Critical Infrastructure Security: Cybersecurity lessons learned from real-world breaches

Cover
Title Page
Copyright and Credits
Dedications
Contributors
Table of Contents
Preface
Part 1: Introduction to Critical Infrastructure and Cybersecurity Concepts
What is Critical Infrastructure?
Chemical sector
Impact of a compromised chemical sector
Cyberattack scenarios in the chemical sector
Commercial facilities sector
Impact of a compromised commercial facilities sector
Cyberattack scenarios in the commercial facilities sector
Communications sector
Impact of a compromised communications sector
Cyberattack scenarios in the communications sector
Critical manufacturing sector
Impact of a compromised critical manufacturing sector
Cyberattack scenarios in the critical manufacturing sector
Dams sector
Impact of a compromised dams sector
Cyberattack scenarios in the dams sector
Defense industrial base sector
Impact of a compromised defense industrial base sector
Cyberattack scenarios in the defense industrial base sector
Emergency services sector
Impact of a compromised emergency services sector
Cyberattack scenarios in the emergency services sector
Energy sector
Impact of a compromised energy sector
Cyberattack scenarios in the energy sector
Preventing and mitigating cyberattacks
Financial services sector
Impact of a compromised financial services sector
Cyberattack scenarios in the financial services sector
Food and agriculture services sector
Impact of a compromised food and agriculture sector
Cyberattack scenarios in the food and agriculture services sector
Government facilities sector
Impact of a compromised government facilities sector
Cyberattack scenarios in the government facilities sector
Healthcare and public health sector
Impact of a compromised healthcare and public health sector
Cyberattack scenarios in the healthcare and public health sector
Information technology sector
Impact of a compromised information technology sector
Cyberattack scenarios in the information technology sector
Nuclear reactors, materials, and waste sector
Impact of a compromised nuclear reactor sector
Cyberattack scenarios in the nuclear reactor sector
Transportation system sector
Impact of a compromised transportation system sector
Cyberattack scenarios in the transportation system sector
Water and wastewater sector
Impact of a compromised water and wastewater sector
Cyberattack scenarios in the water and wastewater sector
Summary
References
Chapter 2: The Growing Threat of Cyberattacks on Critical Infrastructure
A brief history of CI protection and attacks
The impact of the 9/11 attacks on CI
Same old attacks throughout history
Executive order 13010
Evolution of a nation’s CI protection posture
Evolution of cyberattacks and countermeasures
The state of CI in the face of cyberattacks
COVID-19-period cyberattack landscape
The Colonial Pipeline ransomware attack
Attacks in 2023
National cybersecurity strategies
Summary
References
Chapter 3: Critical Infrastructure Vulnerabilities
Understanding the difference between threat, vulnerability, and risk
Vulnerability
Threat
Risk
Vulnerability assessment
Scope definition
Asset inventory
Threat modeling
Vulnerability scanning
Manual assessment
Risk prioritization
Remediation planning
Verification and validation
Ongoing monitoring
Reporting and documentation
Security vulnerability management life cycle
Discovery
Assessment and prioritization
Notification
Remediation or mitigation
Verification and validation
Monitoring and continuous assessment
End of life
Most common vulnerabilities and threats in CI
Inadequately secured industrial control systems (ICS)
Common vulnerabilities in industrial control systems (ICS)
Ransomware targeting CI
Supply chain attacks on CI components
Legacy systems and lack of security updates
Physical security breaches
Internet of Things (IoT) vulnerabilities
Summary
References
Part 2: Dissecting Cyberattacks on CI
Chapter 4: The Most Common Attacks Against CI
DDoS attack
Volumetric attacks
Reflection and amplification attacks
Resource depletion attacks
Protocol-based attacks
Application layer attacks
Ransomware attack
Infection
Encryption
Ransom note
Ransom payment
Data recovery
No guarantee of data recovery
Supply chain attack
Scope of attack
Attack vector
Stealth and persistence
Data exfiltration
Software supply chain attacks
Hardware supply chain attacks
Impersonation and trust exploitation
Mitigation challenges
Notable examples
APT
Phishing
The anatomy of a phishing attack
Impersonation and trust exploitation
Pretexting and urgency
Mimicking authority figures
Deception and lure
Malicious links and attachments
Why do phishing tactics persist?
Common unpatched vulnerabilities
The significance of timely patching
Summary
References
Chapter 5: Analysis of the Top Cyberattacks on Critical Infrastructure
Stuxnet attack on Iran’s nuclear program (2010)
Ukrainian power grid attack (2015)
Dyn attack on internet infrastructure (2016)
WannaCry (2017)
NotPetya (2017)
SolarWinds attack (2020)
Colonial Pipeline ransomware attack (2021)
Summary
References
Part 3: Protecting Critical Infrastructure
Chapter 6: Protecting Critical Infrastructure – Part 1
Network security and continuous monitoring
Network segmentation
Access control
Intrusion detection and prevention systems
Virtual private networks (VPNs)
Security audits and penetration testing
Honeypots and deception technologies
Zero trust architecture
Security monitoring
Security policy and frameworks
NIST cybersecurity framework
ISO/IEC 27001 and ISO/IEC 27002
NERC CIP
The Department of Homeland Security (DHS) critical infrastructure security framework
HITRUST CSF
CIS Controls
Summary
References
Chapter 7: Protecting Critical Infrastructure – Part 2
Systems security and endpoint protection
Antivirus/antimalware protection
Firewalls
Host IDS/IPS
EDR
Application security
Secure software development life cycle
Code reviews and static analysis
Authentication and authorization hardening
Data encryption
Session management
Security patching and updates
Penetration testing
Logging and monitoring
IR and data recovery
Summary
References
Chapter 8: Protecting Critical Infrastructure – Part 3
IR
IR history
IR planning
Security culture and awareness
Interconnectivity of critical infrastructure
Cascading effects of a cyberattack
Responsibility to safeguard critical assets
Insider threats
Teamwork and information sharing
Executive orders
Executive Order 13010 – Critical Infrastructure Protection (1996)
Executive Order 13231 – Critical Infrastructure Protection in the Information Age (2001)
Homeland Security Presidential Directive 7 (HSPD-7) – Critical Infrastructure Identification, Prioritization, and Protection (2003)
Executive Order 13636 – Improving Critical Infrastructure Cybersecurity (2013)
Presidential Policy Directive 21 (PPD-21) – Critical Infrastructure Security and Resilience (2013)
Executive Order 13873 – Securing the Information and Communications Technology and Services Supply Chain (2019)
Executive Order 13870 – America’s Cybersecurity Workforce (2019)
Executive Order 13865 – Coordinating National Resilience to Electromagnetic Pulses (2019)
Executive Order 13905 – Strengthening National Resilience through Responsible Use of Positioning, Navigation, and Timing Services (2020)
Executive Order 14028 – Improving the Nation’s Cybersecurity (2021)
Executive Order 14110 – Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (2023)
Summary
References
Part 4: What’s Next
Chapter 9: The Future of CI
Increment and innovation of cybersecurity measures
More robust encryption implementation
Human factor and training
PPPs
Resilience and recovery
Integration of IoT and smart technologies
Supply chain security
Advancements in threat detection technologies
Greater regulatory and compliance requirements
Cross-sector collaboration
Summary
Conclusion
References
Index
Other Books You May Enjoy