Practical Industrial Internet of Things Security电子书

Title Page

Copyright and Credits

Practical Industrial Internet of Things Security

Dedication

Packt Upsell

Why subscribe?

PacktPub.com

Foreword

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Disclaimer

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Reviews

An Unprecedented Opportunity at Stake

Defining the Industrial IoT

Industrial IoT, Industrial Internet, and Industrie 4.0

Consumer versus Industrial IoT

Industrial IoT security – a business imperative

Cybersecurity versus cyber-physical IoT security

What is a cyber-physical system?

Industrial "things," connectivity, and operational technologies

Operational technology

Machine-to-Machine

An overview of SCADA, DCS, and PLC

Industrial control system architecture

ICS components and data networks

ICS network components

Fieldbus protocols

IT and OT convergence – what it really means

Industrial IoT deployment architecture

Divergence in IT and OT security fundamentals

Operational priorities

Attack surface and threat actors

Interdependence of critical infrastructures

Industrial threats, vulnerabilities, and risk factors

Threats and threat actors

Vulnerabilities

Policy and procedure vulnerabilities

Platform vulnerabilities

Software platform vulnerabilities

Network vulnerability

Risks

Evolution of cyber-physical attacks

Industrial IoT use cases – examining the cyber risk gap

Energy and smart grids

Manufacturing

Cyberattack on industrial control systems – Stuxnet case study

Event flow

Key points

Risk gap summary

Smart city and autonomous transportation

Healthcare and pharmaceuticals

The ransomware attack on the healthcare enterprise – "WannaCry" case study

Cyber risk gap summary

Summary

Industrial IoT Dataflow and Security Architecture

Primer on IIoT attacks and countermeasures

Attack surfaces and attack vectors

OWASP IoT attack surfaces

Attack trees

Fault tree analysis

Threat modeling

STRIDE threat model

DREAD threat model

Trustworthiness of an IIoT system

Industrial big data pipeline and architectures

Industrial IoT security architecture

Business viewpoint

Usage viewpoint

Functional viewpoint

Implementation viewpoint

IIoT architecture patterns

Pattern 1 – Three-tier architectural model

Pattern 2 – Layered databus architecture

Building blocks of industrial IoT security architecture

A four-tier IIoT security model

Summary

IIoT Identity and Access Management

A primer on identity and access control

Identification

Authentication

Authorization

Account management

Distinguishing features of IAM in IIoT

Diversity of IIoT endpoints

Resource-constrained and brownfield considerations

Physical safety and reliability

Autonomy and scalability

Event logging is a rarity

Subscription-based models

Increasing sophistication of identity attacks

Risk-based access control policy

Identity management across the device lifecycle

Authentication and authorization frameworks for IIoT

Password-based authentication

Biometrics

Multi-factor authentication

Key-based authentication

Symmetric keys

Asymmetric keys

Zero-knowledge keys

Certificate-based authentication

Trust models – public key infrastructures and digital certificates

PKI certificate standards for IIoT

ITU-T X.509

IEEE 1609.2

Certificate management in IIoT deployments

Extending the OAuth 2.0 authorization framework for IoT access control

IEEE 802.1x

Identity support in messaging protocols

MQTT

CoAP

DDS

REST

Monitoring and management capabilities

Activity logging support

Revocation support and OCSP

Building an IAM strategy for IIoT deployment

Risk-based policy management

Summary

Endpoint Security and Trustworthiness

Defining an IIoT endpoint

Motivation and risk-based endpoint protection

Resource-constrained endpoint protection

Brownfield scenario considerations

Endpoint security enabling technologies

IIoT endpoint vulnerabilities

Case study – White hack exposes smart grid meter vulnerability

Use case

Developing the exploit

Demonstration

Establishing trust in hardware

Hardware security components

Root of trust – TPM, TEE, and UEFI

Securing secrets, or sealing

Endpoint identity and access control

Initialization and boot process integrity

Establishing endpoint trust during operations

Secure updates

A trustworthy execution ecosystem

Endpoint data integrity

Endpoint configuration and management

Endpoint visibility and control

Endpoint security using isolation techniques

Process isolation

Container isolation

Virtual isolation

Physical isolation

Endpoint physical security

Machine learning enabled endpoint security

Endpoint security testing and certification

Endpoint protection industry standards

Summary

Securing Connectivity and Communications

Definitions – networking, communications, and connectivity

Distinguishing features of IIoT connectivity

Deterministic behavior

Interoperability – proprietary versus open standards

Performance characteristics – latency, jitter, and throughput

Legacy networks with disappearing air gaps

Access to resource-constrained networks

Massive transition by connecting the unconnected

IIoT connectivity architectures

Multi-tier IIoT-secured connectivity architecture

Layered databus architecture

Controls for IIoT connectivity protection

Secure tunnels and VPNs

Cryptography controls

Network segmentation

Industrial demilitarized zones

Boundary defense with firewalls and filtering

Comprehensive access control

Core and edge gateways

Unidirectional gateway protection

Asset discovery, visibility, and monitoring

Physical security – the first line of defense

Security assessment of IIoT connectivity standards and protocols

Fieldbus protocols

Connectivity framework standards

Data Distribution Service

DDS security

oneM2M

oneM2M security

Open Platform Communications Unified Architecture (OPC UA)

OPC UA security

Web services and HTTP

Web services and HTTP security

Connectivity transport standards

Transmission Control Protocol (TCP)

TCP security

User Datagram Protocol (UDP)

UDP security

MQTT and MQTT-SN

MQTT security

Constrained Application Protocol (CoAP)

CoAP security

Advanced Message Queuing Protocol (AMQP)

Connectivity network standards

Data link and physical access standards

IEEE 802.15.4 WPAN

IEEE 802.11 wireless LAN

Cellular communications

Wireless wide area network standards

IEEE 802.16 (WiMAX)

LoRaWAN

Summary

Securing IIoT Edge, Cloud, and Apps

Defining edge, fog, and cloud computing

IIoT cloud security architecture

Secured industrial site

Secured edge intelligence

Secure edge cloud transport

Secure cloud services

Cloud security – shared responsibility model

Defense-in-depth cloud security strategy

Infrastructure security

Identity and access management

Application security

Microservice architecture

Container security

Credential store and vault

Data protection

Data governance

Data encryption

Key and digital certificate management

Securing the data life cycle

Cloud security operations life cycle

Business continuity plan and disaster recovery

Secure patch management

Security monitoring

Vulnerability management

Threat intelligence

Incident response

Secure device management

Cloud security standards and compliance

Case study of IIoT cloud platforms

Case study 1 – Predix IIoT platform

Case study 2 – Microsoft Azure IoT

Case study 3 – Amazon AWS IoT

Cloud security assessment

Summary

Secure Processes and Governance

Challenges of unified security governance

Securing processes across the IIoT life cycle

Business cases

System definitions

Development

Deployment

Evaluating security products

Operations

Understanding security roles

Solution provider

Hardware manufacturers

Industry governance

Solution owner

Elements of an IIoT security program

Risk assessment

Regulatory compliance

Security policy

Security monitoring

Security analysis

Incident response and management

Security audits

Security maturity model

Implementing an IIoT security program

Establishing an IIoT security team

Deciding on regulatory compliance

Assessing and managing risks

Managing third-party security

Enforcing the security policy

Continuous monitoring and analysis

Conducting security training

Implementing incident management

Defining security audits

Security revisions and maturity

Summary

IIoT Security Using Emerging Technologies

Blockchain to secure IIoT transactions

Public and private blockchains

Digital identity with blockchains

Securing the supply chain

Blockchain challenges

Cognitive countermeasures – AI, machine learning, and deep learning

Practical considerations for AI-based IIoT security

Time-sensitive networking – Next-gen industrial connectivity

Time synchronization

Traffic scheduling

Network and system configuration

TSN security

Other Promising Trends

Summary

Real-World Case Studies in IIoT Security

Analysis of a real-world cyber-physical attack

Background and impact

The sequence of events

Exploit loopholes to perform the attack

Trigger the attack with impact

Impair operations and delay recovery

Inside the attack anatomy

Reconnaissance

Spear phishing

Credential theft

Data exfiltration

Remote access exploit

Impair recovery – Malicious firmware, TDOS, and UPS failure

Cyber-physical defense – Lessons learned

Case study 2 – Building a successful IIoT security program

Background

Defining the security program

Implementation

Concluding remarks

Case study 3 – ISA/IEC 62443 based industrial endpoint protection

Background

Solution

Concluding remarks

Summary

The Road Ahead

An era of decentralized autonomy

Endpoint security

Standards and reference architecture

Industrial collaboration

Interoperability

Green patches in brownfield

Technology trends

Summary

I

II

Security standards – quick reference

Device endpoint security

Industrial connectivity infrastructure security

Edge-cloud security

Other Books You May Enjoy

Leave a review - let other readers know what you think