This book by George Loukas surveys the field. (Amazon)
In general, there's pretty broad consensus that there is a train-wreck coming in the area of cyber-physical systems because of the little attention being paid to security in this area. It's even pretty common for security professionals to joke around the coffee pot about the "stupidity" of engineers who deploy network-connected systems without even rudimentary defenses. However, if we're going to prevent the coming train-wreck, we're going to have to learn how to talk to the people designing these systems and they speak a different language than us. Loukas' book goes a long way toward equipping the security professional to enter this mysterious world and begin to effectively interact with its denizens. Definitely a recommended read.Review, Computing Reviews
The most valuable part of the book to me is the discussion of steps in cyberphysical attacks, which are divided into reconnaissance, discovery, intrusion, attack delivery (comprising nearly two dozen examples), and antiforensics. Dissecting the attacks this way makes a lot of sense from an analytical perspective and facilitates further studies of the subject matter.
Comments
Post a Comment