SCADA and Me: A Book for Children and Management

I really wanted to like this book. I bought 5 copies because it was so well received at the IIW conference, but I hadn't read it yet. Now I find that not only can I not recommend it, but I'm not giving the copies to my grandson's elementary school as I'd planned, nor letting him read it. I gave it a couple of stars just for getting a kids book about SCADA published. It's a great topic. I just wish it had been covered better. I have a personal rule about not posting negative reviews of works of authorship (hard goods are fair game) so I am compelled to give my reasons for making an exception. You may disagree as to how important these factors are and if so I'm happy to mail you a copy of the book for the price of postage. I have 5 so the first 5 takers get a free book. Don't post your address in public though. Send me a Twitter DM or something.The book begins with little Bobby in a field overlooking a nuclear power station asking "SCADA? What's SCADA?" His mentor Matt walks up and upon asking what's wrong, Bobby explains "I've been asked to protect SCADA." The book's subtitle is "A book for children and management" and there's no explanation for why a child would EVER be asked to protect SCADA. Bobby is obviously a proxy for "management" who are the real audience of the book.If I give the book to management, they might not like being characterized as children. If I give the book to my grandson or the elementary school, those kids will get the message that they are somehow responsible for "protecting SCADA" and that if they fail, real bad, real world things will happen. Sorry, in my opinion but that's way more responsibility than any kid of the appropriate age for this book should bear. It is not, in any way, shape or form, a child's responsibility to "protect SCADA."Next, Matt takes Bobby on a tour of several places where SCADA is used, including an auto manufacturing plant, water filtration plant and a power generating plant (presumably the nuclear one we saw earlier). We don't know how old Bobby is supposed to be but apparently he's a prodigy because after the tour he comments that "It doesn't look very secure!" which Matt confirms. When Bobby asks why not, Matt responds "that question remains a mystery!"It isn't actually a mystery at all. When the coolant tank in the nuclear reactor springs a leak, you do not want the operator scrambling to reset their password or update an expired certificate. The operations facility relies on many layers of physical security but once inside the secure area, systems security is minimal and that is intentional. Traditionally there was isolation of the operations network from the business network. Today there is often no such isolation. The control units pretty much all have web servers built in now so that the business network can get operations data out. Unfortunately, in many cases these interfaces have been made Internet accessible and that's why if you know the right search terms it is possible to use Google to find the control panels for water treatment plants, power plants, factories, etc.At no point in the book is it explained why Bobby needs to be so worried about protecting SCADA but is able to wander around the generator room and control room of a nuclear power generating facility, which is where the above discussion takes place. Bobby and Matt need to forget about SCADA for a moment, go find some machine guns and protect the facility until the security staff show up. In a book whose purpose is to convey the importance of SCADA security, that message is delivered in a context which implies the physical security is not important at all. If I'm undertaking to teach a child about SCADA security, that is the OPPOSITE of what I would want to tell them. That philosophy is what led to the connection of the operations networks to the business side networks and is how we got in this situation in the first place.At one point Bobby and Matt happen onto a systems contractor, a politician and an auditor all standing next to one another in a field. The contractor is pictured like the sterotypical sleazy used car salesman. The politician is drawn as Richard Nixon. The auditor looks like a spinster librarian with gray hair up in a bun and cat-eye glasses. Bobby is told these people cannot help him secure SCADA because they are "confused." As a rule, I'm against teaching kids to make decisions based on sweeping generalizations rather than critical thinking. Especially when the generalization carves out a population of strangers and attributes negative character traits to them. I tell kids not to assume anything about another person's character based on that person's race, religion, disability, etc. But it's OK to do that based on their profession as in this book? No. Of course not. Again, this is the OPPOSITE of the message I'd want to teach a child. Or a manager.The book concludes with Matt telling Bobby that "there is no easy or fast answer" and that "you must protect it yourself." Bobby is told to find the places that SCADA is used and then to "protect them like you would other computers." Actually, when we find the places SCADA is used we need to protect them like an operations network which, as noted above, focuses more on physical controls and isolation than on traditional IT security. The threat model, security architecture and controls in a SCADA system should be appropriate and purpose-built for a SCADA system and not simply copied from "other computers." Sorry, but I'm not installing Symantec Anti-Virus in the nuclear reactor and taking a chance it will quarantine the code that controls the coolant tank. Again, the is the OPPOSITE of what I'd tell a child. Or a manager.My last objection is that at the end Bobby despairs of ever being able to "protect SCADA." Matt then tells him it isn't easy but that by being extremely vigilant, highly educated, and participating in discussions with experts that it is possible to protect SCADA. This is EXACTLY the message I'd give a manager. But not a burden I want to place on a child.My overall evaluation is that as a security consultant I can't give the book to managers because they are portrayed as befuddled children. If I were inclined to make fun of managers, I might share the book in the break room with other like-minded technical people but that is not the kind of thing I'd do.To give this book to a child would be a net negative result and I'd then have to work with that child to reverse many of the messages taught. I *might* do that with the right child, but I'd never give the book to an elementary school where no teacher is likely to have the technical background to recognize many of the problems, let alone correct them. I'd hope teachers would at least recognize the stereotyping issue but that's about it. I hesitated to post a review at all but it's disguised as a kid's book, I know people are buying it for children and, for reasons explained, I believe it does more harm than good in that audience. If I saw this in the classroom, I'd ask the school to remove it.I'll close by noting that I do not have anywhere near the formal credentials that the author of this book does. In fact, I'm a high-school dropout and largely self-taught in my field. I make my living as a security consultant working with Enterprise messaging software (WebSphere MQ, specifically), spent several years at IBM in this capacity, but do not work with SCADA. I'm one of the people securing the "other computers" and my work so far overlaps SCADA a little bit. I don't believe that any of this makes me prejudiced against the author or this book. I'd probably like him if I met him, although he may not think too much of me at this point. But I'm disclosing my credentials so you can decide whether you believe there's a conflict of interest that taints my review. If you think I've made a good case, don't buy this for kids.

Introduces the concept of SCADA in the systems, but doesn't deliver on exactly what SCADA does. A little more detail would have been helpful.

I love this idea. The illustrations are cute. I had one fundamental problem. It begins by asking the question "What is SCADA?". By the end I knew what the acronym stood for and that it was used in a lot of systems but I still didn't know what SCADA is. Rule #1: If you begin a kids book with a question...answer the question. It wouldn't have been difficult to give one or two specific examples so kids could visualize what the system does."If this gets too hot....SCADA turns on the cooling system. If that doesn't work, SCADA tells us to take action. If something fails and we don't know what happened...SCADA logs can tell us what went wrong. SCADA remembers everything."I love the concept. I want more like this. Just try to answer the question.

The concept and execution of it in this book are brilliant. Those of a certain age and even a modicum level of nerdity cannot resist the format. It is also easy enough to comprehend that even senior management of large companies can comprehend its content and take away some very critical information on protecting those systems which are the workhorse of all our critical infrastructure. I hope it enjoys wide deployment and maybe a follow on to it on a related subject(s) ought to be strongly considered.

My husband is in computer security and took a course with the author so he ordered this for our son, who at 18 months really loves it. It's actually one of my son's favorites and he makes us read it multiple times a day (to the point where we have to sometimes hide it away for a break!). I like that it's taught me something new too.

"My husband and I bought this book because it seemed like such an intriguing topic. How could a children's book also be for management? By the end of the book, the answer was clear to me. How delightful! I didn't know anything about SCADA previously, but I learned a lot from the book and really enjoyed it's style. We shared the book with one of the local schools and it was a hit. We ordered a second shipment of copies to pass out to the students since it was so neat and informative. Thanks!"

Hilarious in its presentation using a condescending voice (tongue-in-cheek). Enjoyed by many in my team.

This is a good VERY basic introduction to the concept of SCADA and its environment. Not really any great detail.

Petite histoire sur le scada ! Très sommaire ! Plus adapté pour les plus jeunes ! Je m’attendais à une histoire plus longue !

SCADA and ME - A Book For Children and Management hits its marketed demographics perfectly. In my previous job as a SCADA software developer I had at least 30-40 computing/programming/security books on my desk for anyone to read. This book, out of all the others, was the most borrowed and read book.Content wise it is well illustrated, and covers the salient points of SCADA Security in language anyone can understand.Whilst dedicated technicians may not learn much new from this book, it is handy to have to pass on to the clueless manager. In that regard SCADA and Me ranks up there with "The Mythical Man Month" as a management training tool.

Having worked in the SCADA industry for the past 30 years, I was quite surprised and pleased to find a SCADA picture book. The book doesn't quite explain what SCADA is and does have a bit of a bias towards the lack of security in SCADA systems. This is warranted and SCADA vendors have not kept pace with the changes with regards to the Internet and connectivity of SCADA systems.

It's alright, expected as little more than what the acronym means and where it's used though

I bought this book knowing nothing about SCADA. I'm not a member of management and I'm not a child (maybe at heart) but I thought the concept was interesting and wanted to see what the book was about. SCADA and Me was incredibly fun to read, interesting, and had awesome artwork! I learned a lot about SCADA (I also learned I do not know a lot about it and need to read more) and that there is a lot more that goes into the things I use every day (like water and electricity) than I previously thought. I understand this book is targeted at children and management but I would recommend this book for anyone that wants an easy and fun way to learn more about a unique aspect of daily life!