There are a small, but growing number of ICS security books. The goal of this page is to provide and maintain a complete list and have reviews to help loyal readers select the best book for them. If you know of a book missing from the list please send an email to firstname.lastname@example.org.
We follow the Amazon.com 1 to 5-star rating system. If you disagree with a rating or review, add your own comment.
5- Star Rating
This is the first great, 5-star ICS security book … and Ralph will probably protest that it is not an ICS security book. It is the book you should give to ICS engineers who have been pushing back on cyber security. It is the book you should give to ICS security professionals who need to know how to intellectually reach an ICS engineer. I think an honest engineer reading this book will be embarrassed at the realization of how he has allowed fragility in the form of ‘cyber’ to live in his SCADA or DCS.
Published by Momentum Press, 2011, 198-pages
Cybersecurity for Industrial Control Systems by Tyson McCauley and Bryan Singer
I had high hopes for this book since Bryan Singer is highly experienced in ICS, ICS security and IT security — and Bryan and co-author Tyson McCauley did not disappoint. To date this is clearly the best book on ICS Security by far.
The two best things about this book are:
- They got the facts right about both ICS and IT security. This is not as easy as it sounds as most books have failed or been simplistic in one area or another.
- They provided the background information for a beginner to understand, but followed that up with significant technical detail and examples. It’s a good book for a beginner or intermediate in either area, and even those with years of experience in both areas will learn something. For me the best new info was the Overall Equipment Effectiveness (OEE) and Security OEE as a future risk assessment technique in Chapter 4.
Published by Auerbach Publications, 203 Pages
Industrial Network Security by Eric Knapp
It is a tough book to review because the quality and accuracy was very uneven. As compared to other ICS Security books available today, grading on a curve, it deserves 4 stars out of a possible 5. However, it would only rate 2 stars if there was a high quality book on applying technical and administrative IT security to control systems. Unfortunately that book has not yet been written.
The highlights of this book are Chapter 8: Exception, Anomaly and Threat Detection and Chapter 9: Monitoring Enclaves. Not surprising since Eric works for SIEM vendor NitroSecurity. …
Unfortunately I cannot recommend this book for an IT security professional who wants to learn about control systems. There is a lot of important information and good advice, but they would also be misled in important and numerous ways.
Industrial Network Security by Dave Teumim
A very basic, very short book that does a good job of introducing cyber security to an ICS manager with zero security experience.
… At $69 it is hugely overpriced, which led to the 3-star rating. At $9.95 for a book and $4.95 for a Kindle version, and correctly positioned as a very basic introduction, it would have warranted 4-stars.
The book is well organized, well written and a light, easy read. People with any security experience will not learn much and find the book wanting. They are better off with Eric Knapp’s much more substantial, albeit also more flawed, book with the same title, Industrial Network Security … and Eric’s book cost 50% less.
Engineers will find this book too basic and will be much better off with Ralph Langner’s new book which is more detailed and speaks their language.
2- Star Rating
Protecting Industrial Control Systems From Electronic Threats by Joseph Weiss
Joe Weiss’s, one of the pioneers in control system security, attempt at writing an overarching book on control system security is almost unreadable. It meanders, doesn’t provide information or opinions in a coherent way, and continues to fail at the end with a set of 40+ disjointed, bulleted recommendations …
If you do pick up this book, skip to the Selected Case Histories in Chapters 14 and 15. These 40 pages show what could have been, and the section on the 1998 Maroochy Wastewater Hack is the best writeup I’ve seen on this oft discussed event. These chapters are useful for those new to control system security whether they come from IT Security or Operations.
Published by Momentum Press, 2010, 310 Pages
TechnoSecurity’s Guide To Securing SCADA by Jack Wiles et al.
Save your money and don’t buy this book.
The reason for the worst, 1-star rating is this book is not about SCADA Security. It is a collection of general purpose IT security chapters written by a collection of authors that rarely even mention control systems. There is little control system experience in the authors, and the collection of articles approach lead to an uneven and poorly structured book.
Published by Syngress, 2008, 352-pages
Cybersecurity for SCADA Systems by William Shaw
Published by Pennwell Corp, 2006, 299 pages
Securing SCADA Systems by Ronald Krutz
Note – I have this book and read this book, but all I can remember was it was not memorable. I will dig it out and add a review shortly.
Published by Wiley Press, 2005, 218 pages
Securing the Smart Grid by Tony Flick and Justin Morehouse
Published by Syngress, 2010, 320 pages