CRC Press; crcpress.com; 383 pages; $99.95.
This book represents a comprehensive overview of SCADA and control system security issues and analysis. The contributors to this book are people with significant qualifications in the areas of information technology and control system security.
The book is well laid out in a format of progressive layers of information, each subsequent section supplementing and building on the previous section. Without a doubt, this comprehensive rendering of SCADA/control system security provides a valuable handbook resource. As a resource, it will best serve those with a background in information technology or operational technology knowledge. It is a somewhat technical publication and offers an intermediate to advanced view of operational technology protection. Even so, aspects of the book go right back to security foundations, such as risk management, physical security applications, and exercises that any security practitioner can learn from.
This book follows a standard format for information security management, but stops short of being a framework rendering by providing good, supplementary information to help the reader understand issues like threat vectors and threat actors in more detail. All in all, for those with the necessary background to understand the technical details in this book, it will serve as a good resource for SCADA and control system security management, an area that is in need of resources at this time. It could be used as a textbook for courses on this subject.
One caveat to apply to this book is the need for annual review and updating, given that the current state of SCADA and control system security will undoubtedly continue to change with improved standards, security applications, and threat dynamics. This edition, however, serves the current industry well.
Reviewer: Doug Powell, CPP, PSP, is employed by British Columbia Hydro as manager of security, privacy, and safety for the smart metering program. He has more than 30 years’ experience in the security industry. He is a council vice president and a former chair of ASIS’s Critical Infrastructure Working Group.