Practical Industrial Internet of Things Security

封面

Title Page

Copyright and Credits

Practical Industrial Internet of Things Security

Dedication

Packt Upsell

Why subscribe?

PacktPub.com

Foreword

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Disclaimer

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Reviews

An Unprecedented Opportunity at Stake

Defining the Industrial IoT

Industrial IoT Industrial Internet and Industrie 4.0

Consumer versus Industrial IoT

Industrial IoT security – a business imperative

Cybersecurity versus cyber-physical IoT security

What is a cyber-physical system?

Industrial "things " connectivity and operational technologies

Operational technology

Machine-to-Machine

An overview of SCADA DCS and PLC

Industrial control system architecture

ICS components and data networks

ICS network components

Fieldbus protocols

IT and OT convergence – what it really means

Industrial IoT deployment architecture

Divergence in IT and OT security fundamentals

Operational priorities

Attack surface and threat actors

Interdependence of critical infrastructures

Industrial threats vulnerabilities and risk factors

Threats and threat actors

Vulnerabilities

Policy and procedure vulnerabilities

Platform vulnerabilities

Software platform vulnerabilities

Network vulnerability

Risks

Evolution of cyber-physical attacks

Industrial IoT use cases – examining the cyber risk gap

Energy and smart grids

Manufacturing

Cyberattack on industrial control systems – Stuxnet case study

Event flow

Key points

Risk gap summary

Smart city and autonomous transportation

Healthcare and pharmaceuticals

The ransomware attack on the healthcare enterprise – "WannaCry" case study

Cyber risk gap summary

Summary

Industrial IoT Dataflow and Security Architecture

Primer on IIoT attacks and countermeasures

Attack surfaces and attack vectors

OWASP IoT attack surfaces

Attack trees

Fault tree analysis

Threat modeling

STRIDE threat model

DREAD threat model

Trustworthiness of an IIoT system

Industrial big data pipeline and architectures

Industrial IoT security architecture

Business viewpoint

Usage viewpoint

Functional viewpoint

Implementation viewpoint

IIoT architecture patterns

Pattern 1 – Three-tier architectural model

Pattern 2 – Layered databus architecture

Building blocks of industrial IoT security architecture

A four-tier IIoT security model

Summary

IIoT Identity and Access Management

A primer on identity and access control

Identification

Authentication

Authorization

Account management

Distinguishing features of IAM in IIoT

Diversity of IIoT endpoints

Resource-constrained and brownfield considerations

Physical safety and reliability

Autonomy and scalability

Event logging is a rarity

Subscription-based models

Increasing sophistication of identity attacks