Instructions
Course Wrap-Up
This week's assignment we are going to wrap up the last course by looking back to the work we did over the last four courses. You will want to use the content you developed for various exercises that are listed below. This document is the culmination of your time as the Vice President of Zenth City Water, if your report is great, you are going to be named the next CEO of Zenith City Water, Best of Luck!
Assignment Guidelines
Step 1: Put together a document that contains all the various assignments from the previous courses that are listed below.
ISSC477 – Week 1
ISSC477 – Week 2
ISSC477 – Week 6
ISSC477 – Week 7
ISSC477 – Week 8
ISSC478 – Week 8
ISSC479 – Week 1
ISSC479 – Week 3
ISSC479 – Week 5
ISSC479 – Week 7
ISSC479 – Week 8
ISSC480 – Week 2
ISSC480 – Week 5
ISSC480 – Week 6
Step 2: Once you have put together the above items into appendices, produce an executive summary of each document. You will then want to put together a 3–5 page document that walks the reader through the work that you have done at Zenith City Water. This is where you get to make your final argument to become the new CEO.
Step 3: Finally, put together a one page wrap-up that discusses your plans for the future, have fun with this part include potential upgrades, new funding, etc.
Deliverables
A Word document that covers the requirements listed above.
For the best experience, open this PDF portfolio in Acrobat X or Adobe Reader X, or later.
Get Adobe Reader Now!
Cristian DeWeese
American Public University System
ISSC479
Professor Wang
05/05/2024
To: Vice President of Zenith City
From:
Date:
Subject: The APTs of water and waste water management cyber security
Introduction
Digital instability presents dangers to different basic foundations, such as water frameworks, which criminals can use online to target people who use such infrastructures. The government of the United States, similar to several other nations around the world, is concerned about the quality of the water used by the residents. The public authorities have taken different drives to advance water security and forestall wellbeing risks. Numerous remote access points exist in the water. The executive's frameworks present difficulties in the foundation of anticipation of unplanned or intentional contamination. The U.S. Ecological Insurance Organization (EPA) is one of the leading agencies in the fight against cyber-insecurity threats to critical infrastructures.
APT’s: Advanced persistent threats
The organization offers apparatuses and systems important to work on the flexibility of drinking water and wastewater strength to debacles and guarantee fast recuperation from defilement brought about by synthetic, natural, radiological (CBR) specialists. Additionally, it is important to encourage water system cybersecurity via cyberspace. Explosive attacks and planned or unintentional contamination of water systems are common. Which, if it happens, could have devastating effects on the people whose water utilities are affected (Hassanzadeh et al., 2020). The EPA utilizes different ways to accomplish its order, including distinguishing and focusing on dangers to water frameworks, including clean water and wastewater. It additionally surveys and estimates the threat's magnitude. Creating demonstrating devices for vulnerability, evaluating the repercussions, and enhancing risk management. Lastly, the company develops countermeasures to reduce the potential for intentional contamination.
Tools after computer systems
Additionally, the EPA employs a variety of tools to reduce the risk of explosives attacks on water systems. EPA utilizes P.C. and Impact Weakness Evaluation (BVA) devices to gauge the conceivable dangers and likely harm if an assault should arise (Ecological Assurance Organization, 2016). The EPA, the Water Information Sharing and Analysis Center (WaterISAC), makes these tools accessible. Additionally, the water utilities employ various tools to evaluate the potential consequences of contamination (Hoekstra et al., 2018). Utilizing a variety of instruments, including the Threat Ensemble Vulnerability Assessment (TEVA) instrument. The EPA has launched as part of its effort to improve the safety of water systems. contest organized by the Water Quality Event Detection System to identify the most effective tools for the quantity of water. The principal EPA's center is to lay out Foreign Substance Advance Notice Frameworks (CWS) to give a constant indication of the presence of foreign substances in the water frameworks.
Success
As a response to attacks on the water systems, this strategy will interrupt or reduce the supply of contaminated water to users. As a team with the American Water Works Affiliation (AWWA), the EPA made an emergency course of action to handle the massive disaster. There is a suggestion to employ an alternative. source of potable water and wastewater treatment in the event of an attack on the water utilities. The cyberattacks raise several policy and political issues (Mishra et al., 2021, p. 490). The attack on Sony by North Korea sparked a wide range of political responses, which prompted a determination that there is a requirement for reinforcing network safety to safeguard critical infrastructures and the privacy of individuals. As a result, several government agencies and private partners should collaborate to combat the rise of cyber insecurity. Digital frailty is an issue of worry among public authorities and organizations in the U.S. and somewhere else all over the planet. In the U.S., The Department of Homeland Security (DHS), and others are in charge of resolving problems of digital aggressors.
Focus of threats
Protecting the United States is the DOD's responsibility against all forms of cyberattack, including cyberspace (Unureanu et al., 2020, p. 9055). They are accountable for stopping the country, regardless of its status, against cyber threats through cyber operations. The diplomatic, financial, economic, enforcement, and information tools utilized by the DOD are distributing tools for preventing cyberattacks on the nation. DOD's diverse strategies include response to attacks, attack denial, and developing resilient systems that can withstand attacks to increase security. However, DOD faces several difficulties, including possibly an attack on its systems. Likewise, an attacker's sophisticated technology can breach the cybersecurity framework established by the DOD. Lastly, the profitable operations of the DOD network safety activities rely upon the degree of coordination with other private businesses and government agencies. DOD's collaboration with private partners can occasionally expose the DOD to vulnerabilities and threats in cybersecurity. Consequently, the DOD should zero in on getting its frameworks and take alerts while managing different offices and other private partners to reduce its exposure. Additionally, as stipulated in the, the DHS has a significant role in promoting cyber security in the nation, federal law, the Department of Policies and Guidance, and directives from the president (Alvarez et al., 2018, p. 636). The Department of Homeland Security (DHS) deals with various issues promoting cybersecurity and involves owners and administrators of basic foundations and distinct advantages (CIKR).
Law enforcement
The DHS gathers and distributes information about threats to or potential risks to critical infrastructures and provides the appropriate technical assistance to CIKR's owners and operators. Also, beneath the limitations of the HSPD-7, the DHS mission incorporates "investigation, cautioning, data sharing, weakness decrease, moderation, and supporting public recuperation endeavors for basic framework data frameworks (Handa, Sharma & Shukla, 2019)." Besides, it is tasked with developing a National Infrastructure Protection Plan that outlines the necessary strategy, for protecting the physical and critical infrastructure. DHS also coordinates protection, efforts made by every critical infrastructure to improve its security. To investigate cybercrimes, the DHS collaborates with various agencies like the EPA and issues a comprehensive report of their findings to other government agencies for further action and offices, including security. For instance, the water industry advanced in 2014.
The DHS should methodologies its tasks to improve the constant accessibility of information regarding the status of Digital Instability to guarantee compelling direction. Additionally, DHS's successful operations depend on how well other departments, owners, and operators work together. important infrastructures Give a description of SCADA systems, their integration with I.T. systems, and the significance of SCADA to online protection, the three primary ages of SCADA, and the network safety weaknesses and difficulties confronting CI areas; get done with your viewpoint of actions to be taken and suggestions to be made to make sure that this part of our CII is safe. Industrial control systems (ICS), or supervisory control and data acquisition (SCADA) frameworks, are checking and control frameworks containing different equipment and programming parts for modern use. SCADA offers regular opportunities to improve assurance against water infection. Effective security operations for medium-to-large drinking establishments require this system (Saravanan et al., 2022). It aids in the monitoring of by humans’ modern cycles at single or different areas by giving constant information from the source, permitting the handling and translation of information for the reaction.
Conclusion
The framework empowers automated observing and control of modern cycles covering huge distances and numerous sites. The SCADA system has many parts, like the human-machine interface (HMI) that enables the system's user to initiate monitoring and control by interacting with the system. processes. (ii) The administrative framework for getting together and sending an order to the cycle. (iii) Far-off terminal units (RTUs) interface sensors and hand off advanced information to the administrative framework. (iv) Programmable rationale controls (PLCs). (v) Imparting frameworks connecting systems for supervising RTUs. Additionally, several additional processes and logical devices are utilized in the control and observation of the safety of water frameworks. Therefore, the company can weather the conditions.
References
Hassanzadeh, A., Rasekh, A., Galelli, S., Aghashahi, M., Taormina, R., Ostfeld, A., & Banks, M. K. (2020). A review of cybersecurity incidents in the water sector. Journal of Environmental Engineering, 146(5), 03120003.
Hoekstra, A. Y., Buurman, J., & Van Ginkel, K. C. (2018). Urban water security: A review. Environmental research letters, 13(5), 053002.
Mishra, B. K., Kumar, P., Saraswat, C., Chakraborty, S., & Gautam, A. (2021). Water security in a changing environment: Concept, challenges and solutions. Water, 13(4), 490.
Ungureanu, N., Vlăduț, V., & Voicu, G. (2020). Water scarcity and wastewater reuse in crop irrigation. Sustainability, 12(21), 9055.
Alvarez, P. J., Chan, C. K., Elimelech, M., Halas, N. J., & Villagrán, D. (2018). Emerging opportunities for nanotechnology to enhance water security. Nature nanotechnology, 13(8), 634-641.
Handa, A., Sharma, A., & Shukla, S. K. (2019). Machine learning in cybersecurity: A review. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 9(4), e1306.
Saravanan, A., Deivayanai, V. C., Kumar, P. S., Rangasamy, G., Hemavathy, R. V., Harshana, T., … & Alagumalai, K. (2022). A detailed review on advanced oxidation process in treatment of wastewater: Mechanism, challenges and future outlook. Chemosphere, 308, 136524.
Enhancing Network Security: A Strategic Approach
Cristian DeWeese
04/07/2024
Introduction
Our network's security is critical in the linked world of today, where digital transformation is accelerating. Threats to technology are evolving along with it. To protect our assets, operations, and reputation, we must constantly assess and improve our network security protocols.
I'm excited to introduce a strategic plan today that will protect our network infrastructure against new cyberattacks. This plan aims to future-proof our network to withstand changing challenges in addition to resolving present vulnerabilities.
We will explore the nuances of our suggested improvements, the reasoning behind each modification, and the anticipated effects on the security posture of our company throughout this presentation.
Let's go out on this adventure to strengthen network security and guarantee the robustness of our digital ecosystem together. We appreciate your time, and now let's discuss the specifics of the adjustments we've suggested.
Executive Summary
Given the fast pace of technological progress and the ever-changing landscape of cyber threats, it is crucial for our firm to make network security a top priority. The executive summary provides a concise overview of our recommended improvements, highlighting the urgent requirement for proactive actions to protect our digital assets and operations.
The modifications we suggest involve a comprehensive strategy that targets important vulnerabilities and weaknesses in our existing network architecture. These adjustments are not simply a response to events, but are intentionally planned to strengthen our defenses against a diverse range of possible threats.
To reduce the possibility of unwanted access and insider threats, we will deploy advanced access control mechanisms such as multi-factor authentication and restrictions on privileged access. In addition, implementing network segmentation along with strong firewalls would improve our capacity to control and minimize the consequences of cyber attacks.
Utilizing automated deployment techniques to promptly apply patches will guarantee the resilience of our systems against known vulnerabilities. In addition, implementing Intrusion Detection and Prevention Systems (IDPS) will allow us to continuously monitor and promptly respond to any suspicious actions, thereby enhancing our ability to handle incidents.
Executive summary (Cont.)
Data will be protected using encryption technologies to ensure the security of data during transmission and storage, reducing the likelihood of data breaches and unwanted access. Furthermore, allocating resources towards staff training and awareness campaigns will cultivate a culture of heightened cybersecurity awareness, enabling our team to act as a first line of defense against cyber threats.
The project plan provides a well-organized schedule for implementing these improvements, including specific milestones and assigned responsibilities for the relevant teams. Although an approximate budget is given, it is crucial to acknowledge that these expenses may be adjusted as the project advances.
Ultimately, our suggested modifications embody a proactive and all-encompassing strategy to improve network security within our firm. By adopting these steps, we may enhance our ability to withstand cyber assaults, protect our vital assets, and maintain the trust and confidence of our stakeholders.
We appreciate your thoughtful evaluation of these vital endeavors. Collectively, we can guarantee the safety and reliability of our digital framework, creating opportunities for ongoing achievements in an ever more interconnected global environment.
Description of the Problem
Within the current digital environment, these difficulties is essential in order to develop effective measures to reduce their impour firm encounters numerous obstacles and weaknesses that provide substantial risks to the security of our network. Gaining a comprehensive understanding of act.
Weaknesses and vulnerabilities may exist in our current network architecture, which can be exploited by cyber attackers. These vulnerabilities may arise from obsolete software, improperly configured equipment, or insufficient security measures.
Lack of Adequate Access Control: In the absence of strong access control methods, there is an increased vulnerability to illegal access to vital systems and confidential information. Inadequate authentication mechanisms and lenient permission management might leave our organization vulnerable to both insider threats and external attacks.
The absence of network segmentation: A network architecture without divisions expands the range of possible attacks, enabling threats to spread unrestrictedly throughout the network. Insufficient segmentation and isolation of network segments might result in a breach in one place compromising the entire network.
Insufficient Patch Management: Delaying the application of security patches exposes our systems to well-known attacks and weaknesses. Irregular patch management techniques widen the timeframe in which attackers can take advantage of these vulnerabilities.
Description of the Problem (Cont.)
Insufficient Detection and Response Capabilities: In the absence of strong intrusion detection and prevention systems (IDPS), our capacity to identify and counteract hostile activity is restricted. Our current security procedures are insufficient to protect us from advanced persistent threats (APTs) and targeted attacks.
Data exposure and privacy risks arise when encryption protocols and data security mechanisms are insufficient, leading to a higher likelihood of data breaches and the compromising of sensitive information. Insufficient encryption for data during transmission and storage exposes our firm to the risk of data theft and unlawful entry.
The human factor, including employee irresponsibility, lack of awareness, and vulnerability to social engineering attacks, presents substantial hazards to the security of our firm. In the absence of thorough security training and awareness programs, our workers may unintentionally enable security breaches.
Tackling these difficulties necessitates a comprehensive approach that includes technological remedies, strong regulations and protocols, and a cybersecurity-conscious culture. By recognizing and resolving these problems, we can actively enhance our network security position and reduce the related risks.
Potential Fallout of Problem
Business operations can be severely disrupted as a result of a security breach, including downtime, system breakdowns, and decreased productivity. This interruption can lead to monetary losses and harm our reputation.
Cyber assaults can result in significant financial losses, which include expenses related to incident response, efforts to fix the problem, and fines imposed by regulatory authorities. Moreover, there are additional expenditures that are not directly incurred but can nevertheless contribute to financial losses, such as decreased revenue, client attrition, and expenses related to legal matters.
Reputation Damage:
A security breach has the potential to harm our organization's reputation and undermine the trust and confidence of our stakeholders, such as customers, partners, and investors. The adverse publicity and media scrutiny associated with a breach can have enduring consequences on our brand reputation and market trustworthiness.
Legal and regulatory consequences may arise from data breaches and security incidents, potentially resulting in legal liability and regulatory penalties. This is especially true if there is a compromise of sensitive consumer information. Failure to comply with data protection standards such as GDPR or HIPAA can lead to significant financial penalties and legal consequences.
Theft of intellectual property, which includes trade secrets, private information, and research data, can have significant and wide-ranging ramifications for our firm. Rivals or malevolent individuals may utilize pilfered intellectual property for their own benefit, eroding our competitive edge and standing in the market.
Potential Fallout of Problem
Reputational harm: A breach in security can result in adverse publicity, harm to the brand, and erosion of client confidence. The perception of our organization as insecure or unreliable might have enduring consequences for client loyalty and retention (Stouffer et al.,2011).
Operational Disruption:
Following a security breach, there is typically a need for significant remedial actions, such as upgrading systems, restoring data, and enhancing security measures. These activities have the potential to interrupt regular corporate operations and redirect resources from strategic projects.
Noncompliance with regulations: Insufficient safeguarding of sensitive data can lead to regulatory fines, legal sanctions, and harm to one's reputation. Failure to adhere to industry-specific requirements such as PCI DSS or SOX can result in significant financial and operational repercussions.
Potential Fallout of Problem
The occurrence of a security breach can erode our competitive edge by exposing unauthorized individuals to our proprietary information, trade secrets, and sensitive data. Rival firms may utilize this information to acquire understanding of our corporate objectives, product advancements, and market positioning.
Consumer Trust and Loyalty:
A security breach has the potential to diminish consumer trust and loyalty, resulting in customer attrition, unfavorable word-of-mouth, and harm to our brand name. Reestablishing customer trust may necessitate a substantial amount of time, energy, and effort in the implementation of clear communication and proactive security measures.
To summarize, the possible implications of a security breach go beyond immediate cash losses. They include damage to reputation, legal responsibilities, regulatory penalties, and disruptions to operations. By taking early measures to resolve security vulnerabilities and strengthen our network defenses, we can effectively reduce these risks and protect the interests of our company and stakeholders.
Proposed Changes
Improved Access Control:
Integrating multi-factor authentication (MFA) to enhance user authentication procedures.
Implementing the least privilege principles to limit access permissions according to work roles and responsibilities.
The implementation of identity and access management (IAM) technologies to achieve centralized control and auditing of access.
Network segmentation
This is the process of dividing a network into separate segments in order to limit the propagation of cyber threats.
Deploying virtual local area networks (VLANs) and network segmentation policies to limit the ability of attackers to move laterally within the network.
The implementation of next-generation firewalls (NGFWs) to ensure the division and regulation of network segments and traffic.
Proposed Changes
Routine Patch Management:
Implementation of a structured patch management procedure to guarantee prompt installation of security patches.
Deploying automated patch deployment technologies help optimize the process of patching throughout the network.
Implementing vulnerability scanning and evaluation technologies to detect and prioritize important updates.
Intrusion Detection and Prevention Systems (IDPS)
These are forms of cyber security that are basically incorporated in a way that they can easily prevent, analyze and formulate unauthorized access or malicious activities within a computer network.
Implementing a network-based Intrusion Detection and Prevention System (IDPS) to oversee and analyze incoming and outgoing network traffic for any potentially malicious or suspicious behavior.
Deploying a host-based Intrusion Detection and Prevention System (IDPS) on important servers and endpoints to identify and block unauthorized access attempts.
The combination of threat intelligence streams and behavioral analytics enables the detection of advanced threats.
Encryption:
The process of changing data into a secret code or cipher to prevent unauthorized access.
Data in transit is encrypted using secure protocols like Transport Layer Security (TLS) or Secure Sockets Layer (SSL).
Utilizing encryption methods such as AES to safeguard confidential data stored on storage devices.
The implementation of encryption technologies for communication channels, database encryption, and file-level encryption.
Staff education and consciousness:
Creation of extensive security awareness training programs for all staff members.
Advocacy for the implementation of effective cybersecurity measures, such as maintaining strong passwords, being vigilant against phishing attempts, and safeguarding against social engineering tactics.
Performing simulated phishing exercises and security drills to strengthen training and evaluate employee preparedness.
Every suggested modification is intended to target particular weaknesses and improve the overall security position of our network. By applying these steps in a synchronized manner, we can greatly diminish the likelihood of security breaches and alleviate the possible consequences of cyber threats on our firm.
Proposed Changes
12
Project Plan
Evaluation Stage (Weeks 1-2)
Perform a thorough evaluation of the current network infrastructure, encompassing all aspects such as hardware, software, and security measures.
Uncover vulnerabilities, flaws, and areas that need repair by doing penetration testing, vulnerability scanning, and security audits.
Obtain input from essential stakeholders, such as IT teams, security personnel, and department heads, in order to comprehend precise security requirements and concerns.
During the Planning and Design Phase, which spans Weeks 3-4, the necessary preparations and blueprints for the project are created.
Create a comprehensive project plan that clearly defines the scope, objectives, and schedule for implementing the suggested security enhancements.
Create architectural diagrams and develop network segmentation plans to provide guidance during the implementation phase.
Determine the necessary hardware and software specifications needed to implement access control, network segmentation, patch management, intrusion detection and prevention systems (IDPS), encryption, and training efforts.
Project Plan
Create and define key performance indicators (KPIs) and metrics to assess the efficacy of security measures.
The implementation phase will take place during weeks 5 to 10.
Implement multi-factor authentication (MFA) solutions to authenticate users across all systems and applications.
Implement network segmentation policies and VLANs to separate and protect important assets, preventing attackers from moving laterally within the network.
Implement automated patch management protocols to guarantee prompt distribution of security patches throughout the network.
Implement intrusion detection and prevention systems (IDPS) to oversee network traffic and identify potentially malicious actions.
Develop and deploy encryption algorithms to safeguard data during transmission and storage, which includes establishing secure communication routes and implementing database encryption.
Create and implement security awareness training programs for all staff, with a focus on promoting best practices and increasing awareness of potential threats.
Testing and Validation Phase (Weeks 11-12)
Perform comprehensive testing and validation of established security measures to verify their functioning and efficacy.
Conduct penetration testing and vulnerability assessments to detect any existing security vulnerabilities or flaws.
Verify adherence to regulatory mandates and industry benchmarks, including GDPR, HIPAA, and PCI DSS.
Seek input from end-users and stakeholders to identify any potential usability or performance problems and take appropriate action to resolve them.
During the Documentation and Training Phase, which spans Weeks 13-14, the focus will be on creating and providing instructional materials and training sessions.
Record and document all security measures that have been put into effect, including configurations, rules, and procedures.
Create user manuals and instructional materials to instruct personnel on the implementation of new security procedures and optimal methods.
Organize training sessions and workshops to acquaint personnel with security measures and their obligations in upholding a secure workplace.
Continual monitoring and maintenance phase.
Establish and execute ongoing surveillance procedures to promptly identify and address security breaches as they occur.
Consistently assess and revise security policies, processes, and settings to accommodate changing threats and compliance obligations.
Perform regular security evaluations and audits to examine the efficiency of security measures and pinpoint areas that need enhancement (CPNI, 2008).
Implement continuous training and awareness initiatives to strengthen security protocols and guarantee employee adherence.
By adhering to this well-organized project plan, we can methodically execute and sustain the suggested security improvements, fortifying our network's ability to withstand cyber assaults and protecting our organization's assets and reputation.
Projected Budget
Improved Access Control:
The licensing expenses for multi-factor authentication (MFA) solutions amount to $10,000.
The expenses associated with implementing and configuring the system amount to $5,000.
The total amount is $15,000.
Network Segmentation
This is the process of diving a network into a segment to ensure data privacy and protection.
Projected Budget (cont.)
Hardware and software for next-generation firewalls (NGFW): The amount is $20,000.
The cost for VLAN configuration and implementation services is $7,500.
The total amount is $27,500.
Routine Patch Management:
The licensing expenses for the automated patch deployment tool amount to $8,000.
The cost for developing the patch management method is $3,000.
The whole amount is $11,000.
Intrusion Detection and Prevention Systems (IDPS) are security mechanisms designed to detect and prevent unauthorized access or malicious activities within a computer network.
The cost of IDPS hardware and software is $25,000.
The cost for configuration and deployment services is $10,000.
The total amount is $35,000.
The process of converting information into a secret code or cipher to prevent unauthorized access.
The cost of encryption software licenses is $15,000.
Cost of encryption hardware (if applicable): $10,000
The total amount is $25,000.
Training and raising awareness among employees:
The cost for the development of training materials and modules is $5,000.
The cost of delivering the training is $3,000.
The whole amount is $8,000.
The contingency amount, which accounts for 10% of the entire budget, is $14,200.
The projected budget for the project is $136,700.
Kindly be aware that these budget forecasts are derived from approximate calculations and may differ due to unique vendor pricing, implementation prerequisites, and unforeseen supplementary costs. It is advisable to thoroughly examine and improve the budget estimations during the planning and procurement stages of the project. Furthermore, it is important to take into account the continuous operational expenses associated with maintenance, monitoring, and updates that go beyond the initial deployment stage.
Wrap-up/Conclusion
To summarize, the suggested improvements and advancements described in this presentation demonstrate a proactive and thorough strategy for strengthening our network security. By identifying and resolving critical vulnerabilities and weaknesses, we can greatly decrease the likelihood of cyber threats and minimize the possible consequences of security breaches.
By implementing advanced security mechanisms like multi-factor authentication and network segmentation, we can effectively limit unauthorized access and mitigate the potential damage caused by attacks. Implementing regular patch management, together with intrusion detection and prevention technologies, will allow us to promptly detect and address security threats as they occur, thereby enhancing our ability to respond to incidents effectively.
In addition, the deployment of encryption techniques and extensive employee training and awareness programs will enhance our security measures and promote a culture of heightened cybersecurity awareness across the firm.
We must prioritize these security measures in order to protect our essential assets, operations, and reputation in a rapidly changing and complicated threat environment. By allocating resources to preventive security measures right present, we may effectively reduce the possible financial, regulatory, and reputational repercussions arising from security breaches in the future.
We appreciate your attention and dedication to enhancing our network security. Collectively, we can guarantee the durability and honesty of our digital framework, protecting the concerns of our company and stakeholders in equal measure.
References
CPNI. (2008). Good practice guide–process control and scada security.
Stouffer, K., Falco, J., & Scarfone, K. (2011). Guide to industrial control systems (ICS) security. NIST special publication, 800(82), 16-16.
image2.png
image3.png
image4.png
image5.png
Cristian DeWeese
American Public University System
ISSC478
Professor Wang
04/21/2024
Adopt the use of a backup system.
Backup system is categorized as an essential system that ensures that the organization can recover its operations as fast as possible if incidents occur on the network. The SCADA/ICS system does not have a backup system, making it hard to continue operations if there is any attack.
Use of communication redundancy
The implementation of communication redundancy is critical to ensure that there is communication all the time, which ensures that communication can be accomplished even when one point on the network fails (Wang et al., 2020). This can involve setting up double network connections or communication channels to ensure that when one system fails, the other system works.
Reconfigure the system to communicate effectively.
This is important to ensure that there is no vulnerable component on the network that can cause the system not to work effectively. It is critical to use modern devices to ensure that the connection is secure and the devices can effectively communicate to meet the required needs of the organization.
Perform security audits and vulnerability assessments regularly.
To ensure that the organization complies with the required security standards and that all devices operate effectively without any form of vulnerabilities that can be noted on the network (Florackis et al., 2023). Security audits and vulnerability assessments provide insight into the organization's network and what to improve to ensure that the network works effectively.
Reasons for recommendations
These measures are essential for the organization to improve cybersecurity and ensure that the organization can operate effectively without encountering any issues. Addressing these issues will ensure that the SCADA/ICS system works effectively without any flaws. Configuration flaws are known to be the significant issues that affect the system. Hence, it should be configured to ensure that it works effectively.
References
Florackis, C., Louca, C., Michaely, R., & Weber, M. (2023). Cybersecurity risk. The Review of Financial Studies, 36(1), 351-407.
Wang, Z., Sun, L., & Zhu, H. (2020). Defining social engineering in cybersecurity. IEEE Access, 8, 85094-85115.
Cristian DeWeese
American Public University System
ISSC478
Professor Wang
05/25/2024
To: Senior Leadership Team, Zenith City Water
From: Cristian DeWeese, President
Date: May 23, 2024
Subject : Recommendation to Adopt BACnet as the Standard Communication Protocol
Having considered various communication protocols employed in building automation and industrial control systems, I suggest implementing BACnet (Building Automation and Control Network) as the new working protocol for Zenith City Water. BACnet is an international standard that has been created through a consensus procedure and thus guarantees the compatibility of devices by different manufacturers. It boasts a flexible design, remarkable performance, and well-grounded industry support, which makes it suitable for all our facility management requirements.
Zenith City Water operates many systems, including HVAC, lighting, security, and process control equipment, from multiple manufacturers. Coordinating communication and interaction between these diverse systems is imperative for successful facility management and energy control. The absence of such a standard today results in system incompatibility, which limits opportunities for system consolidation and the use of data to make better decisions.
BACnet (Building Automation and Control Network) is a data communication protocol that applies more so to building automation networks (BACnet, 2019). It has ANSI and ISO certifications, which makes it possible to ensure the degree of compatibility of the cooperating devices from different vendors is high (BACnet, 2019).
Some key features of BACnet include:
1. Flexible Network Topologies: BACnet covers Ethernet, IP, and other field-level networks such as MS/TP, and thus, it is capable of constructing linking devices that exist on different communication networks (BACnet, 2019).
2. Object-Oriented Design: Information in BACnet is in the form of objects where the properties and the services provided are used in the exchange and sharing of data between devices (BACnet, 2019).
3. Comprehensive Interoperability Areas: Some of the communication issues addressed by BACnet include Information transfer, Time control, Alarm/Events control, and Trending and device control (BACnet, 2019).
4. Strong Industry Support: This protocol has been under development and constant upgrade for a long time and is supported by an open consensus process all over the world (BACnet, 2019).
5. Independent Testing and Certification: The BACnet Testing Laboratories (BTL) are in charge of testing and certifying that the products conform to the standard and ensuring compatibility among them (BACnet, 2019).
Recommendation
Therefore, I recommend that Zenith City Water employs BACnet as the standard communication protocol in the organization. Due to its open design, high performance, and strong support from various industries, it can integrate our many building automation systems well, enhance compatibility between different systems, and facilitate data analysis for decision-making. Implementing BACnet in our organization will create increased integration of operations, decreased maintenance costs, and readiness for future development within the market.
Upon approval, I propose the following next steps:
1. Build a project team that develops a plan for how this change is to be put into practice, outlining how much time will be needed, how much money will be required, and what education will be needed.
2. During the implementation process, liaise with BACnet International and local BACnet Interest Groups (BIGs) to benefit from their expertise.
3. Develop a procurement policy that will require any new building automation system or device to be BACnet compliant and possess BTL certification.
4. Introduce it in cooperation with our current suppliers to implement BACnet where existing networks are missing or in phases as systems get old.
If you have any further questions or concerns about this recommendation, please do not hesitate to contact me.
Sincerely,
Cristian DeWeese
President
References:
BACnet. (2019). Home page. BACnet International. https://bacnetinternational.org/
Cristian DeWeese
American Public University System
ISSC479
Professor Wang
05/25/2024
Risk associated with the appraisal, recognition, and evasion strategies to limit the unfriendly impacts of hazards on associations. Risk the executive's procedures make out of misfortune control, risk maintenance, risk evasion, and hazard move. Throughout a project's lifecycle, multiple risk management models may be utilized. As I see it, risk relief and readiness activities ought to be on the rundown of first concerns for organization leaders and office heads. Notwithstanding, exercises committed to reaction and recuperation can fill the holes an association could have missed in planning for a crisis or limit the effect of a surprising danger in both the short and long haul (Saikia et al., 2022, p. 77).
As a crisis administrator, I accept that it means a lot to lead something like three starting gatherings to examine the reaction and recuperation processes I'm wanting to deal with during my time at the firm. The primary gathering will be focused on the exercises and ideas connected with answering risks. The subsequent gathering will zero in on determining the organization's way of dealing with recuperation tasks. At long last, the third gathering will be devoted to giving explicit subtleties concerning the activity plans I propose to effectively answer and recuperate from possible crises. Answering a crisis includes limiting harm, lessening the gamble of auxiliary mischief, and accelerating recuperation through efficient harm appraisal. In this way, each of the activities pointed toward answering a debacle must be very much organized and require a long time of planning.
Training on how to deal with the most likely threats to an IT company must be provided to employees. Digital danger preparation ought to be compulsory for each representative, with the exception of an extraordinary group committed completely to organizing security and harm evaluation. These representatives would need to make and carry out a framework that can empower latent oversight over the organization's product. Not all are like reactions; recuperation tasks happen after the fiasco and not during it (Salman & Hasar, 2023). Recuperation mostly centers around the execution of long-haul arrangements, albeit a few transient plans are urged to guarantee the organization rapidly remakes its working capacities after a danger.
Resilience and redundancy are especially important during recovery because the only effective way to minimize and recover from damage is to plan ahead, create stable but flexible operational frameworks, and create the necessary backups that the business can use even if its servers are damaged. One more significant component to consider is the improvement of the progression of hierarchical preparation, and that implies that an activity plan for crisis reaction and recuperation needs to forestall breaks in the event of a risk. This includes plans for representative preparation, migration, and improvement, as well as asset distribution and support of proficient correspondence channels. The essential goal is to accelerate recuperation by ensuring the effect of a crisis is insignificant.
Subsequently, aside from anticipating suitable reactions and recuperation activities, the plans ought to be routinely tried and refreshed. All in all, it is apparent that while relief and readiness are vital, crisis administrators need to go past that and put resources into fostering suitable structures for catastrophe reaction and recuperation. While the motivation behind the reaction is to limit the effect of a risk at the time it is working out, recuperation drives are pointed toward guaranteeing the organization can get back to business as usual as fast as could really be expected (Alkhalidi et al., 2018, p. 130). For my specific work environment, which is an IT endeavor serving some high-profile clients, the emphasis on reaction and recuperation endeavors ought to be on developing versatility through broad preparation, testing, and preparing. Redundancy and the creation of appropriate back-ups, which are essential for dealing with data, particularly data from government offices and large corporations, are other crucial factors.
References
Saikia, P., Beane, G., Garriga, R. G., Avello, P., Ellis, L., Fisher, S., … & Jiménez, A. (2022). City Water Resilience Framework: A governance based planning tool to enhance urban water resilience. Sustainable Cities and Society, 77, 103497.
Salman, M. Y., & Hasar, H. (2023). Review on environmental aspects in smart city concept: Water, waste, air pollution and transportation smart applications using IoT techniques. Sustainable Cities and Society, 104567.
Alkhalidi, A., Qoaider, L., Khashman, A., Al-Alami, A. R., & Jiryes, S. (2018). Energy and water as indicators for sustainable city site selection and design in Jordan using smart grid. Sustainable cities and society, 37, 125-132.
The Stuxnet Threat to Critical Infrastructure (Understanding and Mitigating Cyber Threats in Zenith City Water)
Student Name: Cristian DeWeese
Date: 06/16/2024
Executive Summary
Introduction: In this presentation, the presenter will examine the severe consequences of Stuxnet-like malware, including its impact on corporations.
Objective: The reality is that our intent is to learn more about Stuxnet, how it works, did it accomplish its objectives, and what are the dangers of other malware of its type to our infrastructure.
Importance: This essentially shows that improving our cybersecurity status is now very important because of the increasing sophistication of cyber threats.
Outcome: Where we stand and where we go are important right now, and we expect direction from the C-Suite to reinforce our protection and secure the assets that are vulnerable.
What is Stuxnet?
Definition: Stuxnet is an extremely complex and destructive rootkit created to target industrial process control systems.
Discovery: It has been found in 2010, while it was later realized that it had been actively infecting systems from as early as 2005.
Targets: In the case of target selection, it was employed in Iran’s nuclear sites due to a politically motivated objective of disabling the uranium processing plant.
Impact: In the case of the Stuxnet malware, it was found that the worm was capable of causing considerable damage to a number of centrifuges and thus showed a real-world, physical impact of cybersecurity vulnerability.
The Discovery of Stuxnet
Unexpected Discovery: Stuxnet was uncovered to the rest of the world contrary to the initial operators’ intended targets through its invasive operations.
Global Alarm: Its discovery caused a stir globally as experts scrambled for ways to secure industrial systems.
Complexity: Stuxnet was unique and also had the advanced functions such as ability to remain undetected and would replicate itself.
Wake-Up Call: It made industries all over the world adapt and improve the protection of operational technologies they used.
How Stuxnet Operates
Infection Mechanism: This worm mainly propagates through floppy disks with files containing the autoruninf file that carries the virus content.
Propagation: It is designed to replicate itself and spread across networks and it does not necessitate Internet connection.
Target Identification: The malware is specifically looking for certain environments or settings of the industrial control systems, in this case, making sure that the best conditions for its activation are present.
Sabotage: It transforms operations discretely and continues to have usual feedback on system status indicators thereby avoiding notice easily.
Stuxnet's Targeted Systems
Specific Focus: Stuxnet is particularly unique in the fact that it is surprisingly cautious and precise in the way that it targets Siemens Step7 software which is complementary used in the management of industrial processes.
Operational Interference: PLCs The malware corrupts the software on Programmable Logic Controllers (PLCs) and hence enable the issue of unauthorized commands.
Stealth Operations: Stuxnet it is quiet working and does not reveal itself until it unleashes the actual damage.
Outcome: These intended and actual physical consequences include a disruption of essential processes as well as the destruction of apparatus.
Global Impact of Stuxnet
Primary Victim: The country most affected was Iran, and indeed suffered major operational disruptions to its nuclear program.
Collateral Damage: It did this by accident, hence propagating itself to other several countries whereby it infected thousands of other industrial systems.
Industrial Concerns: It showcased unique numerous threats confronting key facilities and systems all over the world.
Security Reevaluation: Catalyzed increased efforts across the world to enhance and current protect cyber security protocols in vulnerable industries.
Threat to Zenith City Water
Relevance: By demonstrating the kind of high tech threats out there, Stuxnet implies the threats that could potentially make our systems their target.
Vulnerable Systems: Determines which of our systems in operating could have been in the list a hacker may target in future.
Potential Consequences: Explains potential violation scenarios and their disastrous consequences for customers, such as interruptions in service provision and work risks.
Urgency for Action: Emphasizes the existing urgency to take measures in boosting our cybersecurity efforts and preparedness.
Current Cybersecurity Measures at Zenith City Water
Existing Defenses: Debriefs the existing cybersecurity measures and technologies used to prevent cybercrimes in the organization.
Strengths and Weaknesses: Studying the effectiveness of the measures to be implemented and the flaws that were identified.
Areas for Improvement: Pinpoints certain aspects that require our particular focus when it comes to cybersecurity.
Recommendations for Enhancements: Provides specific recommendations for the improvement and implementation of new security measures to safeguard our systems.
Proposed Cybersecurity Enhancements
Advanced Monitoring: Those who argue that important innovations should become the key to using state-of-the-art monitoring systems to identify threats and suspicious activities in real time.
Employee Training: Highlights the need to continuously educate the staff and provide training on the measures needed to ensure that they are secure such a set where they are constantly exposed to the internet.
System Upgrades: Even though our system is highly improved depending on the recent technology, we should update our software systems frequently and apply patches that would seal our security breaches.
Incident Response Plan: Some of the recommendations and interventions might include rewriting or establishing a clear tactical framework for incident response, which allows rapid and necessary actions in case of the cyberattack.
Financial Implications
Investment Required: Details some of the possible expenditures that the organization is likely to accrue as a result of integrating the recommended changes in cybersecurity.
Cost-Benefit Analysis: They put a comparison of the risks of suffering from cyber-attack consequences with relatively higher risks of implementing stricter protection features.
Long-Term Savings: Stress: emphasizes the long-term consequences of making a secure cyber defense a profitable and successful investment while saving money that would otherwise be spent on fixing system damages, as well as the costs of operational stoppages.
Funding Strategies: Outlines management plans for adopting the right approach when budgeting and financing the required cybersecurity improvements.
Strategic Importance of Cybersecurity
Business Continuity: Relates firm cybersecurity to the conceptualization of the seamless furtherance of business operations.
Regulatory Compliance: Stresses the importance of helping companies obey cybersecurity standard regulations to avoid fines and other legal repercussions.
Reputation: Incorporates thinking about the loss of reputation in light of cyber threats and the importance of reputation for creating value.
Competitive Advantage: Proposes cybersecurity as the strategic advantage within the field, which contributes to improving the confidence of the customers and stakeholders.
Call to Action
Immediate Priorities: Enumerates several short-term measures that the C-Suite ought to execute to strengthen the cybersecurity framework in our organization.
Strategic Decisions: A plea for strategic decisions, to totally incorporate cybersecurity into our corporate governance system still further.
Leadership Role: Assures that we encourage our leadership to advocate for and sponsor cybersecurity endeavors within the firm.
Review and Feedback: Invites criticism on the proposed cybersecurity strategy in a view to having the best way on how we can improve our efficiency.
Conclusion
Recap of Key Points: Consolidates the consideration of the preceding critical discussion on Stuxnet and its effects on Zenith City Water.
Final Urgency: This emphasizes the need to take appropriate steps aimed at building up protective measures to impact cyber security.
Commitment to Safety: Confirms our profound understanding of the need to adhere to the advanced standards of security when investing in critical infrastructure and our stakeholders.
References
Langner, R., 2020. Stuxnet and its Hidden Lessons on the Ethics of Cyberweapons. Cambridge University Press, Cambridge.
Zetter, K., 2019. Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon. Broadway Books, New York.
Chen, T.M. and Abu-Nimeh, S., 2021. 'Lessons from Stuxnet', Computer Security Journal, vol. 37, no. 2, pp. 81-93.
O'Murchu, L., Chien, E. and Falliere, N., 2022. Analysis of the Cyber Weapon Stuxnet. Symantec Security Response, Mountain View, CA.
Richardson, R., 2023. 'Cybersecurity for Industrial Control Systems: From the Viewpoint of Close-Loop', Control Systems Magazine, IEEE, vol. 44, no. 1, pp. 30-40.
McDonald, G., 2021. 'Impact of Cyber Warfare on Industrial Infrastructure: A Case Study of Stuxnet', International Journal of Information Security, vol. 20, no. 3, pp. 345-356.
Wright, O., Harkin, J., and Becker, T., 2023. 'Strategic Approaches to Securing Industrial Control Systems in Water Utilities', Journal of Cybersecurity and Mobility, vol. 8, no. 1, pp. 59-78.
THANK YOU!
image1.png
image2.png
image3.jpeg
image4.png
image5.png
image6.png
image7.png
image8.png
You will fill out the following form using the incident you chose in Week 1.
Company Background Information
What is your main industry sector? ☐ Defense Industry ☐ Financial Services ☐ Healthcare ☐ Biotech/Pharmaceutical ☐ Food Production/Distribution ☒ Utilities (water, power, etc.) ☐ Transportation/port services ☐ Technology ☐ Energy Production (oil, natural gas, etc.) ☐ R&D/University ☐ Manufacturing ☐ Other ________________________
Does your organization consider itself to be a small, small-medium, medium-sized, or large business? ☐ Small Business (less than 100 employees) ☒ Small-Medium Business (100-999 employees) ☐ Medium-sized Business (1,000-9,999 employees) ☐ Large Business (10,000 employees or more)
How long has your organization been dedicating resources to cybersecurity? ☐ Started within the last year ☐ 1-3 years ☐ 3-5 years ☒ More than 5 years
Does your organization have someone responsible for cybersecurity/information security, such as a CISO (Chief Information Security Officer) or Chief Security Officer (CSO)?
☒ Yes |
☐ No |
Did your organization have someone responsible for cybersecurity/information security, such as a CISO (Chief Information Security Officer) or Chief Security Officer (CSO), at the time of the incident? ( Yes / No )
☒ Yes |
☐ No |
1 – Type of Incident
Please identify the major category description that best fits this incident. Check all that apply: ☒ Distributed Denial of Service (DDOS) ☐ Destructive WORM ☐ Ransomware/Extortion ☐ Data Theft ☐ Intellectual Property (IP) ☐ Personally Identifiable Information (PII) ☐ Financial Data ☐ Health Records ☐ Other type of data _______________ ☐ Unknown ☐ Web page defacement ☐ Malware (Variant, if known______________) ☐ Zero-Day Malware Attack ☒ SCADA or Industrial Control System Attack ☐ Accident/Human Error ☐ System Failure ☐ Natural or Man-made (Physical) Disaster ☐ Storage/Back-up Failure ☐ Network Intrusion ☐ Third-Party Event ☐ Phishing ☐ Industrial Espionage ☐ Physical Sabotage ☐ Configuration Error ☐ Insider Attack ☐ Lost Device ☐ Outage ☐ Other ☐ Additional Entry . . .
2 – Severity of Incident (See Assignment Guide Page 10 for charts)
Impact |
Financial or Asset Loss |
Time-to Market Delay |
Product Quality |
Environment |
Health & Safety |
Legal |
Level |
Low |
None |
High |
Medium |
High |
Low |
Fill out the information in the columns above. Then using the charts on Page 10, specify the Impact level.
3 – Company Posture at Time of Incident
Does your organization use a cyber risk management framework, best practice, regulation or standard as part of its cyber risk management activities?
☒ Yes |
☐ No |
If Yes, please identify: _________NIST________
If you are required to be certified compliant with a technical regulation or standard, how are you assessed?
☐ Self-Assessed ☐ Self-Assessed with Third-Party Validation ☒ Third-Party Assessment and Validation ☐ Post-Market Surveillance ☐ N/A: Not Required
Are your organization’s risk management practices formally approved and expressed as policy?
☒ Yes |
☐ No |
Are your organization’s cybersecurity practices regularly updated based on the application of risk management processes to changes in business/mission requirements and a changing threat and technology landscape?
☒ Yes |
☐ No |
Is cybersecurity integrated into your organization’s enterprise risk management?
☒ Yes |
☐ No |
Does your organization define risk-informed policies, processes, and procedures?
☒ Yes |
☐ No |
If Yes, are they implemented as intended
☒ Yes |
☐ No |
Are they reviewed?
☐ Yes |
☐ No |
Does your organization have methods in place to respond effectively to changes in risk?
☒ Yes |
☐ No |
Do your organization’s personnel possess the knowledge and skills to perform their appointed roles and responsibilities?
☒ Yes |
☐ No |
Does your organization understand its dependencies and partners and receive information from partners that enable collaboration and risk-based management decisions within your organization in response to events?
☒ Yes |
☐ No |
4 – Timeline of Incident
What is the interval between initial cyber intrusion to target or significant system compromise (including data records compromise)? ☒ Less than 4 hours (almost immediate) ☐ 4-24 hours (less than a day) ☐ 2-7 days (less than a week) ☐ 7-30 days (more than a week, but less than a month) ☐ 30-180 days (between 1 and 6 months) ☐ 180 days-365 days ( 6 months to a year) ☐ More than a year ☐ Unknown (initial date of intrusion, and/or system compromise undetermined
What is the interval between compromise and detection of the incident’s effects? ☒ Less than 4 hours (almost immediate) ☐ 4-24 hours (less than a day) ☐ 2-7 days (less than a week) ☐ 7-30 days (more than a week, but less than a month) ☐ 30-180 days (between 1 and 6 months) ☐ 180 days-365 days ( 6 months to a year) ☐ More than a year ☐ Unknown (initial date of intrusion, and/or system compromise undetermined
What is the interval between detection of the incident and containment/mitigation? ☐ Less than 4 hours (almost immediate) ☒ 4-24 hours (less than a day) ☐ 2-7 days (less than a week) ☐ 7-30 days (more than a week, but less than a month) ☐ 30-180 days (between 1 and 6 months) ☐ 180 days-365 days ( 6 months to a year) ☐ More than a year ☐ Unknown (initial date of intrusion, and/or system compromise undetermined
5 – Apparent Goal of Attackers
What was the attacker’s apparent end-state goal? Check all that apply.
☐ Acquisition/Theft – Illicit acquisition of valuable assets for resale or extortion in a way that preserves the assets’ integrity but may incidentally damage other items in the process.
☐ Business Advantage – Increased ability to compete in a market with a given set of products. The goal is to acquire business processes or assets.
☐ Technical Advantage – Illicit improvement of a specific product or production capability. The primary goal is to acquire production processes or assets rather than a business process.
☐ Damage to Property – Injury to the target organization’s physical/electronic assets, or intellectual property.
☐ Bodily Injury/Death – Injury to or death of the target organization’s personnel.
☐ Denial – Prevent the target organization from accessing necessary data or processes.
☒ Disruption of System/Service Availability – Interference with or degradation of the target organization’s legitimate business transactions.
☐ Production Loss – Reduction or halting of the target organization’s ability to create goods and services by damaging or destroying its means of production.
☒ Environmental Harm – Adverse impact to land, air, or water resources.
☒ Degradation of Reputation – Public portrayal of the target organization in an unflattering light, causing it to lose influence, credibility, competitiveness, or stock value.
☐ Unknown – Intent of the attack is not known.
☐ Not Applicable – Attack does not appear to have been an intentional/hostile incident.
☐ Additional Entry . . .
6 – Contributing Causes
Incident Progression |
Step 1 |
Step 2 |
Step 3 |
Step 4 |
Step 5 |
Step 6 |
Intentionally caused or conducted by third party vendor |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Unintentionally/negligently introduced through third party information sharing partner (e.g., link to an infected site, or poor protection of shared materials) |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Third party vendor infrastructure (e.g., remote access connection) |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Third party vendor account credentials |
☒ |
☐ |
☐ |
☐ |
☐ |
☐ |
Data was under third party control when compromised |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Direct access by Insider |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Physical access by unauthorized personnel |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Spear phishing email attachment |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Spear phishing email link |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Poor Passwords |
☒ |
☐ |
☐ |
☐ |
☐ |
☐ |
Stolen Authorized Credentials |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Employee Human Error in authorized procedure (e.g., distracted/multitasking, inadequate training) |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Employee Human Error – unauthorized/reckless activity (system or authorization misuse, benign shortcuts, etc.). |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Improper sensor tuning |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Malicious Insider Activity |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Unauthorized Device (e.g., personal laptop) |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Misconfigured Device (firewall, router, switch) |
☒ |
☐ |
☐ |
☐ |
☐ |
☐ |
Compromised mobile media (e.g. USB) |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Compromised firmware |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Known vulnerability not patched |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Previously unknown vulnerability |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Brute Force attack |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Virus w/ A/V |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Virus – No A/V |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Zero-Day |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Additional Entry… |
☐ |
☐ |
☐ |
☐ |
☐ |
☐ |
Other: |
7 – Specific Control Failures
Please identify the category of the involved security control as well as descriptors of the failure. Check all that apply:
Type of Security Control: ☐ Human ☐ Process ☒ Technology ☐ Environmental (e.g., facility power, cooling, natural disaster, etc.) ☐ Third Party
Level of Security Control: ☐ Network ☐ Business/Process Application ☒ System Control (SCADA/ICS) ☐ Data
Descriptor of the Failure: ☐ Poor Internal Security Processes ☐ Approaches/Tool Incompatible with All Platforms ☐ Improperly Tuned Sensor(s) ☒ Inadequate Maintenance/Patching Practices ☐ Working Control Failed to Prevent Incident and/or Attack ☐ Other ________________ ☐ Additional Entry . . .
8 – Assets Compromised or Affected
Please identify all assets that were affected by the compromise. Check all that apply: ☒ SCADA/ Industrial Control Systems (ICS) ☐ Databases ☐ Individual Accounts ☒ Business Application Servers ☐ Third Party Systems ☐ Websites (e.g., defacement) ☐ Structured Data (e.g., application/relational databases) ☐ Unstructured Data (e.g., office/individual’s files, PDFs, blueprints) ☐ Transactional Systems ☐ Decision Support Systems (including data warehouses) ☐ Building Management Systems ☐ Peripheral (e.g., USB, external hard drive) ☐ End-User Device (e.g., stolen iPad, phone, laptops) ☒ Data Center/Office Device (e.g., server, storage array, printer) ☐ Printed Hardcopy ☐ Other ☐ Additional Entry . . .
9 – Type of Impact(s)
Check all that apply:
What is the cybersecurity industry category affected? Check all that apply: ☐ Loss of confidentiality ☒ Loss of integrity ☒ Loss of availability
What is the amount of data compromised? ☒ 0-100,000 records/documents ☐ 100,001-500,000 records/documents ☐ 500,001-1,000,000 records/documents ☐ Over 1,000,000 records/documents ☐ Not Applicable
What is the duration of the experienced business interruption and/or outage? ☒ Less than one hour ☐ 1-3 hours ☐ 3-10 hours ☐ 10-24 hours ☐ 1-3 days ☐ 3-6 days ☐ Greater than one week
What is the sensitivity of the data involved? Check all that apply: ☐ Personally Identifiable Information (PII) ☐ Protected Health Information (PHI) ☐ Intellectual Property (IP) ☐ Credit Card Data ☐ Consumer Financial Data ☐ Employee Data ☐ Business Process Data (e.g., logistics information, trade secrets) ☐ Biometric Data ☐ Corporate Confidential Information ☐ Personal Confidential Information (e.g., an individual’s emails) ☐ Other _______________ ☒ Not Applicable ☐ Additional Entry . .
What was the actual outcome of the attack? Check all that apply: ☐ Acquisition/Theft – Illicit acquisition of valuable assets for resale or extortion. ☐ Business Advantage – Increased ability to compete in a market with a given set of products. ☐ Technical Advantage – Illicit improvement of a specific product or production capability. ☐ Damage to Property – Injury to the target organization’s physical or electronic assets, or intellectual property. ☐ Bodily Injury/Death – Injury to or death of the target organization’s personnel. ☐ Denial – Prevention of the target organization’s access to necessary data or processes. ☒ Disruption of System/Service Availability – Interference with or degradation of the target organization’s legitimate business transactions. ☐ Production Loss – Reduction or halting of the target organization’s ability to create goods and services by damaging or destroying its means of production. ☒ Environmental Harm – Adverse impact to land, air, or water resources. ☒ Degradation of Reputation – Public portrayal of the target organization in an unflattering light, causing it to lose influence, credibility, competitiveness, or stock value. ☐ No Apparent Impact – No impact has been detected or it is confirmed that the attack had no impact. ☐ Additional Entry . . .
10 – Incident Detection Techniques
If the incident was detected externally, how was the organization notified? Check all that apply: ☒ Not Applicable (Detected Internally) ☐ Disclosed by threat agent (e.g., extortion, public bragging) ☐ Compliance Audit ☐ Security/Vulnerability scan ☐ Emergency Response Team (e.g., ICS-CERT) ☐ Found Documents ☐ Fraud Detection (e.g., CPP) ☐ Notified while investigating separate incident ☐ Notified by law enforcement or government agency (what agency? __________________) ☐ Report of suspicious traffic ☐ Notified by partner/provider organization (select below) ☐ Antivirus Company (not AV product) ☐ Monitoring Service ☐ Audit Service ☐ Other _______________________ ☐ Additional Entry . . .
If the incident was detected internally, how was it detected? Check all that apply: ☐ Not applicable (Detected Externally) ☐ Host IDS or file integrity monitoring ☐ Informal IT review ☒ Network IDS or IPS alert ☒ Antivirus alert ☐ Vulnerability scan ☐ Data loss prevention software ☐ Financial audit/reconciliation process ☐ Analytics ☐ Fraud detection mechanism ☐ Discovered while responding to another (separate) incident ☐ Infrastructure monitoring ☐ External Threat Feed ☒ Log review process or SIEM ☐ Reported by employee who saw something odd ☐ Physical security system alarm ☐ Unknown ☐ Additional Entry . . .
11 – Incident Response Playbook
Please identify the tactics, techniques and procedures used to respond to the incident. Check all that apply: ☒ Blocking ☒ Install/update patch ☒ Change passwords ☐ Honeypot ☐ Sinkhole ☐ Isolation/segregation in the DMZ ☐ Disconnection ☐ Employ custom scripts for hunting ☒ Reconfigure network devices ☒ Direct personnel actions ☐ Re-tune Technical Controls ☐ Patch Management ☐ Other ____________________ ☐ Additional Entry . . .
12 – Internal Skill Sufficiency
Were internal skills sufficient?
☒ Yes |
☐ No |
What internal skills were employed? Check all that apply:
☒ Incident response coordination ☒ Forensics/investigations ☒ Response strategy development ☒ Technical skills ☐ Chain of custody/evidence management ☐ Systems analysis (e.g., correlation, event detection, log analyses) ☐ Enterprise architecture design ☐ Business impact assessment ☐ Malware analysis/reverse engineering ☐ Other __________ ☐ Additional Entry . . .
Does your organization outsource skills?
☐ Yes |
☒ No |
If yes, did the outsourcing work?
☒ Yes |
☐ No |
What external skills were employed? Check all that apply: ☐ Expert witness ☒ Incident response coordination ☒ Forensics/investigations ☒ Response strategy development ☒ Technical skills ☐ Chain of custody/evidence management ☐ Systems analysis (e.g., correlation, event detection, log analyses) ☐ Enterprise architecture ☐ Business impact assessment ☐ Malware analysis/reverse engineering ☐ Other __________ ☐ Additional Entry . . .
Does your organization have an incident response (IR) plan?
☒ Yes |
☐ No |
Does your organization have internal forensic capabilities?
☒ Yes |
☐ No |
Does your organization have a retainer for external forensic capabilities?
☒ Yes |
☐ No |
13 – Mitigation/Prevention Measures
Please identify which actions were taken to stop incidents and to prevent similar future occurrences. Check all that apply: ☒ Implemented New Policies/Procedures ☒ Conducted Training ☒ Performed Patch Management ☒ Corrected Configurations ☒ Installed Additional Authentication Measures ☐ Security Communications Program ☐ Revised Security Responsibilities. Check all that apply: ☐ Implemented new policies and procedures ☐ Formalized responsibility for security controls (e.g., documented and assigned) ☐ Added additional security solution to portfolio ☐ Engaged outside provider to support internal skill sets ☐ Other __________________ ☐ Additional Entry . . . ☐ Purchased Cybersecurity Insurance ☐ Engaged with a Third-party Vendor ☐ Deployed New Technology ☐ Captured Lessons Learned ☐ Additional Entry . . .
14 – Costs
Costs
Cost Category |
Cost ($) |
Direct Losses to Theft |
$0 |
Liability Claims/Restitution |
$0 |
Production Equipment Replacement |
$0 |
System Administrator Overtime |
$5,000 |
Third Party Assistance Costs |
$10,000 |
Staff Augmentation During Response |
$2,000 |
Hardware/Equip (Replacement) |
$1,000 |
Hardware/Equip (New) |
$3,000 |
System/Software Installation |
$2,000 |
Production Delays |
$1,000 |
Backup Restoral |
$500 |
Business Interruption/Lost Transactions |
$1,500 |
Lost Wages/Lost Profits |
$2,000 |
Public Relations/Reputation |
$3,000 |
Victim Notification |
$1,000 |
Credit Monitoring |
N/A |
Legal Costs |
$2,500 |
PCI & Regulatory Fines/Assessments |
N/A |
Other |
$1,000 |
Total Costs |
$35,500 |
15 – Vendor Incident Support
Vendor Type |
1 Difficult to Source |
2 Hostile / Combative |
3 Not Knowledgeable |
4 Indifferent / Unhelpful |
5 Cooperative |
6 Reasonably Helpful |
7 Actively Helpful |
Telco |
☒ |
||||||
IaaS Provider |
☒ |
||||||
Business Services Partner |
☒ |
||||||
Merchandise Supplier |
☒ |
||||||
Business App Provider / Host |
☒ |
||||||
POS System Provider |
☒ |
||||||
Utility (power, HVAC, etc.) |
☒ |
||||||
Forensic |
☒ |
||||||
Software |
☒ |
||||||
Hardware |
|||||||
Insurer |
|||||||
Additional Entry . . . |
If you filed an insurance claim, was it accepted or denied?
☒ Accepted |
☐ Denied |
16 – Related Events
Has your organization experienced any recent events that may be related to the incident? Check all that apply: ☐ New Data Host (IaaS or SaaS Provider) ☐ New Software/Application Provider ☐ Corporate Merger/ Acquisition ☐ Corporate Lay-Offs / Downsizing ☐ Seasonal / Cyclical Event ☐ Geopolitical / Regional Event ☐ Disgruntled Employee(s)/Strike ☒ Industry Sector-Wide Attacks ☐ New Product Release/Pre-Release ☐ Recent Event/Bad Publicity (e.g., Environmental Impact, Scandal) ☒ New Corporate Policy Release (i.e., with Social/Economic Implications) ☐ Natural Disasters ☐ Operation / Campaign ☐ C-Suite Level Public Remarks Additional Entry . . .
Cristian DeWeese
American Public University System
ISSC479
Professor Wang
04/21/2024
Introduction
Zenith City, USA, is located in the upper Midwest, with 90,000 people in five boroughs. The city is categorized as having four hospitals and is governed by an elected mayor. The city also receives its drinking water from both surface water and groundwater sources. Water treatment is known to take into account coagulation, flocculation, sedimentation, filtration and disinfection. Softening, pH adjustment, and fluoridation were also conducted. Hence, the report will develop security policies for Zenith City Water.
Security policies
Security policy is defined as a plan or a high-level statement that is used to embrace the organizational beliefs, goals, objectives and acceptable procedures for information systems (Alassaf & Alkhalifah, 2021). There are three types of security policies that can be defined in an organization: security program policy, issue-specific security policy, and system-specific security policy.
i. Security program policy (SPP)
This is used to define the security objective of the entire organization and its commitment to information security policy. It is a primary document where other security policies are derived. The security program policy of Zenith City includes the following:
· The organization is responsible for securing information from the outside world for all customers rather than citizens.
· The Zenith City Water is restricted from access from the public by using fencing and security guards.
· The Zenith City water is only accessible to authorized employees or individuals who have a task or responsibility.
· Zenith City Water protects its employees and all its devices to ensure that they are always in the right hands.
· Employees are only allowed to use company devices when communicating with employees to ensure that the company improve its security.
· Zenith City Water ensures it is treated to the best level, following the required process.
· Zenith City Water has a well-established sewer system that ensures water quality and public health protection.
ii. Issue Specific Security policy (ISSP)
These are guidelines for a given specific threat. Hence, the company has developed guidelines for sewer systems to protect water quality and public health (McLeod & Dolezel, 2022). The ISSP of the company include:
· Zenith City has a well-established water treatment procedure that ensures that the water is treated to protect the public.
· Zenith City water treatment involves coagulation, flocculation, sedimentation, filtration and disinfection.
· Zenith City water treatment also considers softening, pH adjustment and fluoridation.
· Zenith City Water pumps water to the consumers at a capacity of 5 MGD, and the system can store up to 3MG.
· Zenith City's water system does not have backflow prevention valves for homes and businesses.
· Zenith City provides wastewater services in the city's Southern portion using a secondary wastewater treatment plan.
· Zenith City has two stormwater outfalls, one along the West River and the other on the Crystal River.
iii. System-specific policy (SysSP)
This is a policy that aims at a particular system, such as the Zenith Sewer water system. Below is the SysSP for the Zenith sewer water system.
· Zenith's sewer water system is protected from access by the public and any unauthorized individuals in the organization.
· The sewer water system ensures that the waste is treated with all the required procedures to not harm the public.
· Zenith City has established two wastewater services that ensure that the city is secure and that waste is managed in the appropriate water.
· Zenith City has come up with well-established approaches that are used for sewer water management to ensure that the public is protected from different harmful chemicals.
· Zenith sewer water system focuses on protecting the environment and ensuring that everyone in the city is secure.
· Zenith sewer water system plant operates 24 hours a day, 365 days a year, providing a critical sanitation service that protects public health and the environment.
References
Alassaf, M., & Alkhalifah, A. (2021). Exploring the influence of direct and indirect factors on information security policy compliance: a systematic literature review. IEEE Access, 9, 162687-162705.
McLeod, A., & Dolezel, D. (2022). Information security policy non-compliance: Can capitulation theory explain user behaviors?. Computers & Security, 112, 102526
2
Security Frameworks Comparison and Analysis
Cristian DeWeese
ISSC480
American Military University
07/07/2024
In this analysis, the author is going to compare the security framework policies, it originated from the ISSC479 Week 3 assignment with the NIST Cybersecurity Framework (NIST CSF).
Locate a Publicly Available Security Framework Policy: For comparison purposes, the one we choose to match our company’s cybersecurity program to is the NIST Cybersecurity Framework (NIST CSF).
Compare and Contrast the Security Framework Policies
NIST Cybersecurity Framework (NIST CSF):
Identify: Assets are all the things that the organization needs to protect and enhance; risks are threats that can affect those assets; vulnerability is susceptibility of the assets to those risks.
Protect: They should put measures like use of access rights and data protection in place.
Detect: Create activities to detect cybersecurity events.
Respond: After the detection of at least one incident:
Recover: Recover degraded functionalities arising from cyber events (NIST, 2018).
ISSC479 Week 3 Security Framework:
Risk Assessment: This is because the evaluation of the vulnerabilities of ICS as well as SCADA should be carried out as often as possible (Gjesvik & Szulecki, 2023).
Access Control: Precise limitation of the user quality to access the systems nothing else.
Incident Response: Administrative processes in regard to accidents.
Physical Security: Sheltering of physical assets.
Training and Awareness: Security awareness and training of employees.
Key Differences:
Physical Security: Whereas ISSC479 covers one of the domains, namely physical security, while NIST CSF does not (Majchrzak et al., 2021).
Training and Awareness: ISSC479 focuses on training that would minimize the effects of social engineering; NIST CSF suggests this requirement to an extent (Gjesvik & Szulecki, 2023).
Scope: NIST CSF is generic, on the other hand, ISSC479 is specific for ICS and SCADA systems (John, 2022).
Differences and Discussion
Differences:
Physical Security: ISSC479 covers physical security for ICS & SCADA systems.
Training and Awareness: ISSC479 is centered at training where one would reduce the risks of social engineering (Prisecaru, 2022).
Specific Focus: FUNC ISSC479 is intended specifically for ICS and SCADA systems’ particular susceptibilities.
Discussion on ICS and SCADA Security: Security for ICS and SCADA systems requires specialty protection because they are intricate and vital to infrastructure tasks (Willett, 2023). Regarding the above challenges, both physical security and training offered by ISSC479 are quite sufficient to deal with these issues. The ISSC479 is more directed at ICS and SCADA systems as compared to the general NIST CSF. Sustained change is required to further improve all aspects pertaining to the protection of the key infrastructure.
References
Gjesvik, L., &Szulecki, K. (2023). Interpreting cyber-energy-security events: experts, social imaginaries, and policy discourses around the 2016 Ukraine blackout. European Security, 32(1), 104-124. https://doi.org/10.1080/09662839.2022.2082838
Majchrzak, D., Michalski, K., &Reginia-Zacharski, J. (2021). Readiness of the Polish crisis management system to respond to long-term, large-scale power shortages and failures (blackouts). Energies, 14(24), 8286. https://doi.org/10.3390/en14248286
National Institute of Standards and Technology. (2018). Framework for Improving Critical Infrastructure Cybersecurity. https://nvlpubs.nist.gov/nistpubs/cswp/nist.cswp.04162018.pdf
Prisecaru, P. (2022). The War in Ukraine and the Overhaul of EU Energy Security. Global Economic Observer, 10(1). http://www.globeco.ro/wp-content/uploads/vol/GEO_Vol_10_No_1.pdf#page=16
Willett, M. (2023). The cyber dimension of the Russia–Ukraine War. In Survival: October-November 2022 (pp. 7-26). Routledge.9781003422211