Kurtz’s New Securing SCADA Systems Book
I had a chance to quickly read through Kurtz’s new book, Securing SCADA Systems. At a 150 pages and many filled with diagrams it is a quick read.
Positives:
- Chapter 2 gives some good examples of SCADA and DCS systems in oil/gas, power and water. This would help an IT person who doesn’t understand what control systems do.
- Raises a number of topics that a person interested in SCADA security would want to learn more about.
Negatives:
- No subject is covered in even a moderate level of detail you would expect in a book. It reads more like a small collection of magazine articles. There is a small section on protocols, a section on standards, a section on past SCADA attacks, … 150 pages on a subject as meaty as SCADA Security? The problem should have been keeping the book under 400 pages.
- It appears to be done by searching the Internet for topics on SCADA and compiling them in a book. There does not appear to be any analysis of what are important activities and what activities have already been considered failures by the community.
- The author is clearly a writer, but it is not clear he knows much about SCADA/DCS. This is not meant as harshly as it sounds. He presents compiled information well, but has not added to the body of knowledge that is out there already in various forms.
I can’t recommend this book, but there are not a lot of alternatives out there.
Author: Dale Peterson
Posted: December 13th, 2005 under Uncategorized.
Comments: 5
Comments
Comment from Anonymous
Time: December 13, 2005, 11:37 am
When does the team at DigitalBond plan on authoring something that’s hard to keep under 400 pages? 
Comment from Dale Peterson
Time: December 13, 2005, 12:18 pm
Darn good question and writing a book is hard work. We’ve been working on a chapter here and a chapter there for some time, but it is a lot of work to do any of the topics justice. If we can’t finish it off in 2006 and publish a book we feel is relatively complete and helpful, we will probably just make the chapters available on the web site. I can tell one of the biggest problem is keeping the size down.
Comment from Anonymous
Time: December 14, 2005, 5:46 pm
I could not agree more with your point of view. While preparing my 200-pages final emphasis thesis “Informations Systems Security on Critical Infrastructures Control Systems” to complete an Information Systems Security Master in Spain, I found your web site and this new book reference. It is really hard to believe a so much experienced man has compiled same Inet documents that anyone can find… BTW, no mentions at all to OPC nor XML. Last but not least, has anyone tried to find out any such similar document Europe-based or in Spanish ? When finished, I shall make my papers available
Regards:
Luismi
Comment from Anonymous
Time: December 20, 2005, 1:21 pm
sorry about drinking most of that bottle of crown royal…
Comment from Anonymous
Time: January 13, 2006, 11:39 am
Can’t say it’s really surprising about the book - the author appears to be the sort of guy who writes “(This Certificate / Skill) in 24 Hours” type books. The subject was bound to attract someone who saw a market (as there is one), but lacked the actual insight to deliver something worthwhile. The longer there isn’t a good book on this out, the more mediocre books we’ll get.
Write a comment