainian Power Grid 84
6.5 NotPetya 91
6.6 Triton 95
6.7 Düsseldorf Hospital Ransomware 99
6.8 SolarWinds 101
6.9 Florida Water System 105
6.10 Colonial Pipeline Ransomware 107
6.11 Summary 110
Part 2: Integrating Cybersecurity Management into the Process Safety Framework 113
7 General Model for Understanding Cybersecurity Risk 113
7.1 Cybersecurity Lifecycle 113
7.2 Integrated Cybersecurity and Safety Lifecycle 121
7.3 NIST Cybersecurity Framework 129
7.4 Summary 138
8 Designing a Secure Industrial Automation and Control System 141
8.1 The Disconnect between IT and OT Risk Management 141
8.2 Inherently Safer vs Inherently More Secure 146
8.3 Defense-in-Depth 149
8.4 Network Segmentation 153
8.5 System Hardening 173
8.6 Security Monitoring 176
8.7 Risk Compatibility Assessment 180
8.8 Summary 182
9 Hazard Identification and Risk Analysis (HIRA) 183
9.1 Use of Process Safety Tools to Identify and Manage Cybersecurity Risk 185
9.2 Qualitative Methods 187
9.3 Quantitative Methods 217
9.4 How to Prioritize Risk Reduction Measures? 231
9.5 Revalidation/Reassessment 232
9.6 Summary 233
10 Manage the Risk 235
10.1 Management Approach 235
10.2 Initial Steps 236
10.3 Cybersecurity Culture 240
10.4 Compliance with Standards 242
10.5 Cybersecurity Competency 246
10.6 Workforce Involvement 248
10.7 Stakeholder Outreach 251
10.8 Process Knowledge Management 252
10.9 Operating Procedures 256
10.10 Safe Work Practices 259
10.11 Management of Change 262
10.12 Asset Integrity and Reliability 266
10.13 Contractor Management 272
10.14 Training and Performance Assurance 275
10.15 Operational Readiness 278
10.16 Conduct of Operations 281
10.17 Emergency Management 285
10.18 Incident Investigation 290
10.19 Measurements and Metrics 295
10.20 Auditing 300
10.21 Management Review and Continuous Improvement 304
10.22 Summary 307
11 Implementing a Holistic Approach to Safety and Cybersecurity 311
11.1 Cybersecurity Management Systems (CSMS) 312
11.2 Integrating CSMS with Process Safety Management 327
11.3 Summary 334
Part 3: Where Do We Go from Here? 337
12 What’s Next? A Look at Future Development Opportunities 337
12.1 Cybersecurity Adoption Trends 338
12.2 Emerging Technologies 350
12.3 Summary 353
13 Available Resources 355
13.1 Local, Regional, and Global Topics 355
13.2 Cybersecurity Incident Repositories 362
13.3 Competency Requirements and Training Availability 363
13.4 Administration vs Accountability Functions 368
13.5 Summary 370
Appendix A Excerpt from NIST Cybersecurity Framework 371
Appendix B Detailed Cybersecurity PHA and LOPA Example 377
B.1 System Basis 377
B.2 Initial Risk Assessment 382
B.3 Detailed Risk Assessment (Cyber PHA/HAZOP) 387
B.4 LOPA/ Semi-Quantitative SL Verification 405
Appendix c Example Cybersecurity Metrics 411
Appendix D Cybersecurity Sample Audit Question List 413
Appendix E Management System Review Examples 419
References 421
Index 437
The Center for Chemical Process Safety (CCPS) has been the world leader in developing and disseminating information on process safety management and technology since 1985. The CCPS, an industry technology alliance of the American Institute of Chemical Engineers (AIChE), has published over 100 books in its process safety guidelines and process safety concepts series, and over 30 training modules through its Safety and Chemical Engineering Education (SAChE) series. CCPS is supported by the contributions and voluntary participation of more than 200 companies globally.
|
Ask a Question About this Product More... |
|
