Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure

This is the most detailed SCADA security book I've come across.

This book was my first serious look into an relevant approach to Critical Infrastructure security issues and vulnerabilities. While the authors avoided "details", the design of the material makes is clear at least where to start. A very easy but compelling read and perfect for the Kindel.

Product received as advertised, and fast shipping.

The book was basic for me. I already understood the core of grid technology and power transmission. I'm not sure what I expected.

Imagine if the smart guys from the SANS Institute came to the Federal Energy Regulatory Commission (FERC) and told them there it was impossible that the smart grid could be effectively secured. What are the chances that FERC and other state regulators would put the brakes on this new modern power infrastructure? The reality is that the chances would be very low, as the smart grid is coming hell or high water.With that, the smart grid in its full-form is imminent and it is anybody's guess on how secure it ultimately will be. In Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure, authors Eric Knapp and Raj Samani provide and excellent overview on what the smart grid is and how it can be secured. The book offers many glimmers of hope from a security and privacy perspective. The hope can shine if the security controls are correctively and effectively implemented.Knapp is a veteran SCADA and smart grid security guru. His previous book Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems, which I reviewed here, is an equally valuable resource.The book provides an introduction to the smart grid, details its architecture, and then enumerates the security and privacy issues around it. There are numerous security models for SCADA and the smart grid which the book enumerates.For those looking for a detailed and technical introduction to smart grid security and a synopsis of the security and privacy issues, Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure is a great place to start.

Applied Cyber Security and the Smart Grid, written by Eric D. Knapp and Raj Samani, is an innovative book, as it offers a way in which we can implement security controls in the modern power infrastructure. It was exciting to find a book that was completely relevant and up to date in this field of research. Generally literature detailing the security concerns with the smart grid, focus on SCADA control system issues, ramble on about how Stuxnet was really bad and how we should have known better, or the inherent need for IT security policies. Thankfully, this is not the case in this publication.Divided into 8 chapters, this book doesn't just focus on the security implications for the smart grid, but also details the environmental and economical factors involved. Case studies help explain security vulnerabilities and associated threats, and these connections are illustrated in figures and reference diagrams throughout the book. Furthermore, details on exploitation of these vulnerabilities are provided, as are examples of how cyber attacks on the power infrastructure can affect society. This offers the reader a well rounded understanding of why security controls needs to be implemented into the modern power infrastructure.Also, in order to make the reader understand how these vulnerabilities can affect them, the authors detail the privacy concerns related to the smart meter. The information the power industry possess on a home user could be used in a malicious way. The smart grid vulnerability conundrum is bigger than that, but the authors assert that the problem can be fixed with tailored security mechanisms, and that's comforting to the reader.The most notable point, in my opinion, is the interconnectedness of the smart grid. This is particularly concerning as you can draw a line from a customer's energy management system (EMS) in their home, all the way to the bulk energy control system and G-SCADA system in the smart grid. This large-scale distribution of systems makes it challenging to effectively segment these systems resulting in an architecture that makes it relatively easy for an attack to move between systems. For the reader unfamiliar with the area, an overview is provided on what the smart grid is; the components present, and the key security and privacy vulnerabilities associated. Also, there is a detailed glossary for those new to some of the industry terms, and this is quite helpful.For those familiar with the topic, you can use the index and go to areas of interest. Detailed examples of how the security vulnerabilities in the smart grid can have major impact on society, with balanced threat analysis and protection mechanisms, is present, but at no time does it seem like we are being bombarded with information. It explains how you, the reader, could be affected by data breaches and malicious threats. While giving the reader insight into the weaknesses within the energy infrastructure, and providing them with tools for protection, they are also given a list of sources for further reading.The accessibility of the book is what compels me to highly recommend it. Written in a friendly, informal manner, the authors invite the reader to gain an insight of the area. There is also an invitation to discuss the topic, to question and address any concerns with them through social media. Not many authors openly give permission for the reader to critique their work, and I think it is this approachable style that made this book even more enjoyable.The experience of the authors in the cyber security and smart grid field is evident throughout the book. Eric D. Knapp brings a wealth of knowledge and firsthand experience of industrial control cyber security. His current role promoting the advancement of embedded security technology for the protection of SCADA and industrial control systems clearly brings substance to their future work claims. Raj Samani is currently working as the VP, Chief Technical Officer for McAfee, with previous experience in cyber security and research orientated working groups. Joel Langill, the technical editor of the book is referenced quite often throughout, as is his website [...] Joel's proven experience with integrated industrial control system architecture and design, functional safety, and operational security skills make him the perfect editor, to compliment the knowledge of the authors.The authors, in their approach, have made a book that can be enjoyed by both the reader with a technical understanding of the area, and by the reader who isn't totally au fait with it, or why we should be worried about the associated vulnerabilities. All in all, I would wholly recommend this book as it is an exciting topic that is often overlooked or deemed exaggerated and irrelevant.

I found the "Applied Cyber Security and the Smart Grid" an enjoyable read and a decent overview of the rapidly changing domain. Coming from the background of being an embedded system architect with CISSP certification and worked previously within the nuclear industry, I can attest to the difficulty in bridging security and "smart grid" domains. That is why I found the structure of the book flow well from:Chapter 1 What is the Smart Grid,Chapter 2 Smart Grid Network Architecture,Chapter 3 Hacking the Smart Grid,Chapter 4 Privacy Concerns with the Smart Grid,Chapter 5 Security Models for SCADA, ICS, and Smart Grid,Chapter 6 Securing the Smart Grid,Chapter 7 Securing the Supply Chain, and finally,Chapter 8 The Future of the GridI am glad supply chain got discussed, as this is one area that is shared in importance not only in the smart grid, but across many regulated industries, including the defense industry. To point out what is going on in the business world, the trend on US company going inversion, if the trend get so bad that tech companies start to join the bandwagon, you can bet our supply chain security just got more complicated.I do wish that Eric would've dig deeper in the chapter covering security models for SCADA, ICS, and Smart Grid like he did in his previous book on Industrial Network Security. Otherwise, decent book.