Index
A
Advanced Local Emergency Response Team (ALERT),
233
American National Standards Institute (ANSI),
210
Ammonium Nitrate and Fuel Oil (ANFO),
243
Animal Liberation Front (ALF),
236
attack techniques, in SCADA systems
Man-In-The-Middle Attacks (MITM),
182
Awareness intra-preneur,
162
B
battery-operated lights
spots and floodlights,
210
BHMA/ANSI Standards
transformation of convention lock,
203
156.30 version
surreptitious entry resistance tests,
214
biometric authentication systems, SCADA security
factors for authentication,
257
measurement tools
fingerprints analysis,
263
vulnerabilities
bomb threat planning
explosive device components
target hardening
employee identification,
246
outside of work environment,
245
terrorist profiles
domestic terror targets,
236
formalized terror groups,
237
International terror targets,
236–237
terror target classification
commercial and transportation targets,
239
infrastructure target,
238
British Columbia Institute of Technology (BCIT),
174–175
Builders Hardware Manufacturers Association (BHMA),
210
C
Charlotte Fire Department (CFD),
233
communication protocols, in SCADA,
70–71
conventional pin tumbler lock
security enhancements
Crime deterrent technique,
244
Critical Infrastructure Information (CII) Act of 2002,
99–100
D
distributed control system (DCS),
66–67
double-detainer locking theory,
195
E
electronic manipulation authentication,
268–269
emergency planning
communication
family radio service (FRS) radio,
236
plain old telephone system (POTS) line,
236
specific area message encoding (SAME) alert radio,
236–315
family
lighting
spots and floodlights,
236
pantry
personal
power
portable and backup electric generators,
236
portable 12-volt inverters,
236–313
UPS and battery backup,
236
workforce
Environmental Liberation Front (ELF),
236
F
facial recognition technology,
261–262
fear-uncertainty-doubt (FUD) factor,
103
firewall architectures
application-level gateway,
85–86
circuit-level gateway,
84–85
deep packet inspection firewall,
88
intrusion prevention system (IPS),
87
stateful packet filtering,
83
static packet filter,
82–83
unified threat management (UTM),
89
firewall security infrastructure,
85–86
G
generic pin tumbler mechanism,
192
Gramm-Leach-Bliley Act,
159
H
hand geometry biometric system,
263
Health Insurance Portability and Accessibility Act (HIPAA),
272
Human Machine Interface (HMI),
66,
173
I
Improvised Explosive Device (IED),
239,
243
Information delivery channels,
146
Information security awareness program
business plan presentations,
147–148
and communication failure,
157
financial (money) source for,
148–149
information delivery channels,
146
internal consultants,
161
Manager’s Quick Reference Guide,
158
online orientation program,
154
program measurement
awareness quotient survey,
165
quality management process,
164
Quick Reference Guide
post-acceptance package,
157
sensitive information,
153
Information Security Web site,
154
Insider information theft,
234
Internal and external Security Incidents,
174
International Engineering Consortium (IEC),
66
Internet protocol Ethernet,
177
Intrusion Protection Devise (IPS),
175,
181
K
L
Letter of Authorization (LOA),
120
locks, in SCADA systems
Abus Diskus No. 24 lock,
9–10
lock-picking equipment,
13–15
pin tumbler Master brand padlock,
Sargent & Greenleaf 8077AD,
10–12
warded padlock,
M
Manager’s Quick Reference Guide,
158
Man-In-The-Middle Attacks (MITM),
182
modern pin tumbler lock
N
National Institute of Standards and Technology (NIST),
98
National Security Agency (NSA),
97
NERC Critical Infrastructure Protection (CIP) Standards,
99
North American Electric Reliability Council (NERC),
97,
99
NSA INFOSEC Assessment Methodology (IAM),
97,
124
NSA INFOSEC Evaluation Methodology (IEM),
97,
124,
127
O
Organizational Information Criticality Matrix (OICM),
110
organizational vulnerabilities
documentation review and interviews,
123
system demonstrations and observations,
124
Organization for Optimal Power Supply (OOPS)
business description and mission statement,
108
critical information,
109
impact considerations,
110
organizational criticality,
113
P
physical security, in SCADA systems
dumpster diving process,
18–20
key control in locks,
3–4
social engineering skills
corporate/agency phonebooks,
23–24
motion-sensing light controls,
33–34
private branch exchange (PBX),
31–32
tailgating technique,
21,
24
video security logs,
32–33
pin tumbler lock
conventional cylinder,
197
Programmable Logic Controllers (PLC)
continuous control applications,
65–66
discrete control applications,
65
Q
Quick Reference Guide
post-acceptance package,
157
sensitive information,
153
R
Remote Terminal Units (RTUs),
65,
178
retinal scan technology,
263
S
SCADA security
biometric authentication systems
fingerprint analysis,
263
information protection requirements,
98–100
logical flow diagram,
100
on-site assessment process
NSA baseline INFOSEC classes and categories,
123
organizational vulnerabilities,
123–124
post assessment process
final report creation,
128
pre-assessment process
assessment plan components,
120–122
information criticality matrix,
110–113
logical and physical boundaries,
117
organizational mission,
107
rules of engagement, customer concerns, and constraints,
117–120
pre-project process
baseline/repeated assessment,
106
regulatory and policy requirements,
105
researching organization,
104
vetting assessment request,
102
Secure network management
business partner links,
180
configured firewalls,
180
network access control,
176
secure wide area network perimeter,
175
transmitting non-routable protocol,
176–177
two-factor authentication,
176
vendor support agreements,
178
wide area network perimeter,
175
Security Event Management System (SEMS),
180–181
security vulnerabilities,
126
Sequel Query Language (SQL),
180
Six Sigma quality management process
awareness quotient chart,
165
Slurries and ditching charges,
243
sound amplification devices
amplified listening device,
35
radioshack amplified listener,
36
Supervisory Control and Data Acquisition (SCADA) systems,
238
attack techniques
Man-In-The-Middle Attacks (MITM),
182
backup and recovery of,
176
communication protocols,
70–71
components
distributed control system (DCS),
66–67
Programmable Logic Controllers (PLC),
65–66
Remote Terminal Unit (RTU),
65
components and functions of,
173
firewall architectures
application-level gateway,
85–86
circuit-level gateway,
84–85
deep packet inspection firewall,
88
intrusion prevention system (IPS),
87
stateful packet filtering,
83
static packet filter,
82–83
unified threat management (UTM),
89
firewall tool
multi-network connectivity,
79–80
positive and negative security models,
79
reactive and proactive solutions,
80–81
internal and external security incidents,
174
network architecture,
68–70
risk determination
security issues
British Columbia Institute of Technology (BCIT) report,
71–72
high-level weaknesses,
74
TCP/IP error handling,
73
vs. distributed control systems,
67
T
technical security, in SCADA systems
destroyed disk drive,
16–17
digital Shredder device,
15–16
sound amplification devices,
35–36
technical vulnerabilities,
124
customer communication,
127
enumeration activities,
125
tools for IEM baseline activities,
127
vulnerability identification activities,
125–126
terror targets, classification
commercial and transportation targets,
239
infrastructure target,
238
touch point communications,
156
U
UL (Underwriters Laboratories) 437 Standards
deficiencies
forced entry resistance test,
206
picking and impressioning techniques,
205–206
transformation of convention lock,
203
unified threat management (UTM)
in firewall SCADA systems,
89
reactive signature-based systems,
81
V
W
Water Infrastructure Security Enhancement (WISE),
99
workforce continuity
Y