Critical Infrastructure Security: Cybersecurity lessons learned from real-world breaches

Cover
Title Page
Copyright and Credits
Dedications
Contributors
Table of Contents
Preface
Part 1: Introduction to Critical Infrastructure and Cybersecurity Concepts
What is Critical Infrastructure?
	Chemical sector
		Impact of a compromised chemical sector
		Cyberattack scenarios in the chemical sector
	Commercial facilities sector
		Impact of a compromised commercial facilities sector
		Cyberattack scenarios in the commercial facilities sector
	Communications sector
		Impact of a compromised communications sector
		Cyberattack scenarios in the communications sector
	Critical manufacturing sector
		Impact of a compromised critical manufacturing sector
		Cyberattack scenarios in the critical manufacturing sector
	Dams sector
		Impact of a compromised dams sector
		Cyberattack scenarios in the dams sector
	Defense industrial base sector
		Impact of a compromised defense industrial base sector
		Cyberattack scenarios in the defense industrial base sector
	Emergency services sector
		Impact of a compromised emergency services sector
		Cyberattack scenarios in the emergency services sector
	Energy sector
		Impact of a compromised energy sector
		Cyberattack scenarios in the energy sector
		Preventing and mitigating cyberattacks
	Financial services sector
		Impact of a compromised financial services sector
		Cyberattack scenarios in the financial services sector
	Food and agriculture services sector
		Impact of a compromised food and agriculture sector
		Cyberattack scenarios in the food and agriculture services sector
	Government facilities sector
		Impact of a compromised government facilities sector
		Cyberattack scenarios in the government facilities sector
	Healthcare and public health sector
		Impact of a compromised healthcare and public health sector
		Cyberattack scenarios in the healthcare and public health sector
	Information technology sector
		Impact of a compromised information technology sector
		Cyberattack scenarios in the information technology sector
	Nuclear reactors, materials, and waste sector
		Impact of a compromised nuclear reactor sector
		Cyberattack scenarios in the nuclear reactor sector
	Transportation system sector
		Impact of a compromised transportation system sector
		Cyberattack scenarios in the transportation system sector
	Water and wastewater sector
		Impact of a compromised water and wastewater sector
		Cyberattack scenarios in the water and wastewater sector
	Summary
	References
Chapter 2: The Growing Threat of Cyberattacks on Critical Infrastructure
	A brief history of CI protection and attacks
		The impact of the 9/11 attacks on CI
		Same old attacks throughout history
		Executive order 13010
		Evolution of a nation’s CI protection posture
		Evolution of cyberattacks and countermeasures
	The state of CI in the face of cyberattacks
		COVID-19-period cyberattack landscape
		The Colonial Pipeline ransomware attack
		Attacks in 2023
	National cybersecurity strategies
	Summary
	References
Chapter 3: Critical Infrastructure Vulnerabilities
	Understanding the difference between threat, vulnerability, and risk
		Vulnerability
		Threat
		Risk
	Vulnerability assessment
		Scope definition
		Asset inventory
		Threat modeling
		Vulnerability scanning
		Manual assessment
		Risk prioritization
		Remediation planning
		Verification and validation
		Ongoing monitoring
		Reporting and documentation
	Security vulnerability management life cycle
		Discovery
		Assessment and prioritization
		Notification
		Remediation or mitigation
		Verification and validation
		Monitoring and continuous assessment
		End of life
	Most common vulnerabilities and threats in CI
		Inadequately secured industrial control systems (ICS)
		Common vulnerabilities in industrial control systems (ICS)
		Ransomware targeting CI
		Supply chain attacks on CI components
		Legacy systems and lack of security updates
		Physical security breaches
		Internet of Things (IoT) vulnerabilities
	Summary
	References
Part 2: Dissecting Cyberattacks on CI
Chapter 4: The Most Common Attacks Against CI
	DDoS attack
		Volumetric attacks
		Reflection and amplification attacks
		Resource depletion attacks
		Protocol-based attacks
		Application layer attacks
	Ransomware attack
		Infection
		Encryption
		Ransom note
		Ransom payment
		Data recovery
		No guarantee of data recovery
	Supply chain attack
		Scope of attack
		Attack vector
		Stealth and persistence
		Data exfiltration
		Software supply chain attacks
		Hardware supply chain attacks
		Impersonation and trust exploitation
		Mitigation challenges
		Notable examples
	APT
	Phishing
		The anatomy of a phishing attack
		Impersonation and trust exploitation
		Pretexting and urgency
		Mimicking authority figures
		Deception and lure
		Malicious links and attachments
		Why do phishing tactics persist?
	Common unpatched vulnerabilities
		The significance of timely patching
	Summary
	References
Chapter 5: Analysis of the Top Cyberattacks on Critical Infrastructure
	Stuxnet attack on Iran’s nuclear program (2010)
	Ukrainian power grid attack (2015)
	Dyn attack on internet infrastructure (2016)
	WannaCry (2017)
	NotPetya (2017)
	SolarWinds attack (2020)
	Colonial Pipeline ransomware attack (2021)
	Summary
	References
Part 3: Protecting Critical Infrastructure
Chapter 6: Protecting Critical Infrastructure – Part 1
	Network security and continuous monitoring
		Network segmentation
		Access control
		Intrusion detection and prevention systems
		Virtual private networks (VPNs)
		Security audits and penetration testing
		Honeypots and deception technologies
		Zero trust architecture
		Security monitoring
	Security policy and frameworks
		NIST cybersecurity framework
		ISO/IEC 27001 and ISO/IEC 27002
		NERC CIP
		The Department of Homeland Security (DHS) critical infrastructure security framework
		HITRUST CSF
		CIS Controls
	Summary
	References
Chapter 7: Protecting Critical Infrastructure – Part 2
	Systems security and endpoint protection
		Antivirus/antimalware protection
		Firewalls
		Host IDS/IPS
		EDR
	Application security
		Secure software development life cycle
		Code reviews and static analysis
		Authentication and authorization hardening
		Data encryption
		Session management
		Security patching and updates
		Penetration testing
		Logging and monitoring
		IR and data recovery
	Summary
	References
Chapter 8: Protecting Critical Infrastructure – Part 3
	IR
		IR history
		IR planning
	Security culture and awareness
		Interconnectivity of critical infrastructure
		Cascading effects of a cyberattack
		Responsibility to safeguard critical assets
		Insider threats
		Teamwork and information sharing
	Executive orders
		Executive Order 13010 – Critical Infrastructure Protection (1996)
		Executive Order 13231 – Critical Infrastructure Protection in the Information Age (2001)
		Homeland Security Presidential Directive 7 (HSPD-7) – Critical Infrastructure Identification, Prioritization, and Protection (2003)
		Executive Order 13636 – Improving Critical Infrastructure Cybersecurity (2013)
		Presidential Policy Directive 21 (PPD-21) – Critical Infrastructure Security and Resilience (2013)
		Executive Order 13873 – Securing the Information and Communications Technology and Services Supply Chain (2019)
		Executive Order 13870 – America’s Cybersecurity Workforce (2019)
		Executive Order 13865 – Coordinating National Resilience to Electromagnetic Pulses (2019)
		Executive Order 13905 – Strengthening National Resilience through Responsible Use of Positioning, Navigation, and Timing Services (2020)
		Executive Order 14028 – Improving the Nation’s Cybersecurity (2021)
		Executive Order 14110 – Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (2023)
	Summary
	References
Part 4: What’s Next
Chapter 9: The Future of CI
	Increment and innovation of cybersecurity measures
	More robust encryption implementation
	Human factor and training
	PPPs
	Resilience and recovery
	Integration of IoT and smart technologies
	Supply chain security
	Advancements in threat detection technologies
	Greater regulatory and compliance requirements
	Cross-sector collaboration
	Summary
	Conclusion
	References
Index
Other Books You May Enjoy