Cyber Physical Security Protecting Critical Infrastructure at the State and Local Level 1st Edition by Robert M Clark, Simon Hakim ISBN 3319328247 9783319328249

Cyber-Physical Security Protecting Critical Infrastructure at the State and Local Level 1st Edition by Robert M Clark, Simon Hakim – Ebook PDF Instant Download/Delivery. 3319328247, 9783319328249
Full download Cyber-Physical Security Protecting Critical Infrastructure at the State and Local Level 1st Edition after payment

Product details:

ISBN 10: 3319328247
ISBN 13: 9783319328249
Author: Robert M Clark, Simon Hakim

This book focuses on the vulnerabilities of state and local services to cyber-threats and suggests possible protective action that might be taken against such threats. Cyber-threats to U.S. critical infrastructure are of growing concern to policymakers, managers and consumers. Information and communications technology (ICT) is ubiquitous and many ICT devices and other components are interdependent; therefore, disruption of one component may have a negative, cascading effect on others.  Cyber-attacks might include denial of service, theft or manipulation of data.  Damage to critical infrastructure through a cyber-based attack could have a significant impact on the national security, the economy, and the livelihood and safety of many individual citizens.  Traditionally cyber security has generally been viewed as being focused on higher level threats such as those against the internet or the Federal government.  Little attention has been paid to cyber-security at the state and local level.  However, these governmental units play a critical role in providing services to local residents and consequently are highly vulnerable to cyber-threats. The failure of these services, such as waste water collection and water supply, transportation, public safety, utility services, and communication services, would pose a great threat to the public.  Featuring contributions from leading experts in the field, this volume is intended for state and local government officials and managers, state and Federal officials, academics, and public policy specialists.

Cyber-Physical Security Protecting Critical Infrastructure at the State and Local Level 1st Table of contents:

1 Protecting Critical Infrastructure at the State, Provincial, and Local Level: Issues in Cyber-Phys
Abstract
1.1 Introduction
1.2 Cyber Security Challenges
1.2.1 US Federal Information Security Responsibilities as Established in Law and Policy
1.2.2 Evolution of US Federal Strategy
1.3 Activities of the US National Governors Association
1.4 US Cyber-Security Research
1.5 International Studies and Research on Cyber-Physical Security
1.6 Summary and Conclusions
References
2 Cybersecurity Terminology and Frameworks
Abstract
2.1 Introduction
2.2 Terminology
2.2.1 Core Terminology
2.2.2 Scope
2.2.3 Assets
2.2.4 Confidentiality
2.2.5 Integrity
2.2.6 Availability
2.3 Risk Assessment Terminology
2.3.1 Threats
2.3.1.1 Threats from People
2.3.1.2 Threats from Other Sources
2.3.2 Vulnerabilities
2.3.3 Probability
2.3.4 Impact
2.4 Risk Treatment Terminology
2.4.1 Risk Acceptance
2.4.2 Risk Avoidance
2.4.3 Risk Treatment/Risk Mitigation
2.4.4 Risk Transfer
2.5 Controls Terminology
2.5.1 Controls Overview
2.5.1.1 Types of Controls
2.5.2 ISO 27001/ISO 27002
2.6 Requirements of the ISO 27001 Information Security Management System
2.6.1 Context
2.6.2 Interested Parties
2.6.3 Leadership and Commitment
2.6.4 Policy
2.6.5 Organizational Roles, Responsibilities, and Authorities
2.6.6 Planning
2.6.6.1 Actions to Address Risks and Opportunities
2.6.6.2 Information Security Risk Assessment
2.6.6.3 Information Security Risk Treatment
2.6.6.4 Information Security Objectives and Planning to Achieve Them
2.6.7 Support
2.6.7.1 Competence
2.6.7.2 Awareness
2.6.7.3 Communication
2.6.7.4 Documented Information
2.6.8 Operation
2.6.8.1 Operational Planning and Control
2.6.8.2 Information Security Risk Assessment
2.6.8.3 Information Security Risk Treatment
2.6.9 Performance Evaluation
2.6.9.1 Monitoring, Measurement, Analysis, and Evaluation
2.6.9.2 Internal Audit
2.6.9.3 Management Review
2.6.10 Improvement
2.6.10.1 Nonconformity and Corrective Action
2.6.10.2 Continual Improvement
2.7 NIST Computer Security Resource Center
2.8 NIST Framework for Improving Critical Infrastructure Cybersecurity
2.8.1 Framework Core
2.8.1.1 Core Functions
2.8.1.2 Identify
2.8.1.3 Protect
2.8.1.4 Detect
2.8.1.5 Respond
2.8.1.6 Recover
2.8.2 Framework Profile
2.8.3 Implementation Tiers
2.9 NIST Special Publication 800-82—Guide to Industrial Control Systems (ICS) Security
2.9.1 Administrative or Directive Controls
2.9.2 Preventive Controls
2.9.3 Detective Controls
2.9.4 Corrective Controls
2.10 Comparison of Controls
2.11 Summary and Conclusions
References
3 Assessing Cyber Threats and Solutions for Municipalities
Abstract
3.1 Introduction
3.2 Cyberspace as Critical Infrastructure
3.3 Threats to the Physical Plant and Information Technology
3.3.1 The Physical Plant
3.3.2 Information and Communication Technology
3.4 Understanding External Adversaries in Cyberspace
3.4.1 Foreign Governments: Intelligence and Military Services
3.4.2 Terrorism
3.4.3 Cybercrime
3.4.4 Hacking and Hacktisivism
3.5 How Can Municipal Governments Respond?
3.5.1 ICT Risk Management System
3.5.2 Network Security
3.5.3 Education and Awareness
3.5.4 Malicious Software or Malware
3.5.5 Remote Work (Telecommuting) and Private Devises
3.5.6 User Privileges
3.5.7 Private, Public Partnerships
3.6 Conclusion
4 Cyber Perimeters for Critical Infrastructures
Abstract
4.1 Introduction
4.2 History of Control System/Corporate Network Integration
4.3 Traditional Network Perimeter Security
4.4 Limitations of Firewalls
4.4.1 Phishing and Watering-Hole Attacks
4.4.2 Stealing Passwords
4.4.3 Compromising Trusted, External Systems
4.4.4 Forwarding Attack Packets
4.4.5 Attack through a VPN
4.4.6 Firewall Vulnerabilities
4.4.7 Errors and Omissions
4.4.8 Forged IP Addresses
4.4.9 Bypass the Firewall
4.4.10 Removable Media
4.5 Traditional Control-System Security Advice
4.5.1 Perimeter Hardening
4.5.2 Host Hardening
4.5.3 Personnel
4.5.4 Intrusion Detection
4.5.5 Limitations of Traditional Advice
4.6 Modern Alternatives to Firewalls
4.6.1 Unidirectional Gateways
4.6.2 Unidirectional Gateway Security
4.6.3 Emulating Devices
4.6.4 The FLIP
4.6.5 Inbound and Outbound Gateways
4.6.6 Unidirectional Gateway Security
4.7 Remote Access
4.7.1 Compromising Remote Access
4.7.2 Remote Screen View
4.7.3 Central Engineering Sites
4.8 Evolving Standards and Best-Practice Advice
4.8.1 NERC CIP
4.8.2 ANSSI Standards
4.8.3 Other Standards
4.9 Analysis: Why Are the Lights Still On?
4.10 Summary
4.10.1 Emerging Issues
4.10.2 Looking Forward
Chap4
References
5 A Security Evaluation of a Municipal Computer Network: The Case of Collaboration Between the City
Abstract
5.1 Introduction
5.2 The Creation of a Partnership
5.3 City of Pittsburgh Leveraging Its Resources
5.4 The Students Begin
5.5 Review of Policies and Procedures
5.6 The Students Reveal the Vulnerabilities
5.7 Lessons Learned
5.8 Conclusion
Acknowledgments
References
6 Cyber Risks in the Marine Transportation System
Abstract
6.1 Introduction
6.2 Computer Use in the MTS
6.3 The U.S. Coast Guard Strategic Approach
6.3.1 Principles of the Coast Guard’s Prevention Program
6.3.2 Response, Investigation, and Recovery
6.3.3 How Can Vessel and Facility Operators Manage Cyber Risks?
6.3.3.1 Risk Assessment
6.3.3.2 Risk Mitigation
6.3.3.3 Risk Management
6.3.4 Information Sharing
6.3.4.1 State and Local Involvement
6.4 Ongoing and Future Coast Guard Cyber Activity
6.5 Summary and Conclusion
Appendix A—Cyber Risk Bowtie Model
Appendix B—Cyber security Roles and Responsibilities
Appendix C—A Cyber Safe Port: A Hypothetical But Hopeful Case Study
References
7 Creating a Cyber Security Culture for Your Water/Waste Water Utility
Abstract
7.1 Introduction
7.2 The Water Sector Profile
7.2.1 Public Water Systems (Drinking Water Systems)
7.2.2 Public Owned Treatment Works (Wastewater Systems)
7.3 Cyber security Initiatives
7.3.1 National Institute of Standards and Technology
7.3.1.1 Cyber security Framework Core
7.3.1.2 Framework Implementation Tiers
7.3.1.3 Framework Profile
7.3.2 Department of Homeland Security
7.3.3 American Water Works Association
7.3.4 Environmental Protection Agency
7.4 Cyber Security Risk
7.4.1 The Risk Equation
7.4.2 Advanced Persistent Threats
7.4.2.1 Hacking Tools
7.4.2.2 Phishing
7.4.2.3 Fuzzing
7.4.2.4 Nmap
7.4.2.5 Nessus
7.4.2.6 Rootkits
7.4.2.7 Backdoors
7.4.2.8 Social Engineering
7.4.2.9 Hacking Techniques
Sniffing
Decryption
Cross-Domain
Reverse Engineering
Sequential Query Language Injection
Man-in-the-Middle Attack
7.5 Common Vulnerabilities
7.5.1 Consequences
7.5.2 Creating Cyber Security Culture
7.6 Secured Network Design
7.7 Summary and Conclusions
References
8 The Community Cyber Security Maturity Model
Abstract
8.1 Introduction
8.2 Improving the Cyber security Posture in Communities
8.2.1 History of the CCSMM
8.2.2 Purpose and Intent of the CCSMM
8.2.3 CCSMM Overview
8.3 CCSMM in Depth
8.3.1 Dimensions
8.3.1.1 Awareness
8.3.1.2 Information Sharing
8.3.1.3 Policy
8.3.1.4 Plans
8.3.2 Levels of the CCSMM
8.3.3 Phases of the CCSMM
8.3.4 Implementation Mechanisms
8.3.4.1 Metrics
8.3.4.2 Technology
8.3.4.3 Processes and Procedures
8.3.4.4 Training
8.3.4.5 Assessments
8.3.4.6 Roadmap for Model Implementation
8.3.4.7 Measure Current Cyber Security Posture (Initial Assessment)
8.3.4.8 Program Development (Building a Roadmap)
8.3.5 Implementation Recommendations
8.4 Summary
References
9 Fighting Cybercrime: A Joint Effort
Abstract
9.1 Introduction
9.2 Problems in Policing Cybercrimes
9.2.1 Problems Policing Cybercrimes in General
9.2.2 Case Study: The Netherlands
9.3 Public–Private Partnership
9.3.1 What Makes a PPP?
9.3.2 Forms of PPPs
9.3.3 Success and Failure Factors
9.4 PPP Practice—The National Cyber Security Centre
9.5 Discussion
9.6 Summary and Conclusions
References
10 Cyber Security Challenges: The Israeli Water Sector Example
Abstract
10.1 Introduction
10.2 Cyber-Physical Security at the State Level: What Role for a Government in Critical Infrastructu
10.2.1 Critical Infrastructure Protection in Israel
10.2.2 The National Information Security Authority (Re’em)
10.3 Cyber security of the Israeli Fresh Water Supply System
10.3.1 Threat Assessment: Technology
10.3.2 Threat Assessment: Organization
10.3.3 Hardware Supply Chain: Attack Scenario A
10.3.4 Contractor as a Trusted Insider: Attack Scenario B
10.4 The Limits of National CIP
10.4.1 The National Cyber Security Authority
10.5 Conclusions: Towards Cyber security on Municipal Level
References
11 Efforts to Get People Involved in Cyber-Physical Security: Case Studies of Australia and Singapor
Abstract
11.1 Introduction
11.2 Singapore
11.2.1 Educational Efforts
11.2.2 Cultivating Safe Online Practices
11.3 Australia
11.3.1 Educational Efforts
11.3.2 Cultivating Safe Online Practices
11.4 Summary and Conclusions
References
12 Cyber Security, Trust-Building, and Trust-Management: As Tools for Multi-agency Cooperation Withi
Abstract
12.1 Introduction
12.2 Building Cyber-Trust
12.2.1 Resilience
12.2.2 Situational Awareness
12.2.3 Security Technology
12.2.4 Security Management and Governance
12.2.5 Security Audit
12.3 Resilient Software-Intensive Systems
12.3.1 Design Principles for Information Infrastructures
12.3.2 Systematic Design for Resilient SISs
12.4 The Functions Vital to Society: A Complex Software-Intensive System
12.5 European Perspective
References
13 An Analysis of the Nature of Spam as Cybercrime
Abstract
13.1 Introduction
13.2 Mega Spam
13.3 Trends in Spam
13.4 The Organizational Structure of Spam as Cybercrime
13.4.1 Examples
13.4.1.1 Individuals—Kings of Spam
13.4.1.2 Crime Groups or Organizations
E.G.1: Commonwealth Bank
E.G.2: GameOver ZeuS
13.5 Spam Botnets
13.6 Spammers and Underground Forums
13.7 Countermeasures
14 Securing the Automotive Critical Infrastructure
Abstract
14.1 Introduction
14.2 Automotive Trends
14.3 Security Advancements
14.3.1 Automotive-Grade Hardware Security Modules
14.3.2 Secure V2X Communications
14.3.3 Secure In-Vehicle Network Communications
14.3.4 Embedded Security Evaluation
14.4 Summary and Conclusions

People also search for Cyber-Physical Security Protecting Critical Infrastructure at the State and Local Level 1st:

    
protecting critical infrastructure against cyber threats
    
protecting critical infrastructure against insider threats
    
protection of critical infrastructure against terrorist attacks
    
protect critical infrastructure for organisations
    
securing critical infrastructure in the age of ai