One of the most mysterious areas of information security is industrial system security.
No other area of information security contains that many myths, mistakes, misconceptions
and outright lies. Information available online, while voluminous, will
only lead information security professionals and industrial systems professionals to
more confusion and more misconceptions—which may result in not only costly, but
also life-threatening, mistakes.
What raises the mystery even higher is that the stakes in the area of industrial
security are extremely high. While the loss of trade secret information may kill a
business, the loss of electricity generating capability may kill not just one person,
but potentially thousands.
And finally the mystery is solved—with this well-researched book on industrial
system network security.
The book had a few parts of particular interest to me. I liked that the book covers
the “myth of an air gap”—now in the age of wireless, the air gap is not what it used
to be and should not be assumed to be “the absolute security.” I also liked that safety
versus security is covered: industrial engineers might know more about the former
while my InfoSec colleagues know more about the latter. Today’s interconnected
industrial systems absolutely need both! Finally, I also liked the book’s focus on risk
and impact, and not simply on following the regulatory minimum.
Both information security and industrial engineers, which are currently two
distinctly different tribes, would benefit from this book. And, hopefully Industrial
Network Security will bring the much needed union of both tribes, thus helping us
build a more secure business and industrial system.