Details
Managing Cybersecurity in the Process Industries
A Risk-based Approach1. Aufl.
|
139,99 € |
|
| Verlag: | Wiley |
| Format: | |
| Veröffentl.: | 05.04.2022 |
| ISBN/EAN: | 9781119861799 |
| Sprache: | englisch |
| Anzahl Seiten: | 480 |
DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.
Beschreibungen
The chemical process industry is a rich target for cyber attackers who are intent on causing harm. Current risk management techniques are based on the premise that events are initiated by a single failure and the succeeding sequence of events is predictable. A cyberattack on the Safety, Controls, Alarms, and Interlocks (SCAI) undermines this basic assumption. Each facility should have a Cybersecurity Policy, Implementation Plan and Threat Response Plan in place. The response plan should address how to bring the process to a safe state when controls and safety systems are compromised. The emergency response plan should be updated to reflect different actions that may be appropriate in a sabotage situation. IT professionals, even those working at chemical facilities are primarily focused on the risk to business systems. This book contains guidelines for companies on how to improve their process safety performance by applying Risk Based Process Safety (RBPS) concepts and techniques to the problem of cybersecurity.
<p>Table of Contents v</p> <p>List of Figures xi</p> <p>List of Tables xiii</p> <p>Acronyms and Abbreviations xvii</p> <p>Glossary xxiii</p> <p>Acknowledgments xxix</p> <p>Preface xxxiii</p> <p><b>Part 1: Introduction, Background, and History of Cybersecurity 1</b></p> <p><b>1 Purpose of this Book 1</b></p> <p>1.1 Target Audience 6</p> <p>1.2 What is Cybersecurity? 6</p> <p>1.3 What is Operational Technology (OT)? 10</p> <p>1.4 Which industries have OT? 13</p> <p>1.5 Scope 15</p> <p>1.6 Organization of the Book 17</p> <p><b>2 Types of Cyber-Attacks, Who Engages in Them and Why 19</b></p> <p>2.1 Types of Cyber-Attacks 19</p> <p>2.2 Who Commits Cybercrimes and Their Motives 26</p> <p>2.3 Summary 30</p> <p><b>3 Types of Risk Receptors / Targets 33</b></p> <p>3.1 What is Cybersecurity Risk 35</p> <p>3.2 What are Common Cybersecurity Targets? 38</p> <p>3.3 Types of Cybersecurity Consequences 43</p> <p>3.4 Summary 45</p> <p><b>4 Threat Sources and Types of Attacks 47</b></p> <p>4.1 Non-Targeted Attacks 49</p> <p>4.2 Targeted Attacks 53</p> <p>4.3 Advanced Persistent Threats (APT) 58</p> <p>4.4 Summary 62</p> <p><b>5 Who Could Create a Cyber Risk? Insider vs Outsider Threats 65</b></p> <p>5.1 Insider Cybersecurity Risk 65</p> <p>5.2 Outsider Cybersecurity Risk 69</p> <p>5.3 Summary 71</p> <p><b>6 Case Histories 73</b></p> <p>6.1 Maroochy Shire 73</p> <p>6.2 Stuxnet 77</p> <p>6.3 German Steel Mill 81</p> <p>6.4 Ukrainian Power Grid 84</p> <p>6.5 NotPetya 91</p> <p>6.6 Triton 95</p> <p>6.7 Düsseldorf Hospital Ransomware 99</p> <p>6.8 SolarWinds 101</p> <p>6.9 Florida Water System 105</p> <p>6.10 Colonial Pipeline Ransomware 107</p> <p>6.11 Summary 110</p> <p><b>Part 2: Integrating Cybersecurity Management into the Process Safety Framework 113</b></p> <p><b>7 General Model for Understanding Cybersecurity Risk 113</b></p> <p>7.1 Cybersecurity Lifecycle 113</p> <p>7.2 Integrated Cybersecurity and Safety Lifecycle 121</p> <p>7.3 NIST Cybersecurity Framework 129</p> <p>7.4 Summary 138</p> <p><b>8 Designing a Secure Industrial Automation and Control System 141</b></p> <p>8.1 The Disconnect between IT and OT Risk Management 141</p> <p>8.2 Inherently Safer vs Inherently More Secure 146</p> <p>8.3 Defense-in-Depth 149</p> <p>8.4 Network Segmentation 153</p> <p>8.5 System Hardening 173</p> <p>8.6 Security Monitoring 176</p> <p>8.7 Risk Compatibility Assessment 180</p> <p>8.8 Summary 182</p> <p><b>9 Hazard Identification and Risk Analysis (HIRA) 183</b></p> <p>9.1 Use of Process Safety Tools to Identify and Manage Cybersecurity Risk 185</p> <p>9.2 Qualitative Methods 187</p> <p>9.3 Quantitative Methods 217</p> <p>9.4 How to Prioritize Risk Reduction Measures? 231</p> <p>9.5 Revalidation/Reassessment 232</p> <p>9.6 Summary 233</p> <p><b>10 Manage the Risk 235</b></p> <p>10.1 Management Approach 235</p> <p>10.2 Initial Steps 236</p> <p>10.3 Cybersecurity Culture 240</p> <p>10.4 Compliance with Standards 242</p> <p>10.5 Cybersecurity Competency 246</p> <p>10.6 Workforce Involvement 248</p> <p>10.7 Stakeholder Outreach 251</p> <p>10.8 Process Knowledge Management 252</p> <p>10.9 Operating Procedures 256</p> <p>10.10 Safe Work Practices 259</p> <p>10.11 Management of Change 262</p> <p>10.12 Asset Integrity and Reliability 266</p> <p>10.13 Contractor Management 272</p> <p>10.14 Training and Performance Assurance 275</p> <p>10.15 Operational Readiness 278</p> <p>10.16 Conduct of Operations 281</p> <p>10.17 Emergency Management 285</p> <p>10.18 Incident Investigation 290</p> <p>10.19 Measurements and Metrics 295</p> <p>10.20 Auditing 300</p> <p>10.21 Management Review and Continuous Improvement 304</p> <p>10.22 Summary 307</p> <p><b>11 Implementing a Holistic Approach to Safety and Cybersecurity 311</b></p> <p>11.1 Cybersecurity Management Systems (CSMS) 312</p> <p>11.2 Integrating CSMS with Process Safety Management 327</p> <p>11.3 Summary 334</p> <p><b>Part 3: Where Do We Go from Here? 337</b></p> <p><b>12 What’s Next? A Look at Future Development Opportunities 337</b></p> <p>12.1 Cybersecurity Adoption Trends 338</p> <p>12.2 Emerging Technologies 350</p> <p>12.3 Summary 353</p> <p><b>13 Available Resources 355</b></p> <p>13.1 Local, Regional, and Global Topics 355</p> <p>13.2 Cybersecurity Incident Repositories 362</p> <p>13.3 Competency Requirements and Training Availability 363</p> <p>13.4 Administration vs Accountability Functions 368</p> <p>13.5 Summary 370</p> <p><b>Appendix A Excerpt from NIST Cybersecurity Framework 371</b></p> <p><b>Appendix B Detailed Cybersecurity PHA and LOPA Example 377</b></p> <p>B.1 System Basis 377</p> <p>B.2 Initial Risk Assessment 382</p> <p>B.3 Detailed Risk Assessment (Cyber PHA/HAZOP) 387</p> <p>B.4 LOPA/ Semi-Quantitative SL Verification 405</p> <p><b>Appendix C Example Cybersecurity Metrics 411</b></p> <p><b>Appendix D Cybersecurity Sample Audit Question List 413</b></p> <p><b>Appendix E Management System Review Examples 419</b></p> <p>References 421</p> <p>Index 437</p>
<p><b>The Center for Chemical Process Safety (CCPS)</b> has been the world leader in developing and disseminating information on process safety management and technology since 1985. The CCPS, an industry technology alliance of the American Institute of Chemical Engineers (AIChE), has published over 100 books in its process safety guidelines and process safety concepts series, and over 30 training modules through its Safety and Chemical Engineering Education (SAChE) series. CCPS is supported by the contributions and voluntary participation of more than 200 companies globally.</p>
<p><b>A resource providing background information, perspectives, techniques, and case histories for assessing and managing cybersecurity threats in the process industries </b></p> <p>This book contains guidelines for companies to improve their process safety performance through the identification, prevention, and mitigation of cybersecurity threats. It explains how to identify, assess, and protect systems with practical techniques and approaches. The reader will learn key points through detailed case histories. <p>Topics covered include: <ul><li>Risk receptors, Targets, Threat Sources and Types of Attacks </li> <li>Integrating Cybersecurity Management into the Process Safety Framework</li> <li>Designing a secure Industrial Automation and Control System</li> <li>How to create a cybersecurity policy, implementation plan and threat response plan</li></ul> <p>Professionals working in the fields of process safety and cybersecurity can use this book to understand better how the two fields interconnect, how to improve process safety cyber security measures, and how to respond to security attacks.
Diese Produkte könnten Sie auch interessieren:
