Search  for anything...

Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions

  • Based on 91 reviews
Condition: New
Checking for product changes
$46.15 Why this price?
Holiday Deal · 30% off was $66.00

Buy Now, Pay Later


As low as $11 / mo
  • – 4-month term
  • – No impact on credit
  • – Instant approval decision
  • – Secure and straightforward checkout

Ready to go? Add this product to your cart and select a plan during checkout. Payment plans are offered through our trusted finance partners Klarna, PayTomorrow, Affirm, Afterpay, Apple Pay, and PayPal. No-credit-needed leasing options through Acima may also be available at checkout.

Learn more about financing & leasing here.

Selected Option

Free shipping on this product

This item is eligible for return within 30 days of receipt

To qualify for a full refund, items must be returned in their original, unused condition. If an item is returned in a used, damaged, or materially different state, you may be granted a partial refund.

To initiate a return, please visit our Returns Center.

View our full returns policy here.


Availability: In Stock.
Fulfilled by Amazon

Arrives Wednesday, Dec 25
Order within 5 hours and 22 minutes
Available payment plans shown during checkout

Format: Paperback


Description

Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product. Secure your ICS and SCADA systems the battle-tested Hacking Exposed™ wayThis hands-on guide exposes the devious methods cyber threat actors use to compromise the hardware and software central to petroleum pipelines, electrical grids, and nuclear refineries. Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets and Solutions shows, step-by-step, how to implement and maintain an ICS-focused risk mitigation framework that is targeted, efficient, and cost-effective. The book arms you with the skills necessary to defend against attacks that are debilitating―and potentially deadly. See how to assess risk, perform ICS- specific threat modeling, carry out penetration tests using “ICS safe” methods, and block malware. Throughout, the authors use case studies of notorious attacks to illustrate vulnerabilities alongside actionable, ready- to-deploy countermeasures.Learn how to: • Assess your exposure and develop an effective risk management plan • Adopt the latest ICS-focused threat intelligence techniques • Use threat modeling to create realistic risk scenarios • Implement a customized, low-impact ICS penetration-testing strategy • See how attackers exploit industrial protocols • Analyze and fortify ICS and SCADA devices and applications • Discover and eliminate undisclosed “zero-day” vulnerabilities • Detect, block, and analyze malware of all varieties Read more


Publisher ‏ : ‎ McGraw Hill; 1st edition (September 13, 2016)


Language ‏ : ‎ English


Paperback ‏ : ‎ 416 pages


ISBN-10 ‏ : ‎ 1259589714


ISBN-13 ‏ : ‎ 13


Item Weight ‏ : ‎ 1.38 pounds


Dimensions ‏ : ‎ 7.38 x 0.94 x 9.12 inches


Best Sellers Rank: #175,905 in Books (See Top 100 in Books) #6 in Computer Hardware Control Systems #120 in Computer Hacking #143 in Computer Network Security


#6 in Computer Hardware Control Systems:


#120 in Computer Hacking:


Frequently asked questions

If you place your order now, the estimated arrival date for this product is: Wednesday, Dec 25

Yes, absolutely! You may return this product for a full refund within 30 days of receiving it.

To initiate a return, please visit our Returns Center.

View our full returns policy here.

  • Klarna Financing
  • Affirm Pay in 4
  • Affirm Financing
  • Afterpay Financing
  • PayTomorrow Financing
  • Financing through Apple Pay
Leasing options through Acima may also be available during checkout.

Learn more about financing & leasing here.

Top Amazon Reviews


  • A really good resource for industrial security, with a (much needed) fresh perspective
Back in the day when the original "Hacking Exposed" first came out, it was relatively "ground breaking". But over time, I wouldn't say each subsequent book in the series has "exposed" much in terms of "hacking". Every title in the series has pretty much been a collective of existing tools and techniques for the respective category being covered. For those with intro level skills this is completely fine, but the series title is a bit misleading. This edition "Industrial Control Systems" is no exception. However, when it comes to ICS, I don't feel like this is a bad thing. The reason I bought this book is because I am familiar with some of the authors' professional work. They are trusted and respected professionals in the "ICS community" and, as an automation engineer (having been converted to the PCN/IT guy), I have attended some of their conference talks and classes. I was naturally looking forward to this publication. AREAS WITH ROOM FOR IMPROVEMENT: The book covers a very broad range of industrial security topics so it's not surprising that it doesn't go into great detail in some of the subjects covered. For example, Chapter 1 is a very high level (maybe too high) of industrial control systems. It might be ok for someone new to ICS with some knowledge but I think it should go a little deeper for those completely new to ICS/automation systems, even though a "further reading list" is provided. Chapter 4 (ICS Pentesting Strategies) had potential and I think is still useful, but I would have like to have seen more technical details and labs (I get that it's a "strategy" chapter but more supporting detail would have been helpful). Chapter 7 (ICS Vulnerability Research) was very interesting and informative for someone like me, but not very practical. I would love to see more technical instruction and labs in that one! Chapter 8 was a good overview of/introduction to "ICS related" malware, but it was pretty high-level and can be found in much more detail around the internet. It's informative but more detail might be more practical for more technical folks. I'm on the fence about Chapter 9. It's a decent list of industrial security standards along with thorough descriptions, but it doesn't go much further than that. Then again, how much more can you say about them without writing a book about compliance. I imagine it's quite useful for someone new to industrial security and unfamiliar with the different standards one might need to consider. Chapter 10 tied everything together nicely with obligatory mitigation advice but as the authors mention, much more comprehensive books have been written on the subject of mitigation. This chapter would have been much more successful with more precise mapping back to the vulnerabilities each countermeasure pertains to. Overall I would say these chapters might still be useful to certain audiences, but could be welcome additions to a second edition. The diagrams in the appendices would be more useful if they were accompanied by further descriptions and/or instructions (or at least referenced back to the corresponding chapters/steps). AREAS OF SIGNIFICANT VALUE: The fact that it's NOT entirely written like a traditional "Hacking Exposed" book is probably one of the most useful aspects for me. The entire structure and flow of the book is from the point of view of measuring risk to industrial systems. The risk to safety and production primary concerns for me as they are for every operator and/or asset owner. This is a perspective that makes sense to me and I found the overall context placed in the risk assessment process relevant and useful. So for me Chapters 2 and 3 are gold. The overall risk assessment process is laid out step-by-step in plain English and these chapters are full of information, details, references, and examples. "Threat modeling" and the "offensive" perspective" are insights I hadn't really considered before (and I'm betting the same is true for many in my industry). The authors are bang on the money about how this industry thinks about industrial "security" and they present some of the more "taboo" subjects in a way that takes some of the fear away from them. They successfully demonstrate how these "alternative" methods can be used to enhance risk mitigation. Chapters 5 and 6 felt more like the traditional "Hacking Exposed" books. Even though Chapter 6 was still a bit over my head, I think more step-by-step examples and labs would be more practical for many people. Still very interesting and I like the fact it tied every vulnerability to a real-world ICS-CERT advisory. Chapter 5 is what really hit home for me and was flat out scary. However, I have already begun using the examples provided to test my own equipment in my lab. This "offensive" point of view is a much needed perspective IMHO. It's what sets this book apart from other "industrial security" books (as in a good complimentary additition) and quite frankly, adds an element of "fun" (in a scary sort of way, which is why I thought the case studies were really good). Overall, this book is not everything to everybody. There are areas I'd personally like to see improvement on if there is a second edition. But it's still a very useful reference for me and I learned quite a bit. It's a good balance between ICS risk assessment and "hacking"/pentesting (at a high level). Can most everything throughout the book be found elsewhere on the internet with simple Google searching? According to the authors themselves, yes. But I don't know for sure because I didn't take the time to look. I don't have to. The authors have done that work for me and provided it here in a single organized reference. For me, that fact alone was worth the cost of the book. ... show more
Reviewed in the United States on September 28, 2016 by Sydney

  • This book is a great resource for ICS Security professionals and Penetration Testers
I was very excited to see this book announced, although I wasn’t sure what to expect because for me personally, the “Hacking Exposed” book series has been hit or miss over the years. Some have been really good, while others weren’t really for me. I’ve finally finished reading this one and here are my thoughts: First, and contrary to a negative review that I saw posted. This book successfully delivers what it claims. In the introduction, the authors state very clearly what the book is intended for and what it isn’t. They don’t claim to release “0days” or anything that isn’t already publically available. In fact, none of the "Hacking Exposed" books have ever really about that. They also don’t claim to be a complete step-by-step penetration testing guide. They do however provide excellent references and resources for everything that they do not cover in detail. For me, the success and usefulness of the book is the way that the authors have taken all of this ICS security relevant information that is scattered about all over the place, and put it together in one book, organized in a cohesive and strategic manner that is specifically applicable to ICS. The authors clearly understand asset owners and operators as well as their systems and operations. If you are an experienced “hardware hacker” guru then no, this book probably isn’t going to dazzle you with new cutting edge techniques. But I don’t think that is the intended purpose of the book and the authors don’t claim as much. I think experienced penetration testers can probably benefit from the ICS specific strategies that the authors lay out, and maybe even some of the techniques in later chapters. I agree that there could be more hands on labs and step-by-step instruction on the examples provided, but I appreciate the fact that they are not exactly providing a step-by-step playbook for just any “script kiddie” that might want to attack a plant, refinery, substation, etc. I feel like this book adequately provides what you need, to those that need it, and references to further reading for those that want/need more. I find that this book is a good “follow-on” companion to other ICS security books on my shelf such as “Industrial Network Security” by Joel Langill (SCADAHacker himself) and Eric Knapp and “Cyber Security for Industrial Control Systems” by Bryan Singer et all (who is also a co-author for this book). It completes the overall picture by providing some detail on the more offensive perspective. The case studies were very interesting and entertaining for me, and helped me get my head around the big picture. Chapter 1 did seem a little light if you are looking for more details about ICS/SCADA in general, but I think it was adequate enough to comprehend what is covered in this book. Chapters 2 and 3 were also very interesting to me because I’ve never seen anyone explain risk assessment and threat modeling from an ICS perspective like that before. Very well done and I think this is where asset owners and operators will get the most benefit. Chapters 4-8 are the more technical chapters with the classic “Hacking Exposed” feel to it. Yes there are some cross-referenced methods and tools but I certainly wasn’t aware of them. In the end, is this book the end all be all? No. But it doesn’t claim to be. It is a much needed reference from a different perspective for the ICS security community. ... show more
Reviewed in the United States on September 25, 2016 by Matthew Anderson

  • This is an excellent introduction to ICS security that can benefit several audiences ...
This is an excellent introduction to ICS security that can benefit several audiences including infosec or software engineers looking to enter ICS security or controls engineers looking for a "red team" view of the systems they are building. It is precisely what I expected based on the preview that is available without purchase. Chapter 5 and Chapter 6 stand out in particular; the former provides an excellent overview of several popular ICS protocol vulnerabilities and the latter provides several easy to understand examples of exploitation strategies. That said, a few points worth noting: - I've not read other "Hacking Exposed" books so I cannot speak to how it compares to other offerings. I will point out that it is highly unlikely any single volume can cover security topics in a way that adequately addresses the variation of ICS hardware, software, protocols, and deployment strategies. - As with any introductory book, this one favors breadth over depth and is thus likely to disappoint all readers in some regard, e.g. those with a controls engineering background can likely skip Chapter 1. - Chapters 2 and 3 are devoted to ICS Risk Assessment and Threat Modeling - excellent and useful material but further indication that this is not strictly a handbook for "hacking" ICS. ... show more
Reviewed in the United States on July 30, 2017 by Ryan

Can't find a product?

Find it on Amazon first, then paste the link below.