Industrial  Automation and Control System Security Principles, Second Edition

ISA recently published the second edition of Industrial Automation and Control System Security Principles by Ronald L. Krutz, Ph.D., P. E., CISSP, ISSEP, Chief Scientist at Security Risk Solutions, Inc. The title of the second edition—Industrial Automation and Control System Security Principles: Protecting Critical Infrastructure— was expanded and updated to reflect the latest advances in industrial automation and control system (IACS) security. IACS serve as the operational underpinnings of critical infrastructure, such as power generation, water treatment, petroleum and chemical processing, and other vital operations.

In this Q&A feature, Dr. Krutz highlights the importance of the book’s new and enhanced content.

Note: A brief author biography is included at the bottom of this page.

Ronald L. Krutz
Q. Why were you compelled to publish an updated edition? What differentiates the second edition from the initial version?

A. I wanted to cover the latest thinking and approaches to industrial automation and control system (IACS) security.  This new edition addresses the most recent, formal methods and their practical applications to IACS security.  The book is able to describe the latest advances in cybersecurity and critical infrastructure protection from industrial, governmental, and commercial sources, and show how they can be practically applied to protect IACS.

Q. Could you outline, in specifics, the new and enhanced areas of content in the second edition?

A. The second edition of my book contains a significant amount of new and enhanced content. This was needed to cover and describe all the significant technologies and methodologies that have been developed since the publication of the first edition. 

There is an entirely new chapter, Chapter 9, on emerging approaches to industrial automation and control system security. The new content includes such topics as the Internet of Things (IoT), the Industrial Internet of Things (IIoT), the Open Platform Communications Unified Architecture (OPC UA) (IEC 62541), Industry 4.0, the OWASP “Internet of Things Top Ten”  security categories, Big Data Analytics, the NIST Big Data Interoperability Framework, the NIST Framework for Cyber-Physical Systems, the NIST Framework for Improving Critical Infrastructure Cybersecurity, and Software-Defined Elements.

In addition, Chapter 6 has been significantly updated to include the new versions of NIST Special Publication (SP) 800-53 Revision 4, “Recommended Security Controls for Federal Information Systems;” NIST Special Publication 800-82, Revision 2 “Guide to Industrial Control Systems Security;” and North American Electric Reliability Corporation (NERC), Critical Infrastructure Protection (CIP) Cybersecurity Standards, Version 5.  As in the previous edition, it also includes coverage of ANSI/ISA-99.01.01-2007, “Security Technologies for Industrial Automation and Control Systems;” Department of Homeland Security; Catalog of Control Systems Security Recommendations for Standards Developers;” Advanced Metering Infrastructure (AMI) System Security Requirements; and a tabular Consolidation of Best Practices Controls for Industrial  Automation  and  Control  Systems.          

Chapter 5 has been updated to include coverage of the latest attacks on critical infrastructure systems.  In addition to Stuxnet, the overview of malware includes the Shamoon Trojan Horse, Flame modular computer malware, the Norway cyberattack, and Havex.

Chapter 8 includes updated coverage of NIST SP 800-1371, “Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations;” in applications to Industrial Automation and Control Systems, The Smart Grid Maturity Model (SGMM); and the Introduction to NISTIR 7628, “Guidelines for Smart Grid Cybersecurity.”

I also have added a new appendix, Appendix B to the second edition.  This new appendix comprises ICS Supplemental Guidance for NIST SP 800-53 Security Controls.

The new and updated chapters also include revised end-of-chapter review questions.

Q. What areas of new and enhanced content would you particularly want to highlight and encourage readers to focus on?

I point out the following sections and topic areas as being particularly valuable and informative.

  • Industrial Internet of Things (IIoT) 
  • The Open Platform Communications Unified Architecture (OPC UA) (IEC 62541)
  • Industry 4.0
  • Big Data Analytics
  • The NIST Big Data Interoperability Framework
  • NIST Framework for Cyber-Physical Systems
  • NIST Framework for Improving Critical Infrastructure Cybersecurity
  • NIST Special Publication 800-82\, Revision 2 “Guide to Industrial Control Systems Security”
  • NIST Special Publication (SP) 800-53 Revision 4, “Recommended Security Controls for Federal Information Systems”
  • Coverage of latest IACS malware


Obtain your copy of Industrial Automation and Control System Security Principles\, Second Edition today.

To get your copy of this informative book, order it today on the ISA website.


Meet the Author

Ronald L. Krutz
Ronald L. Krutz, Ph.D., P.E., CISSP, ISSEP, is a scientist and consultant specializing in cybersecurity services.

Dr. Krutz is Chief Scientist for Security Risk Solutions, Inc. in Mount Pleasant, South Carolina. He has more than 30 years of experience in industrial automation and control systems, distributed computing systems, computer architectures, information assurance methodologies and information security training.

Dr. Krutz has served as: a Senior Information Security Consultant at Lockheed Martin, BAE Systems, and REALTECH Systems Corporation; an Associate Director of the Carnegie Mellon Research Institute (CMRI); founder and Director of the CMRI Computer Engineering and Cybersecurity Centers; a faculty member of the Carnegie Mellon University Department of Electrical and Computer Engineering; and a lead instructor for (ISC)2 Inc. in its Certified Information Systems Security Professionals (CISSP) training seminars.

He authored the book, Securing SCADA Systems, and three textbooks on microcomputer system design, computer interfacing and computer architecture. He holds seven patents in the area of digital systems, and has published a variety of technical papers.

He also coauthored the following books for John Wiley and Sons, a global publishing company:

  • The CISSP Prep Guide
  • The Wiley Advanced CISSP Prep Guide
  • The CISSP Prep Guide, Gold Edition
  • The Security + Certification Guide
  • The CISM Prep Guide
  • The CISSP Prep Guide, Second Edition
  • Mastering CISSP and ISSEP (Information Systems Security Engineering Professional)
  • The Network Security Bible
  • The CISSP and CAP (Certification and Accreditation Professional) Prep Guide, Platinum Edition (Mastering CISSP and CAP)
  • The Certified Ethical Hacker (CEH) Prep Guide
  • Cloud Computing Security
  • Web Commerce Security

Dr. Krutz also is a Senior Fellow of the International Cyber Center of George Mason University and a Senior Life Member of the IEEE.

He earned Bachelor of Science, Master of Science, and Doctorate degrees in Electrical and Computer Engineering, and is a Registered Professional Engineer in the state of Pennsylvania.