Industrial network security: Securing critical infrastructure networks for smart grid, SCADA, and other industrial control systems

Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems, Second Edition

Volumn , Issue , 2014, Pages 1-439

  Knapp, Eric D ^a   Langill, Joel Thomas ^a  

^a NONE

Author keywords

[No Author keywords available]

Indexed keywords

CRITICAL INFRASTRUCTURES; ELECTRIC POWER SYSTEM SECURITY; ELECTRIC POWER TRANSMISSION NETWORKS; GAS INDUSTRY; PUBLIC WORKS; SCADA SYSTEMS; SMART POWER GRIDS;

CRITICAL INFRASTRUCTURE SYSTEMS; CYBER-ATTACKS; ENERGY PRODUCTIONS; INDUSTRIAL CONTROL SYSTEMS; INDUSTRIAL NETWORKS; SMART GRID; VITAL SYSTEMS;

NETWORK SECURITY;

EID: 84987802592     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.1016/B978-0-12-420114-9.00018-6     Document Type: Book

References (175)

1. Eric D. Knapp and Raj Samani, "Applied Cyber Security and the Smart Grid," Elsevier, 2013.
2. North American Electric Corporation, Standard CIP-002-4, Cyber Security, Critical Cyber Asset Identification, North American Electric Corporation (NERC), Princeton, NJ, approved January 24, 2011.
3. North American Electric Corporation, Standard CIP-002-5.1, Cyber Security, Critical Cyber Asset Identification, North American Electric Corporation (NERC), Princeton, NJ, approved January 24, 2011.
4. North American Electric Corporation, Standard CIP-002-4, Cyber Security, Critical Cyber Asset Identification, North American Electric Corporation (NERC), Princeton, NJ, approved January 24, 2011.
5. Department of Homeland Security, Homeland security presidential directive 7: critical infrastructure identification, prioritization, and protection. http://www.dhs.gov/xabout/laws/gc_1214597989952.shtm>, September, 2008 (cited: November 1, 2010).
6. U.S. Nuclear Regulatory Commission, The NRC: who we are and what we do. (cited: November 1, 2010).
7. Department of Homeland Security, Homeland security presidential directive/HSPD-7. Roles and responsibilities of sector-specific federal agencies (18)(d). , September 2008 (cited: November 1, 2010).
8. J. Arlen, SCADA and ICS for security experts: how to avoid cyberdouchery. in: Proc. 2010 BlackHat Technical Conference, July 2010.
9. U.S. Nuclear Regulatory Commission, Regulatory Guide 5.71 (New Regulatory Guide) Cyber Security Programs for Nuclear Facilities, U.S. Nuclear Regulatory Commission, Washington, DC, January 2010
10. J. Pollet, Red Tiger, Electricity for free? The dirty underbelly of SCADA and smart meters, in: Proc. 2010 BlackHat Technical Conference, Las Vegas, NV, July 2010.
11. The Open-Source Vulnerability Database (OSVDB) Project, ID Nos. 79399/79400. (cited: December 20, 2013)
12. Microsoft. KB 103884 "The OSI Model’s Seven Layers Defined and Functions Explained," (cited: December 21, 2013).
13. International Society of Automation (ISA). Standards & Practices 95. (cited: December 21, 2013).
14. Purdue Enterprise Reference Architecture (PERA), "Purdue Reference Model for CIM." (cited: December 21, 2013).
15. Repository of Industrial Security Incidents (RISI). 2013 Report on Cyber Security Incidents and Trends Affecting Industrial Control Systems, June 15, 2013.
16. J. Pollet, Red Tiger, Understanding the advanced persistent threat, in: Proc. 2010 SANS European SCADA and Process Control Security Summit, Stockholm, Sweden, October 2010.
17. J. Pollet, Red Tiger, Understanding the advanced persistent threat, in: Proc. 2010 SANS European SCADA and Process Control Security Summit, Stockholm, Sweden, October 2010.
18. Threat Post. Move Over Conficker, Web Threats are Top Enterprise Risk. (cited: December 20, 2013)
19. N. Falliere, L.O. Murchu, E. Chien, Symantec. W32.Stuxnet Dossier, Version 1.1, October 2010.
20. McAfee. Global Energy Cyberattacks: "Night Dragon." February 10, 2011
21. D. Peterson, Italian researcher publishes 34 ICS vulnerabilities. Digital Bond. , March 21, 2011 (cited: April 4, 2011).
22. J. Langill, SCADAhacker.com. Agora+ SCADA Exploit Pack for CANVAS , March 17, 2011. (cited: December 20, 2013)
23. J. Langill, SCADAhacker.com. Gleg releases Ver 1.28 of the SCADA+ Exploit Pack for Immunity Canvas, October 8, 2013. (cited: October 8, 2013)
24. D. Peterson, Friday News and Notes. , March 25, 2011. (cited: April 4, 2011)
25. US Department of Homeland Security, US-CERT, Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies, Washington, DC, October 2009.
26. M. Maybury, "How to Protect Digital Assets from Malicious Insiders," Institute for Information Infrastructure Protection.
27. M. Luallen, "Managing Insiders in Utility Control Systems," SANS SCADA Summit 2011, March 2011.
28. Repository of Industrial Security Incidents (RISI), "2013 Report on Cyber Security Incidents and Trends Affecting Industrial Control Systems," June 15, 2013.
29. Security Focus, "Slammer worm crashed Ohio nuke plant network," August 19, 2003, , (cited: January 6, 2014).
30. Open-Source Vulnerability Database (OSVDB) Project. . (cited: January 1, 2013)
31. Ladder logic. , October 19, 2000 (cited: November 29, 2010).
32. P. Melore, PLC operations. , (cited: November 29, 2010).
33. P. Melore, The guts inside. , (cited: November 29, 2010).
34. PLCTutor.com, PLC operations. , October, 19, 2000 (cited: November 29, 2010).
35. OSIsoft, OSIsoft company overview. , 2010 (cited: November 29, 2010).
36. J. Larson, Idaho National Laboratories, Control systems at risk: sophisticated penetration testers show how to get through the defenses, in: Proc. 2009 SANS European SCADA and Process Control Security Summit, October, 2009.
37. DigitalBond, "Portaledge," , (cited: January 6, 2014).
38. DigitalBond, "Bandolier," , (cited: January 6, 2014).
39. The Modbus Organization, Modbus application protocol specification V1.1b, Modbus Organization, Inc. Hopkinton, MA, December 2006.
40. "List of Automation Protocols," Wikipedia, (cited: January 6, 2014).
41. E. Chien, Symantec. Stuxnet: a breakthrough. , November, 2010 (cited: November 16, 2010).
42. G. Locke, US Department of Commerce and Patrick D. Gallagher, National Institute of Standards and Technology, Smart Grid Cyber Security Strategy and Recommendations, Draft NISTIR 7628, NIST Computer Security Resource Center, Gaithersburg, MD, February 2010.
43. Raymond C. Parks, SANDIA Report SAND2007-7327, Advanced Metering Infra-structure Security Considerations, Sandia National Laboratories, Albuquerque, New Mexico and Livermore, California, November 2007.
44. Ladder logic. , October 19, 2000 (cited: November 29, 2010).
45. Cisco. "Layer 2 and Layer 3 Switch Evolution." (cited: December 21, 2013).
46. Paul Didier, Fernando Macias, James Harstad, Rick Antholine, Scott A. Johnston, Sabina Piyevsky, Mark Schillace, Gregory Wilcox, Dan Zaniewski, Steve Zuponcic. Converged Plantwide Ethernet (CPwE) Design and Implementation Guide. Cisco Systems, Inc. and Rockwell Automation, Inc. Sep. 9, 2011
47. Cisco, "Design Best Practices for Latency Optimization," December 2007.
48. Emerson Process Management, "DeltaV SIS for Process Safety Systems: A Modern Safety System - for the Life of Your Plant," September, 2013.
49. Shepard Daniel P, Humphreys Todd E, Fansler Aaron A. Evaluation of the vulnerability of phasor measurement units to GPS spoofing attacks, In Sixth annual IFIP WG 11.10 international conference on critical infrastructure protection. Washington, DC; March 19-21, 2012.
50. University of Texas at Austin. UT Austin Researchers Successfully Spoof an $80 million Yacht at Sea. July 29, 2013. Article on Internet. http://www.utexas.edu/news/2013/07/29/ut-austin-researchers-successfully-spoof-an-80-million-yacht-at-sea/
51. The Edison Foundation, "Utility-Scale Smart Meter Deployments, Plans, and Proposals," IEE Report, May 2012.
52. K. Rowland, "602.7 million installed smart meters globall by 2016," (cited: December 23, 2013).
53. "Schneider Electric Modicon History," (cited: January 7, 2014).
54. Modbus Organizations, "Modbus Application Protocol Specification," Version 1.1b, Published December 28, 2066.
55. AEG Schneider Autotmation, "Modicon Modbus Plus Nework Planning and Installation Guide," 890-USE-100.00 Version 3.0, April 1996.
56. Triangle MicroWorks, "Using DNP3 & IEC 60870-5 Communication Protocols in the Oil & Gas Industry," Revision 1, published March 26, 2001.
57. Triangle MicroWorks, "Modbus and DNP3 Communication Protocols," (cited: January 8, 2014).
58. The DNP Users Group, DNP3 Primer, Revision A. , March 2005 (cited: November 24, 2010).
59. G.R. Clarke, Deon Reynders Practical Modern SCADA Protocols: DNP3, 60870.5 and Related Systems, Newnes, Oxford, UK and Burlington MA, 2004.
60. The DNP Users Group, DNP3 Primer, Revision A. , March 2005 (cited: November 24, 2010).
61. Digitalbond SCADAPEDIA, Secure DNP3. , August 2008 (cited: November 24, 2010).
62. The DNP Users Group, DNP3 Primer, Revision A. , March, 2005 (cited: November 24, 2010).
63. A.B.M. Omar Faruk, Testing & Exploring Vulnerabilities of the Applications Implementing DNP3 Protocol, KTH Electrical Engineering, Stockholm, Sweden, June 2008.
64. V.M. Igure, Security assessment of SCADA protocols: a taxonomy based methodology for the identification of security vulnerabilities in SCADA protocols, VDM Verlag Dr. Müller Aktiengesellschaft & Co. KG, 2008.
65. "Industrial Ethernet: A Control Engineer’s Guide," Cisco, April 2010.
66. J. Schwager, "Information about Real-Time Ethernet in Industry Automation," Reutlinger University, , (cited: January 10, 2014).
67. Industrial Ethernet Facts, "System Comparison: The 5 Major Technologies," Ethernet POWERLINK Standardization Group, Issue 2, February 2013.
68. Industrial Ethernet Facts, "System Comparison: The 5 Major Technologies," Ethernet POWERLINK Standardization Group, Issue 2, February 2013.
69. Open Device Vendor Assocation (ODVA), "Common Industrial Protocol (CIP)," Publication PUB00122R0-ENGLISH, 2006.
70. The EtherCAT Technology Group, Technical introduction and overview: EtherCAT-the Ethernet Fieldbus. , May 10, 2010 (cited: November 24, 2010).
71. P. Doyle, Introduction to Real-Time Ethernet II. The Extension: A Technical Supplement to Control Network, vol. 5, Issue 4, Contemporary Control Systems, Inc., Downers Grove, IL, July 2004.
72. Ethernet POWERLINK Standardization Group, CANopen. , 2009 (cited: November 24, 2010).
73. SERCOS International, Technology: Introduction to SERCOS interface. , 2010 (cited: November 24, 2010).
74. SERCOS International, Technology: Cyclic Operation. , 2010 (cited: November 24, 2010).
75. SERCOS International, Technology: Service & IP Channels. , 2010 (cited: November 24, 2010).
76. OPC Foundation, "What is OPC?," , (cited: January 9, 2014).
77. OPC Foundation, "Certified Products," , (cited: January 9, 2014).
78. Microsoft Corporation, RPC Protocol Operation. (cited: November 4, 2010).
79. European Organization for Nuclear Research (CERN), A Brief Introduction to OPC™ Data Access. , November 11, 2000 (cited: November 29, 2010).
80. "OPC Security Whitepaper #3: Hardening Guidelines for OPC Hosts," DigitalBond, British Columbia Institute of Technology, Byres Research, November 13, 2007.
81. DigitalBond, "Bandolier," (cited: January 9, 2014).
82. DigitalBond, "QuickDraw SCADA IDS," (cited: January 9, 2014).
83. J.T. Michalski, A. Lanzone, J. Trent, S. Smith, SANDIA Report SAND2007-3345: Secure ICCP Integration Considerations and Recommendations, Sandia National Laboratories, Albuquerque, New Mexico and Livermore, California, June 2007.
84. J. Michalski, A. Lanzone, J. Trent, S. Smith, "Secure ICCP Integration: Considerations and Recommendations," Sandia Report SAND2007-3345, printed June 2007.
85. DigitalBond, "Bandolier Security Audit File for SISCO ICCP Server," , (cited: January 9, 2014).
86. Open Device Vendors Association (ODVA), "Common Industrial Protocol," PUB00122R0-ENGLISH, 2006.
87. K. Stouffer, J. Falco, K. Scarfone, National Institute of Standards and Technology, Special Publication 800-82 (Final Public Draft), Guide to Industrial Control Systems (ICS) Security, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology Gaithersburg, MD and Intelligent Systems Division, Manufacturing Engineering Laboratory, National Institute of Standards and Technology Gaithersburg, MD, September 2008.
88. M.J. McDonald, G.N. Conrad, T.C. Service, R.H. Cassidy, SANDIA Report SAND2008-5954, Cyber Effects Analysis Using VCSE Promoting Control System Reliability, Sandia National Laboratories Albuquerque, New Mexico and Livermore, California, September 2008.
89. A. Giani, S. Sastry, K.H. Johansson, H. Sandberg, The VIKING Project: An Initiative on Resilient Control of Power Networks, Department of Electrical Engineering and Computer Sciences, University of California at Berkeley, and School of Electrical Engineering, Royal Institute of Technology (KTH), Berkeley, CA, 2009.
90. SearchSecurity. Definition: Blended Threat. Document from the Internet. Cited Sep 4, 2012. Available from: http://searchsecurity.techtarget.com/definition/blended-threat
91. G. McDonald, L.O. Murchu, S. Doherty, E. Chien, Symantec. Stuxnet 0.5: The Missing Link, Version 1.0, February 26, 2013.
92. E. Chien, Symantec. Stuxnet: a breakthrough. , November 2010 (cited: November 16, 2010).
93. Open-Source Vulnerability Database (OSVDB). ID 66441: Siemens SIMATIC WinCC SQL Database Default Password. (cited: December 20, 2013)
94. WinCC Database Problem. (cited: December 20, 2013)
95. N. Falliere, L.O Murchu, E. Chien, Symantec. W32.Stuxnet Dossier, Version 1.1, October 2010.
96. E. Byres, A. Ginter, J. Langill. "How Stuxnet Spreads - A Study of Infection Paths in Best Practice Systems," Version 1.0, February 22, 2011.
97. ICS-CERT. Joint Security Awareness Report (JSAR-12-241-01B) Shamoon/DistTrack Malware - Update B. Document from the Internet. April 30, 2013. Cited December 22, 2013. Available at: https://ics-cert.us-cert.gov/jsar/JSAR-12-241-01B-0
98. Kelly Jackson Higgins. 30,000 Machines Infected In Targeted Attack On Saudi Aramco. Dark Reading. August 2012. Document from the Internet. Cited December 22, 2013. Available at: http://www.darkreading.com/attacks-breaches/30000-machines-infected-in-targeted-atta/240006313
99. Kaspersky Labs. Virus News: Kaspersky Lab Experts Provide In-Depth Analysis of Flame’s C&C Infrastructure. Document from the Internet. June 4, 2012. Cited Sep 18, 2012. Available from: http://www.kaspersky.com/about/news/virus/2012/Kaspersky_Lab_Experts_Provide_In_Depth_Analysis_of_Flames_Infrastructure
100. Kaspersky Labs. Virus News: Kaspersky Lab Experts Provide In-Depth Analysis of Flame’s C&C Infrastructure. Document from the Internet. June 4, 2012. Cited Sep 18, 2012. Available from: http://www.kaspersky.com/about/news/virus/2012/Kaspersky_Lab_Experts_Provide_In_Depth_Analysis_of_Flames_Infrastructure
101. D. Stevens, Escape from PDF. , March 2010 (cited: November 4, 2010).
102. J. Conway, Sudosecure.net. Worm-Able PDF Clarification. , April 4, 2010 (cited: November 4, 2010).
103. Kali Linux. .
104. Social Engineering Framework, Computer based social engineering tools: Social Engineer Toolkit (SET). .
105. 86 Security Labs, PDF "Launch" Feature Used to Install Zeus. , April 14, 2010 (cited: November 4, 2010).
106. Ruben Santamarta. Attacking ControlLogix. Digital Bond Project Base Camp. 2012.
107. J. Nazario, Arbor networks. Twitter-based Botnet Command Channel. , August 13, 2009 (cited: November 4, 2010).
108. J. Pollet, Red Tiger, Understanding the advanced persistent threat, in: Proc. 2010 SANS European SCADA and Process Control Security Summit, Stockholm, Sweden, October 2010.
109. National Institute of Standards and Technologies (NIST) - Computer Forensic Tools Catalog, , .
110. Repository of Industrial Security Incidents, "2013 Report on Cyber Security Incidents and Trends Affecting Industrial Control Systems," June 2013.
111. Repository of Industrial Security Incidents, "2013 Report on Cyber Security Incidents and Trends Affecting Industrial Control Systems," June 2013.
112. Open-Source Vulnerability Database, , sited July 1, 2014.
113. "ICS Vulnerability Trend Data," , sited July 1, 2014.
114. "Data breach costs still unknown: Target CEO," CNBC, , sited July 28, 2014.
115. "Analyst sees Target data breach costs topping $1 billion," TwinCities Pioneer Press, , sited July 28, 2014.
116. "The Target Breach, By the Numbers," Krebs on Security, , sited July 28, 2014.
117. "The Shamoon Attacks," Symantec Security Response, , sited July 29, 2014.
118. nd Edition, 2008.
119. "National Vulnerability Database Version 2.2," National Institute of Standards and Technology / U.S. Dept. of Homeland Security National Cyber Security Division, , sited July 30, 2014.
120. "Open-Source Vulnerability Database," , sited July 30, 2014.
121. "National Checklist Program Repository," National Institute of Standards and Technology, , sited July 30, 2014.
122. "CIS Security Benchmarks," Center for Internet Security, , sited July 30, 2014.
123. "Security Configuration Guides," National Security Agency / Central Security Service, , sited July 30, 2014.
124. "Nessus Compliance and Audit Download Center," Tenable Network Security, , sited July 30, 2014.
125. "Bandolier," DigitalBond, , sited July 30, 2014.
126. "A Complete Guide to the Common Vulnerability Scoring System Version 2.0," Forum of Incident Response and Security Teams, , sited July 30, 2014.
127. "Common Vulnerability Scoring System Version 2 Calculator," National Institute of Standards and Technology - National Vulnerability Database, , sited July 30, 2014.
128. "DHS Says Aging Infrastructure Poses Significant Risk to U.S.," Public Intelligence, , sited July 31, 2014.
129. "Aging Natural Gas Pipelines Are Ticking Time Bombs, Say Watchdogs," FoxNews, , sited July 31. 2014.
130. th Annual Computer Crime and Security Survey," Computer Security Institute, December 2010.
131. "Threat Modeling," Microsoft Developer Network, , sited July 31, 2014.
132. Theodore J. Williams. A Reference Model For Computer Integrated Manufacturing (CIM): A Description from the Viewpoint of Industrial Automation. Purdue Research Foundation. North Carolina. 1989.
133. International Society of Automation (ISA), ISA-99.00.01-2007, "Security for industrial automation and control systems: Terminology, Concepts and Models," October, 2007
134. U.S. Nuclear Regulatory Commission, Regulatory Guide 5.71 (New Regulatory Guide), Cyber Security Programs for Nuclear Facilities, January, 2010.
135. D. Taylor, Intrusion detection FAQ: are there vulnerabilities in VLAN implementations? VLAN Security Test Report, The SANS Institute. , July 12, 2000 (cited: January 19, 2011).
136. U.S. Nuclear Regulatory Commission, 73.54 Protection of digital computer and communication systems and networks. , March 27, 2009 (cited: January 19, 2011).
137. North American Reliability Corporation, Standard CIP-002-3. Cyber Security-Critical Cyber Asset Identification. , December 16, 2009 (cited: January 19, 2011).
138. International Society of Automation, Standard ANSI/ISA-99.02.01-2009, "Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program," Approved January 13, 2009.
139. , December 2, 2010 (cited: January 19, 2011).
140. Snort. www.snort.org> (cited: December 26, 2013).
141. Open Information Security Foundation. "Suricata" (cited: December 26, 2013).
142. Idaho National Lab (INL), "Helping utilities monitor for network security," August 30, 2012 (cited: December 27, 2013).
143. NexDefense, Inc., "About Sophia," (cited: December 26, 2013).
144. Australian Dept. of Defense - Intelligence and Security, "Strategies to Mitigate Targeted Cyber Intrusion," October 2012.
145. Trustifier, www.trustifier.com> (cited: December 27, 2013).
146. "McAfee Probing Bundle That Sparked Global PC Crash," Wired, published April 22, 2010, , sited July 19, 2014.
147. Waterfall Security Solutions, Ltd. www.waterfall-security.com> (cited: December 27, 2013).
148. K. Stouffer, J. Falco, K. Scarfone, National Institute of Standards and Technology (NIST), Special Publication 800-82 Revision 1, Guide to Industrial Control Systems (ICS) Security, Section 6.11 System and Information Integrity, May, 2013.
149. A. Chuvakin, Content aware SIEM. http://www.sans.org/security-resources/idfaq/vlan.php, February, 2000 (cited: January 19, 2011).
150. B. Singer, Correlating Risk Events and Process Trends. Proceedings of the SCADA Security Scientific Symposium (S4). Kenexis Security Corporation and Digital Bond Press, 2010.
151. F. Salo, Anomaly Detection Systems: Context Sensitive Analytics. NitroSecurity, Inc. Portsmouth, NH, December 2009.
152. B. Singer, Correlating Risk Events and Process Trends. Proceedings of the SCADA Security Scientific Symposium (S4). Kenexis Security Corporation and Digital Bond Press, Sunrise, FL, 2010.
153. U.S. Dept. of Homeland Security, "Cyber Security Procurement Language for Industrial Control Systems," September 2009.
154. D. Beresford, "Exploiting Siemens Simatic S7 PLCs," July 8, 2011. Prepared for Black Hat USA 2011.
155. R. Kay, QuickStudy: event correlation. Computerworld.com , July 28, 2003 (cited: February 13, 2011).
156. Softpanorama, Event correlation technologies. , January 10, 2002 (cited: February 13, 2011).
157. The MITRE Corporation, About CEE (common event expression). , May 27, 2010 (cited: February 13, 2011).
158. M. Leland, Zero-day correlation: building a taxonomy. NitroSecurity, Inc. , May 6, 2009 (cited: February 13, 2011).
159. The MITRE Corporation, About CEE (common event expression). , May 27, 2010 (cited: February 13, 2011).
160. A. Chuvakin, Content aware SIEM. , February 2000 (cited: January 19, 2011).
161. B. Singer, Correlating risk events and process trends. Proceedings of the SCADA Security Scientific Symposium (S4). Kenexis Security Corporation and Digital Bond Press, 2010, Sunrise, FL.
162. J.M. Butler. Benchmarking Security Information Event Management (SIEM). The SANS Institute Analytics Program, February, 2009.
163. Microsoft. Windows Management Instrumentation. , January 6, 2011 (cited: March 3, 2011).
164. Flow.org. Traffic Monitoring using sFlow. , 2003 (cited: March 3, 2011).
165. B. Singer, Kenexis Security Corporation, in: D. Peterson (Ed.), Proceedings of the SCADA Security Scientific Symposium, 2: Correlating Risk Events and Process Trends to Improve Reliability, Digital Bond Press, 2010.
166. Securonix, Inc., Securonix Indentity Matcher: Overview. , 2003 (cited: March 3, 2011).
167. A. Chuvakin, Content Aware SIEM. February, 2000 (cited: January 19, 2011).
168. K.M. Kavanagh, M. Nicolett, O. Rochford, "Magic quadrant for security information and event management," Gartner Document ID Number: G00261641, June 25, 2014.
169. J.M. Butler, Benchmarking Security Information Event Management (SIEM). The SANS Institute Analytics Program, February, 2009.
170. North American Electric Reliability Corporation. NERC CIP Reliability Standards, version 4. February 3, 2011 (cited: March 3, 2011).
171. M. Asante, NERC, Harder questions on CIP compliance update: ask the expert, 2010 SCADA and Process Control Summit, The SANS Institute, March 29, 2010.
172. International Standards Organization/International Electrotechnical Commission (ISO/IEC), About ISO. http://www.iso.org/iso/about.htm (cited: March 21, 2011).
173. K. Stouffer, J. Falco, K. Scarfone, National Institute of Standards and Technology, Special Publication 800-82 (Final Public Draft), Guide to Industrial Control Systems (ICS) Security, September 2008.
174. ISA99 Committee on Industrial Automation and Control Systems Security, , sited July 21, 2014.
175. The Unified Compliance Framework, What is the UCF? (cited: March 21, 2011).