Cybersecurity

297 views 6 pages ~ 1649 words Print

The security team is concerned about cybersecurity since it has become a threat to global peace, and as such, procedures to preserve Internet connectivity in industrial control systems must be put in place. In order to find a solution for development in industrial efficiency, businesses, particularly global ones, demand the security of information technology systems as well as other online services. Global industrial firms, such as those in Australia, the United States, and China, require enhanced industrial security due to the enormous risks posed by terrorist organizations. Such groups are advanced in cybercrime and are on daily basis launching threats to the Internet Control Systems. It thus calls for the Homeland Security and the Department of Defense to be solid on the matter of cybersecurity. Threats from the attackers of the systems should be be combated at any rate or time. Terror groups should not gain access to the ICS and if they manage then they should not be able to gain control of the system for that would mean a total mess of the world in security details. The reason for taking over the control of the ICS in anyone’s reason might have come in place because of the above reasons (Peng et al. 2012). ICS cyber attack follows a defined two stage process as depicted below:-

Diagram1 :Steps involved in ICS (“The Industrial Control System Cyber Kill Chain”, 2017)

Reconnaissance

The attacker most likely spent a lot of time observing the network traffic in order to identify the ideal time of attack. Research about the company and its internal systems is one thing that the attacker did place much of effort so as to gauge whether what he was looking for was actually available and upon this research the strategies and weapons for the delivery of the attack were selected. The adversary might have used intensive research or may have employed the use of identity protocols.

Any attack on the ICS require that the adversary has the skillfully planned and has the knowledge for the step of making the attempt since ICS has industrial system in control that are defensible and designed to cause unforeseen consequences to the attacker. The process does not end at the information collection level. The ICS systems on the adversary attempt to discover their network hosts can influence the disruption of information flow and at the same time can cause the communication cards to crash.

Weaponization & Delivery

The adversary most likely used passive attacks such as eavesdropping by recording network or computer activity. Using a packet sniffer or other tools were likely a viable way for the adversary to intercept traffic data. Looking at active gathering techniques it is almost a certainty that the adversary has used malware in combination with the passive gathering of information. Furthermore, it is this department’s suspicion that possible uses of other technology such as trojans, password crackers and Denial of Service (DoS) attacks were also used in network interception of traffic data and a breach of local account passwords.

The weapon delivery on the ICS could be done by developing a remote access route or bot. The bot is then used as a payload through some chosen tool over the internet for delivery of the harmful malware to the ICS. It involves the use of a malicious code of malware hidden behind or encrypted a URL link. This is how the malware was introduced to the unsuspecting victim and by clicking on the URL link the embedded malware ran an executable to the local PC.

Exploitation & Installation

On delivery, the code is then provided with a trigger from the server on the adversary end. The command is to destroy the malicious code or setting it vulnerable to connect with the ICS target conditions of its environment. The malicious code connects on being deployed and made compatible with the target system, then is given some other commands to connect back with the sender to relay information.

Command & Control

The adversary on gaining access to the target system, can easily gain ground and implement the initial objectives. It is all about the use of covert exfiltration of data. The enemy can also choose to compromise other functionalities and systems in the network or via the partner available network. The adversary can at the same time choose to re-direct information from the ICS to non-required destination to bring confusion in the system (Stouffer et al, 2011).

Push Model

Attacker sends and receives feedback

Attacker

Pull Model

Attacker

Diagram2 :Visualization of Push & Pull model

_x000e_

Control Hub Infected

Computer

Attacker embeds commands at hub and retrieves commands at will

Control Hub Infected

Computer

_x000e_

Infected machine leave output on hub & Attacker retrieves data at will

Reconnaissance Collection of emails, conference, information

to mention a few

Weaponization Coupling the deliverable payload by use of the

backdoor

Delivery Sending of the weapon bundle to the foreign

object (mail, USB etc)

Exploitation Making the code vulnerable to the system for

compatibility

Installation Installation of the foreign malware to the

system of target

Control and Command Giving the command on the command line

Actions on objectives User help in executing the process on selecting

by the mouse or keyboard unknowingly.

Table1:Steps involved in ICS attack

Actions

The adversary’s actions will come after a deployment and having command and control of its target. Most likely, this is covert and was at will over a long period of time. The information and further exploits may compromise further systems internally or via a partner network and hence help the attacker to gain better access. Furthermore, the Western Interconnection Power grid is at security risk as the attacker has gathered enough intelligence over the period of time to find out security holes in the network ports, the email server, and the firewall. Active listening ports supplied the attacker with the response time of our security and which ports are open for specific communications and which are designated permanently for other systems and with this he can access any information he desires at the comfort of his desk. Through the deployed malware and other malicious commands

provided for control, the adversary has been extracting our network security vulnerabilities.

Defense in Depth Recommendations: People

The security personnel are developing highly advanced antivirus to detect the malware in time and using the same procedures to carry out regular scans. The software can also aid to send debugs to the security team which in turn will provide a faster response time of combatting threats.

The use of data encryption: for sharing of sensitive information, across the network by the ICS as well as other security departments and stakeholders. It would help to improve on privacy and confidentiality in information sharing. The shared information to the adversary would make no meaning if it is encrypted.

The regular update and upgrade of the security software by the ICS would help combat foreign requests from gaining access to the system. Upgrade in software also helps in notification of the server about the changes on the system upon detecting a malicious program. The antivirus which forms part of the system would be in a position to detect the foreign codes and instructions if it is kept up to date (Weiss et al, 2014).

Loyalty from the people inside the company is another strategy that can be used combat the attacks. The ICS system manipulation is difficult and requires substantial sophistication from the attacker and in most cases people inside the company leak information to the attacker.

Defense in Depth Recommendations: Technology

Western Interconnection Power Grid will put in place more stringent security policies, processes and standards. This will also include a re-designed of our network infrastructure and firewalls.

Currently there is not a DMZ’s (Demilitarized Zones) in place which allows for an intruder to freely move about the network in covert operation. The Western Interconnection Power Grid will need to implement multiple DMZ’s with multiple firewalls to protect the control network and we must segment this network into multiple routers and gateways. In a segregated network withDMZ’s, multiple routers, gateways and firewalls there will be a line of sight advantage to the company if an intruder tried to infiltrate the network.

Defense in Depth Recommendations: Operations

A response department will also need to be put in place to counter-attack any future intrusion into the network. This will allow for more time in research, investigation, and counter measure set forth by the team and mitigate further threat to our systems. Once all policy and procedures are updated and implemented, a response team will be trained and put into place. The new team will take into account our internal needs of network access and work to not hinder current departmental needs but will also fortify these areas in order to maximize operational gains. One specific policy to ensure operational gain will be to disallow the use of outside USB memory sticks or hardware. By minimizing this, attackers cannot target current employees through embedded malware and infiltrate our network from the inside.

In conclusion, steps have been properly made to address the threat. There will also need to be mandatory on-going training to hold people accountable in understanding our security policies.

The more training and pro-active courses provided to staff will keep them sharp and keep them

engaged.

References

Gordon, Lawrence A., and Martin P. Loeb. (2006). Managing cybersecurity resources: a cost-benefit analysis. Vol. 1. New York: McGraw-Hill.

Peng, Yong, et al. (2012). “Industrial control system cybersecurity research.” Journal of Tsinghua University Science and Technology 52.101396-1408.

Stouffer, Keith, Joe Falco, and Karen Scarfone. (2011). “Guide to industrial control systems (ICS) security.” NIST special publication 800.82 16-16.

Weiss, Joe. (2014). “Industrial Control System (ICS) cyber security for water and wastewater systems.” Securing Water and Wastewater Systems. Springer International Publishing, 87-105.

The Industrial Control System Cyber Kill Chain. (2017). Sans.org. Retrieved 11 April 2017, from https://www.sans.org/reading-room/whitepapers/ICS/industrial-control-system-cyber-kill-chain-36297

May 10, 2023
Subcategory:

Environment Problems

Number of pages

6

Number of words

1649

Downloads:

60

Writer #

Rate:

4.4

Expertise World Problems
Verified writer

I needed an urgent paper that had to be done in 5 hours only. I kept looking for help, and it was Kelly who has helped me. Amazing attitude and stellar writing that contained no mistakes.

Hire Writer

Use this essay example as a template for assignments, a source of information, and to borrow arguments and ideas for your paper. Remember, it is publicly available to other students and search engines, so direct copying may result in plagiarism.

Eliminate the stress of research and writing!

Hire one of our experts to create a completely original paper even in 3 hours!

Hire a Pro