Shop

Artificial Intelligence Notice: ISA prohibits the entry of any ISA intellectual property (“ISA IP”), including standards, publications, training or other materials into any form of Artificial Intelligence (AI) tools, such as ChatGPT. Additionally, creating derivatives of ISA IP using AI is also prohibited without express written permission from ISA’s CEO. In the case of such use, ISA will suspend a licensee’s access to ISA IP, and further legal action will be considered. Please review ISA's policies for Use of AI Tools, Intellectual Property and Terms and Conditions for further information.

Important Notice: Print books are temporarily unavailable. As of 12 August 2025, print books are no longer available for purchase on isa.org, but beginning 1 January 2026, they will be available for purchase through our publishing partner, Wiley. Kindle and ePub formats are still available via the links on each book's product page on isa.org. Learn More.

Cancel
SM

Q&A with ISA Author Ronald L. Kutz

Industrial  Automation and Control System Security Principles, Second Edition

ISA recently published the second edition of Industrial Automation and Control System Security Principles by Ronald L. Krutz, Ph.D., P. E., CISSP, ISSEP, Chief Scientist at Security Risk Solutions, Inc. The title of the second edition—Industrial Automation and Control System Security Principles: Protecting Critical Infrastructure— was expanded and updated to reflect the latest advances in industrial automation and control system (IACS) security. IACS serve as the operational underpinnings of critical infrastructure, such as power generation, water treatment, petroleum and chemical processing and other vital operations.

In this Q&A feature, Dr. Krutz highlights the importance of the book’s new and enhanced content.

Note: A brief author biography is included at the bottom of this page.

Ronald L. Krutz
Why were you compelled to publish an updated edition? What differentiates the second edition from the initial version?

I wanted to cover the latest thinking and approaches to IACS security. This new edition addresses the most recent, formal methods and their practical applications fto IACS security. The book is able to describe the latest advances in cybersecurity and critical infrastructure protection from industrial, governmental and commercial sources, and show how they can be practically applied to protect IACS.

Could you outline, in specifics, the new and enhanced areas of content in the second edition?

The second edition of my book contains a significant amount of new and enhanced content. This was needed to cover and describe all the significant technologies and methodologies that have been developed since the publication of the first edition. 

There is an entirely new chapter, Chapter 9, on emerging approaches to industrial automation and control system security. The new content includes such topics as the internet of things (IoT), the industrial internet of things (IIoT), the open platform communications unified architecture (OPC UA) (IEC 62541), Industry 4.0, the "OWASP IoT Top Ten" security categories, big data analytics, the NIST Big Data Interoperability Framework, the NIST Framework for Cyber-Physical Systems, the NIST Framework for Improving Critical Infrastructure Cybersecurity and software-defined elements.

In addition, Chapter 6 has been significantly updated to include the new versions of NIST Special Publication (SP) 800-53 Revision 4, “Recommended Security Controls for Federal Information Systems;” NIST Special Publication 800-82, Revision 2 “Guide to Industrial Control Systems Security;” and North American Electric Reliability Corporation (NERC), Critical Infrastructure Protection (CIP) Cybersecurity Standards, Version 5. As in the previous edition, it also includes coverage of ANSI/ISA-99.01.01-2007, “Security Technologies for Industrial Automation and Control Systems;” Department of Homeland Security; Catalog of Control Systems Security Recommendations for Standards Developers;” Advanced Metering Infrastructure (AMI) System Security Requirements; and a tabular consolidation of best practices for IACSs.          

Chapter 5 has been updated to include coverage of the latest attacks on critical infrastructure systems.  In addition to Stuxnet, the overview of malware includes the Shamoon Trojan Horse, Flame modular computer malware, the Norway cyberattack and Havex.

Chapter 8 includes updated coverage of NIST SP 800-1371, “Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations,” in applications to IACSs, the Smart Grid Maturity Model (SGMM); and the Introduction to NISTIR 7628, “Guidelines for Smart Grid Cybersecurity.”

I also have added a new appendix, Appendix B to the second edition. This new appendix comprises ICS Supplemental Guidance for NIST SP 800-53 Security Controls.

The new and updated chapters also include revised end-of-chapter review questions.

What areas of new and enhanced content would you particularly want to highlight and encourage readers to focus on?

I point out the following sections and topic areas as being particularly valuable and informative.

  • Industrial Internet of Things (IIoT) 
  • Open Platform Communications Unified Architecture (OPC UA) (IEC 62541)
  • Industry 4.0
  • Big Data Analytics
  • NIST Big Data Interoperability Framework
  • NIST Framework for Cyber-Physical Systems
  • NIST Framework for Improving Critical Infrastructure Cybersecurity
  • NIST Special Publication 800-82\, Revision 2 “Guide to Industrial Control Systems Security”
  • NIST Special Publication (SP) 800-53 Revision 4, “Recommended Security Controls for Federal Information Systems”
  • Coverage of latest IACS malware
 

Obtain your copy of Industrial Automation and Control System Security Principles\, Second Edition today.

To get your copy of this informative book, order it today on the ISA website.

 

Meet the Author

Ronald L. Krutz
Ronald L. Krutz, Ph.D., P.E., CISSP, ISSEP, is a scientist and consultant specializing in cybersecurity services.

Dr. Krutz is Chief Scientist for Security Risk Solutions, Inc. in Mount Pleasant, South Carolina. He has more than 30 years of experience in industrial automation and control systems, distributed computing systems, computer architectures, information assurance methodologies and information security training.

Dr. Krutz has served as: a Senior Information Security Consultant at Lockheed Martin, BAE Systems, and REALTECH Systems Corporation; an Associate Director of the Carnegie Mellon Research Institute (CMRI); founder and Director of the CMRI Computer Engineering and Cybersecurity Centers; a faculty member of the Carnegie Mellon University Department of Electrical and Computer Engineering; and a lead instructor for (ISC)2 Inc. in its Certified Information Systems Security Professionals (CISSP) training seminars.

He authored the book, Securing SCADA Systems, and three textbooks on microcomputer system design, computer interfacing and computer architecture. He holds seven patents in the area of digital systems, and has published a variety of technical papers.

He also coauthored the following books for John Wiley and Sons, a global publishing company:

  • The CISSP Prep Guide
  • The Wiley Advanced CISSP Prep Guide
  • The CISSP Prep Guide, Gold Edition
  • The Security + Certification Guide
  • The CISM Prep Guide
  • The CISSP Prep Guide, Second Edition
  • Mastering CISSP and ISSEP (Information Systems Security Engineering Professional)
  • The Network Security Bible
  • The CISSP and CAP (Certification and Accreditation Professional) Prep Guide, Platinum Edition (Mastering CISSP and CAP)
  • The Certified Ethical Hacker (CEH) Prep Guide
  • Cloud Computing Security
  • Web Commerce Security

Dr. Krutz also is a Senior Fellow of the International Cyber Center of George Mason University and a Senior Life Member of the IEEE.

He earned his Bachelor of Science, Master of Science and Doctorate degrees in Electrical and Computer Engineering. He is a Registered Professional Engineer in the state of Pennsylvania.