A
Active Directory server
120Adobe Postscript Document Format (PDF) exploits
46Advanced Metering Infrastructure (AMI)
83–85Advanced Metering Infrastructure (AMI) Headend
107–108,
107fAdvanced persistent diligence
50American National Standards Institute (ANSI)
Application behavior whitelists
202–205Application data monitor
61,
73Application/protocol monitoring
179–181Application whitelisting (AWL)
184–185vs. application behavior whitelists
203Audit, security practices and
309–310Audit and accountability (AU)
16Automated security systems, improper implementation of
311–312Automatic Generation Control (AGC)
35Awareness, vs. real security
304C
Certified Information Systems Security Professional (CISSP) certification
1–2Common criteria (CC), for information technology security evaluation
293–300Common Industrial Protocol (CIP)
78Complacency
303–305real security vs. policy and awareness
304vulnerability assessments vs. zero-days
303–304Compliance requirements, mapping of
Control data storage
functional groups based on
152,
153fControl Network Power Line (PL) Channel Specification
83–84Control system assets
89–97business information consoles
96human machine interfaces (HMIs)
93–94intelligent electronic device (IED)
89–90printers and print servers
96programmable logic controller (PLC)
90–93remote terminal unit (RTU)
90supervisory workstations
94Control system operations
100–106business information management
104–105Covert botnet, command, and control rule
208tCritical Cyber Asset Identification
13Critical digital assets
14Critical infrastructure
8–11critical versus noncritical industrial networks
11electricity generation/distribution, bulk
9–10industrial networks and
7–12Critical Infrastructure Protection Act of 2001
11Critical Infrastructure Protection (CIP)
10,
119Criticality
functional grouping based on
156–159Critical systems, identification of
18–19Cross-source correlation
210Customer information systems
107–108Cyber attack
likeliness vs. consequence
11,
12fCyber Metric 8, of RBPS
251,
252D
Database activity monitors (DAM)
230Data Historians, in security monitoring
236Deep packet inspection (DPI)
166,
167application session inspection vs.
167,
168fDefault accounts/passwords, use of
306Demilitarized zone (DMZ)
12–13Denial of service (DoS)
60,
112Department of Energy (DoE)
250Department of Homeland Security (DHS)
32,
250Device removal and quarantine
144Dial-up connections
perimeters identification and
161Distributed control systems (DCS)
,
116–117Distributed Network Protocol (DNP3)
56,
66–73enabling over unidirectional gateways
181,
182fsecurity recommendations
72–73Distribution management systems
107–108Dynamic Host Configuration Protocol (DHCP)
208–209I
Idaho National Laboratories (INL)
36–37Identification and authentication (IA)
16Identity access management (IAM) systems
225Identity and authentication management (IAM)
155,
200Incident investigation
241Incident Reporting and Response Planning
13Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
37–38Industrial control systems (ICS)
, , ,
8fIndustrial networks
7–12,
25critical infrastructure and
7–12critical versus noncritical
11incidents
34–36,
34fAdobe Postscript Document Format (PDF) exploits
46cyber attack, impact of
35,
36tnon-routable networks
25,
26fIndustrial networks, accessing
123–124common vulnerabilities
127diagnostic access/dial-up access/field access
131–132remote access, VPNs and mobile apps
131unnecessary ports and services
128–130Industrial networks, targeting
116–117disruption and penetration of industrial networks
121–122enumerating industrial networks
120industrial reconnaissance
117Industrial network security, mapping
254–293Industrial Protocol Filters
166Industrial security, recommendations
18–24critical systems, identification of
18–19network segmentation/isolation of systems
20–22,
21f,
22fIndustrial security appliances
218Industrial security devices
Information technology (IT) systems
and OT systems
metrics, anomaly detection and
198Inter Control Center Communication Protocol (ICCP) connections
functional group based on, for trading communication
153–154Inter Control Center Protocol/Telecontrol Application Service Element-2 (ICCP/TASE.2)
56,
61–66malicious behaviors, detection of
65security recommendations
65–66Interior security systems, enclaves
183–185International Electrotechnical Commission (IEC)
18,
252–253International Society of Automation (ISA)
ISA standard 99 (ISA-99)
17–18International Standards Organization (ISO)
18Internet Control Message Protocol (ICMP)
114Intrusion detection system (IDS) devices
Intrusion prevention, defined
172Intrusion prevention system (IPS)
217,
218Intrusion prevention system (IPS) devices
ISA standard 99 (ISA-99)
17–18M
Man-in-the-Middle (MITM) attacks
35,
64Mapping, compliance controls
Mapping, compliance requirements
Meter Data Management Systems
107–108Microsoft Active Directory
200Misconfigurations
305–308default accounts/passwords, use of
306outbound security and monitoring, lack of
306–307Modicon Communication Bus (Modbus)
56–61,
98,
117security recommendations
60–61Monitoring, of enclaves
216–236across secure boundaries
236user identities and authentication
223–225N
National Infrastructure Security Coordination Center (NISCC)
firewall configuration guidelines with enclave variables
170–171tNERC Critical Infrastructure Protection (CIP)
9–10,
13Network anomaly detection
178Network architectures
97–100functional differences in
97tNetwork attached storage (NAS) devices
152Network behavior anomaly detection (NBAD) tool
192,
198–199Network connectivity
functional groups based on
149Network segmentation/isolation of systems
20–22,
21f,
22fNetwork whitelisting
40–41Network whitelisting devices
166Non-routable networks
25,
26fNuclear Regulatory Commission (NRC)
,
13–15O
Object Linking and Embedding for Process Control (OPC)
56,
73–78OPC Express Interface (XI)
75security recommendations
77–78Object Linking and Embedding (OLE) protocol
OPC Express Interface (OPC-XI)
75Open Source Intelligence (OSINT)
44Open Source Security Information Management (OSSIM)
233,
234,
237,
237fOperational technology (OT) systems
and IT systems
metrics, anomaly detection and
198Oracle Identity Management
225Outbound security and monitoring, lack of
306–307Outbound Spambot behavior rule
208tS
Sandia National Laboratories
35SCADA buffer overflow attack
176SCADA Intrusion Detection System/SCADA Intrusion Prevention System (SCADA-IDS/IPS)
Scalability
role in smart grid development
100Secure sockets layer (SSL)
37Securing the Smart Grid: Next Generation Power Grid Security
2–3Security, real
vs.policy and awareness
304Security Device Event Exchange protocol (SDEE), of Cisco
230Security devices
configurations, enclaves and
164–166Security functional requirements (SFR)
299Security management controls
13Security policy development
Sentient Hyper-Optimized Data Access Network (SHODAN)
117SERCOS III Master Data Telegram
119SERCOS (Serial Real-time Communications System) networks
119Serial Real-time Communications System (SERCOS III)
82–83security recommendations
83Session inspection
179application, vs. deep packet inspection
167,
168fSingle-source correlation
Smart Phones, wireless networking in
311Social Engineer Toolkit (SET)
113Social networking sites
113industrial networks incidents and
47–48Standards and organizations
Chemical Facility Anti-Terrorism Standards (CFATS)
11,
16–17Federal Information Security Management Act (FISMA)
11,
15–16Homeland Security Presidential DirectiveSeven (HSPD-7)
,
11,
12–13ISA standard 99 (ISA-99)
17–18NERC Critical Infrastructure Protection (CIP)
9–10,
13NIST, special publications (800 series) of
13,
15–16Nuclear Regulatory Commission (NRC)
,
13–15Standards and regulations
Storage area networks (SAN)
152Strong passwords, use of
306Structured query language (SQL)
237–238Supervisory Control and Data Acquisition demilitarized zone (SCADA DMZ) systems
94,
104–105Supervisory Control and Data Acquisition (SCADA) systems
,
7–8,
116–117functional differences with other network architectures
97,
97tSupervisory workstations
94System and communication protection (SC)
16System and information integrity (SI)
16System requirements (SRs)
17–18Systems security management
13