If you read just half an hour a day more than your competition, you can usually get ahead. TLDR can help you focus your reading on materials that are more aligned with your professional objectives. If you are involved in any sort of OT network, be it as systems integrator, a pen tester, a systems admin or a manager, you should probably read this book.
Industrial Cybersecurity: Efficiently Monitor the Cybersecurity Posture of Your ICS Environment by Pascal Ackerman has a title as informative as it's contents. The book is less dry than many others on this list, but covers enough technical points to be useful. The chapters and sections have predictable titles, like "Designing for security" or "Security monitoring."
The majority of the book discusses this from the IT perspective, which is to be expected. However, the author clearly has some time in the field. He clearly understands the technical matters, but I really appreciate his understanding of the longevity of an industrial system and the managerial / technical clashes.
In one section discussing firewalls in the demilitarized zone, he notes "The reality is that, over time, the configuration of the firewall in the middle there will have as many holes pocked in it as a piece of Swiss cheese... This begs the question, with all these firewall exceptions in place: is it still a firewall, or did we just build a glorified router?"
In another section, the author discusses the various iterations of plant OT / IT networks. It is refreshing to see someone both demonstrate an understanding of the various generations of technology on a site, as well as giving actionable advice on the systems.
I give it 8-9 / 10. It covers what it says it will and gives practical, actionable advice along with technical examples. (I do not pretend to agree with everything in it, specifically the trade-offs for operation. If I were in upper management, I would seriously consider the risk/reward benefit and where I locate staff.) If you are just a wire jockey, or you are only interested in hardware, this book is not for you. If you are plant staff looking to understand your options or anyone I listed in the introduction, give this book a shot!
Comments