Risk Management for Operational Technology (OT) Systems
暫譯: 運營技術 (OT) 系統的風險管理

Radvanovsky, Robert, Mustard, Steven

Risk Management for Operational Technology (OT) Systems
  • 出版商: CRC
  • 出版日期: 2026-04-30
  • 售價: $3,040
  • 貴賓價: 9.5$2,888
  • 語言: 英文
  • 頁數: 308
  • 裝訂: Hardcover - also called cloth, retail trade, or trade
  • ISBN: 1041006829
  • ISBN-13: 9781041006824
  • 相關分類: Penetration-test

    • 尚未上市,無法訂購

商品描述

Risk Management for Operational Technology (OT) Systems highlights the importance of applying risk assessments specifically tailored to OT environments, rather than relying solely on traditional IT-focused approaches.

Conventional IT and enterprise risk management methods often fail to adequately address OT systems--despite their critical role in sustaining and maintaining the operational status of essential infrastructure. As such, OT environments demand greater attention and specialized frameworks.

Historically, industries such as petrochemical refining and nuclear power generation have implemented comprehensive safety and risk assessments, covering every aspect of operations. These rigorous processes, refined over decades, have proven highly effective in ensuring safe, stable, and optimized production. OT computing systems within these facilities were traditionally isolated from corporate IT networks, making their performance and risk profile well-understood and reliably managed through engineered specifications.

However, the situation has changed. Modern requirements for integration, interoperability, and remote accessibility mean that formerly isolated OT systems are now increasingly interconnected with IT networks and, in many cases, the wider internet. This connectivity introduces new vulnerabilities, exposing once-secure operational systems to external threats and sophisticated adversaries.

The authors propose a modern approach to risk management in OT, one that recognizes these new realities. This approach emphasizes proactive measures to operationally protect legacy and modern OT systems alike from tampering, intrusion, and cyberattack--ensuring that critical infrastructure can remain resilient, safe, and reliable in a connected world.

商品描述(中文翻譯)

運營技術 (OT) 系統的風險管理》強調了針對 OT 環境進行專門量身定制的風險評估的重要性,而不是僅僅依賴傳統的以 IT 為中心的方法。

傳統的 IT 和企業風險管理方法往往無法充分應對 OT 系統,儘管它們在維持和保持關鍵基礎設施的運營狀態中扮演著至關重要的角色。因此,OT 環境需要更多的關注和專門的框架。

歷史上,石化精煉和核能發電等行業已經實施了全面的安全和風險評估,涵蓋了運營的各個方面。這些經過數十年精煉的嚴格流程已被證明在確保安全、穩定和優化生產方面非常有效。這些設施內的 OT 計算系統傳統上與企業 IT 網絡隔離,使其性能和風險特徵得以通過工程規範進行良好的理解和可靠的管理。

然而,情況已經改變。現代對整合、互操作性和遠程可訪問性的要求意味著以前隔離的 OT 系統現在越來越多地與 IT 網絡以及在許多情況下與更廣泛的互聯網相互連接。這種連接引入了新的脆弱性,使曾經安全的運營系統暴露於外部威脅和複雜的對手之下。

作者提出了一種現代的 OT 風險管理方法,認識到這些新的現實。這種方法強調主動措施,以在運營上保護傳統和現代 OT 系統免受篡改、入侵和網絡攻擊,確保關鍵基礎設施在互聯網連接的世界中保持韌性、安全和可靠。

作者簡介

Robert Radvanovsky is an active professional in the United States with over 50 years of knowledge in security, engineering, risk management, business continuity, and disaster recovery planning and remediation. He has numerous degrees in business administration, engineering, and computer science. He has significantly contributed to establishing several certification programs, specifically in the areas of critical infrastructure protection (utilizing a holistic/all-hazards approach to CIP, rather than NERC CIP), cyber forensics, cybersecurity (encompassing IT, OT, and control systems), and incident response management. Bob has a special interest and knowledge in matters of critical infrastructure and has published numerous articles and research papers, and is considered a World-renowned expert regarding this topic. Although he has been significantly involved in establishing security training and awareness programs through his company, Infracritical, his extracurricular activities include working with several professional accreditation and educational institutions on topics such as homeland security, critical infrastructure, and cybersecurity. He is the owner of the SCADASEC mailing list for SCADA and control systems security discussion forums, while working as an active participant with several industry-related as well as U.S. government-related special interest groups pertaining to critical infrastructure protection, cybersecurity (specifically OT and control systems) and incident response management. Additionally, he has written numerous books pertaining to critical infrastructure protection and assurance, homeland security, policy management, information security and privacy, infrastructure protection law, regulatory and compliance standards for cybersecurity (specifically OT and control systems), cybercrime, transportation systems security, and more. He has authored Critical Infrastructure: Homeland Security and Emergency Preparedness (First Edition), co-authored with Allan McDougall on the Critical Infrastructure: Homeland Security and Emergency Preparedness (Second, Third, Fourth and Fifth Editions) and the Transportation Systems Security books, as well as co-authored/co-edited with Jacob Brodsky on the Handbook of SCADA / Control Systems Security (First and Second Editions) books; and, has written several chapters in numerous books pertinent to cybercrime, cyber forensics, cyber e-discovery, cybersecurity law, international cybersecurity law, international cybersecurity policy (both NATO and private-sectored), risk and governance management, and incident response management.

Steve Mustard is an industrial automation consultant with extensive technical and management experience across multiple sectors. He is a licensed Professional Engineer (PE) in Texas and Kansas, ISA Certified Automation Professional(R) (CAP(R)), UK registered Chartered Engineer (CEng), European registered Engineer (Eur Ing), GIAC Global Industrial Cyber Security Professional (GICSP), and Certified Mission Critical Professional (CMCP). Backed by more than 35 years of engineering experience, Mustard specializes in the development and management of real-time embedded equipment and automation systems and cybersecurity risk management related to those systems. He serves as president of National Automation, Inc. Mustard is a member of the Water Environment Federation (WEF) Safety and Security Committee. He was the 2021 President of the International Society of Automation (ISA) and is a Liveryman of the Worshipful Company of Engineers. Mustard writes and presents on a wide array of technical topics and is the author of Industrial Cybersecurity, Case Studies and Best Practices and Mission Critical Operations Primer, both published by ISA, and A Guide to Cybersecurity for Water and Wastewater Utilities, published by WEF. He has also contributed to other technical books, including WEF's Design of Water Resource Recovery Facilities, Manual of Practice No.8, Sixth Edition and The Digital Twin book, published by Springer. Mustard's previous and current client list includes: the UK Ministry of Defense; NATO; major utilities, such as Anglian Water Services and Sydney Water Corporation; major oil and gas companies, such as bp, BG Group, and Shell; Fortune 500 companies, such as Quintiles Laboratories; and other leading organizations.

作者簡介(中文翻譯)

羅伯特·拉德瓦諾夫斯基 是美國的一位活躍專業人士,擁有超過50年的安全、工程、風險管理、業務持續性以及災難恢復計劃和修復的知識。他擁有多個商業管理、工程和計算機科學的學位。他在建立幾個認證計劃方面做出了重要貢獻,特別是在關鍵基礎設施保護(採用整體/全危害方法進行CIP,而非NERC CIP)、網絡取證、網絡安全(涵蓋IT、OT和控制系統)以及事件響應管理等領域。Bob對關鍵基礎設施問題有特別的興趣和知識,並發表了多篇文章和研究論文,被認為是這一主題的世界知名專家。儘管他通過其公司Infracritical在建立安全培訓和意識計劃方面有顯著參與,但他的課外活動還包括與幾個專業認證和教育機構合作,探討如國土安全、關鍵基礎設施和網絡安全等主題。他是SCADA和控制系統安全討論論壇的SCADASEC郵件列表的擁有者,同時作為多個行業相關及美國政府相關的特殊利益小組的活躍參與者,涉及關鍵基礎設施保護、網絡安全(特別是OT和控制系統)以及事件響應管理。此外,他還撰寫了多本與關鍵基礎設施保護和保證、國土安全、政策管理、信息安全和隱私、基礎設施保護法、網絡安全的監管和合規標準(特別是OT和控制系統)、網絡犯罪、交通系統安全等相關的書籍。他著作了關鍵基礎設施:國土安全與應急準備(第一版),與艾倫·麥克杜格爾共同著作的關鍵基礎設施:國土安全與應急準備(第二、第三、第四和第五版)以及交通系統安全書籍,還與雅各·布羅德斯基共同編著的SCADA / 控制系統安全手冊(第一版和第二版);並在多本與網絡犯罪、網絡取證、網絡電子發現、網絡安全法、國際網絡安全法、國際網絡安全政策(包括北約和私營部門)、風險和治理管理以及事件響應管理相關的書籍中撰寫了幾個章節。

史蒂夫·馬斯特 是一位工業自動化顧問,擁有跨多個行業的廣泛技術和管理經驗。他是德克薩斯州和堪薩斯州的執業專業工程師(PE),ISA認證自動化專業人員(CAP(R)),英國註冊特許工程師(CEng),歐洲註冊工程師(Eur Ing),GIAC全球工業網絡安全專業人員(GICSP),以及認證任務關鍵專業人員(CMCP)。馬斯特擁有超過35年的工程經驗,專注於實時嵌入式設備和自動化系統的開發和管理,以及與這些系統相關的網絡安全風險管理。他擔任National Automation, Inc.的總裁。馬斯特是水環境聯盟(WEF)安全與安全委員會的成員。他曾擔任2021年國際自動化學會(ISA)會長,並是工程師公會的會員。馬斯特撰寫並演講多個技術主題,是工業網絡安全:案例研究與最佳實踐任務關鍵操作入門的作者,這兩本書均由ISA出版,以及由WEF出版的水和污水公用事業的網絡安全指南。他還為其他技術書籍做出了貢獻,包括WEF的水資源回收設施設計,實踐手冊第8號,第六版和由Springer出版的數位雙胞胎書籍。馬斯特的過去和現在的客戶名單包括:英國國防部;北約;主要公用事業,如安格利安水務和悉尼水務公司;主要石油和天然氣公司,如bp、BG集團和殼牌;《財富》500強公司,如Quintiles Laboratories;以及其他領先組織。

類似商品