Hackers and antisocial elements use cyber-attacks as powerful weapons. A typical cyber-attack damages computing and information systems and thus disturbs the organization heavily. A cyber-physical attack is a type of cyber-attack through which a hacker damages building equipment using malware in a building control system (BCS). This causes more loss than a typical cyber-attack because a physical attack requires critical and time-consuming recovery procedures. With more and more web-enabled components from different vendors becoming part of the modern BCS, preventing cyber-physical attacks is becoming more challenging.

Certainly developing effect recovery procedures after a cyber-physical attack is one of the most important requirements for any organization. This book provides templates, frameworks, and general guidelines for effectively managing BCS and supervisory control and data acquisition (SCADA) systems.

The book has 12 chapters. The first two provide an overview and describe different types of cyber-physical attacks, while the last three chapters provide general guidelines and steps for preparing recovery procedures with suitable templates. Chapters 3 to 9 provide case studies for preventing hackers from destroying various critical components of the building such as boilers, pressure vessels, chillers, cooling towers, backup generators, and so on.

Ayala provides many practical guidelines and demonstrates his rich knowledge in managing BCSs against cyber-physical attacks. Whenever he uses jargon from electrical/mechanical/computer engineering fields, he provides proper explanations. This makes the book comprehensive and interesting.

In chapter 1, Ayala goes over and above providing a bird’s-eye view of cyber-physical attack recovery procedures by presenting an important attack called “cyber booby-trap” in a detailed way. He also touches upon other malware, namely, canary and honeypot. The block diagram provided at the end of chapter 1 on “recovery process mission critical systems” speaks to the depth and reality of the author’s approach. After presenting the specific case studies from chapters 3 to 9, Ayala provides a number of useful forms and checklists in the last three chapters, for the recovery process.

I am very impressed by the method of presentation, which again and again reflects the author’s rich experience in providing realistic solutions to practical problems. This is a must-read book for anyone who manages the cyber-security division of an organization, particularly those involving BCS and SCADA. This book will also be useful for conducting multidisciplinary research involving electrical, mechanical, civil, and computer engineers.

More reviews about this item: Amazon