discuss-what-type-s-of-new-countermeasures-should-have-been-implemented-to-prevent-the-cyber-attack-described-above-from-occurring-2

Reply with 50-75 words for below 6 posts

Discuss what type(s) of new countermeasures should have been implemented to prevent the cyber-attack described above from occurring. Be specific in recommending countermeasures for this scenario

APA Format

1.

Unfortunately, the case of the disgruntled employee that became a saboteur and wreaked havoc on the Fringe City SCADA system is a very realistic situation. Research has shown that employees with high levels of Information Technology access can be most harmful. Unrestriced employees have the possibility of installing malware, copying/stealing information, or even encrypting or deleting valuable information (Donnelson, 2017).

Internal attacks are classified as breaches that have been initiated by users that have been granted some level of access to the system. This could include employees, vendors, or customers. Amoroso (2013) describes the difficulty in blocking these attacks because some level of access is required for the user to successfully perform their role. The goal is to ensure that users are limited in the damage that can be caused, either diliberately or on accident.

One of the key concepts in protecting national assets is segregation of duties. This is the idea that no single person performs enough of one significant task to cause harm. Sarbanes-Oxley mandates this behavior for corporations in their accounting department. For instance, different people are used to write checks than those used to reconcile the transaction. Information Systems Audit and Control Association (ISACA) gives numerous examples of best-practice security measures to protect IT assetts, such as keeping database administrators out of the auditing process (Singleton, n. d.) In regards to Fringe City, one would expect at least a couple of people issuing checks and balances to the water system.

In the case of the SCADA attack, this employee had more access than should have ever been granted. According to the rule of least privilege, users should be restricted to the types of activities that are required to perform their job. While it might be easier to grant wide-levels of access, the importance of assigning granular access, through that of an access control list, cannot be understated, as this might be the most effective means of protecting resources (Gegick & Barnum, 2013; Amoroso, 2013). Specifically, it is inconceivable that a single employee should have the access to disable alarms, shut-off services, and assign access rights.

Finally, an effective means of reducing the possibility of internal sabotage is requiring multiple levels of approval for critical activities. Anytime an action is performed, such as disabling an alarm, it would have to be approved by a second employee. NIST control enhancement AC-3(2) enforces dual authorization to reduce the opportunity of a single user performing disastrous actions due to accident or sabotage (NIST, n. d.) Enabling this protocol would require that the disgrunted IT employee compromise another user’s account or find someone else that was willing to participate.

None of these strategies is failsafe, but each make the perpetrator work a little harder to cause their damage. Each step is another opportunity for the user to become stumped in their dangerous pursuit and give up. Additionally, each level is an opportunity to slow the attacker down, giving more opportunity to make a mistake and be discovered.

References:

Amoroso, E. G. (2013). Cyber attacks: protecting national infrastructure. Amsterdam: Butterworth-Heinemann

Donelson, B. (2017, June 28). Disgruntled Employees and Other Internal Threats to Your Cyber Security. Retrieved from https://www.jdsupra.com/legalnews/disgruntled-employees-and-other-60475/

Gegick, M., & Barnum, S. (2013, May 10). Least Privilege. Retrieved from https://www.us-cert.gov/bsi/articles/knowledge/principles/least-privilege

NIST Special Publication 800-53 (Rev. 4). (n.d.). Retrieved November 11, 2019, from https://nvd.nist.gov/800-53/Rev4/control/AC-3

Singleton, T. W. (n.d.). What Every IT Auditor Should Know About Proper Segregation of Incompatible IT Activities . Retrieved from https://www.isaca.org/Journal/archives/2012/Volume-6/Pages/What-Every-IT-Auditor-Should-Know-About-Proper-Segregation-of-Incompatible-IT-Activities.aspx

2.

The national infrastructure of the United States has become increasingly reliant on Supervisory Control and Data Acquisition (SCADA) systems. These systems form what is essentially the backbone of our critical infrastructure (“What is SCADA”, 2018). The SCADA systems are tasked with controlling and monitoring multiple types of industrial systems. The systems controlled by SCADA can include oil and gas production and supply, manufacturing, transportation and many more. In this current scenario, the SCADA system was tasked with the control of a local government water supply. The system was attacked internally and access to the system was inhibited by a disgruntled employee. To make matters worse, the employee worked in the Information Technology (IT) department and had knowledge of how to access the critical system. While the internal attack was happening, a local wildfire occurred in the city. The internal attack could result in possible loss of life and property because of a malfunctioning water supply. To reduce the possibility of future attacks of this nature, new countermeasures need to be put into place.

The easy answer is to strengthen the defenses using depth. At first look, this would seem to be the solution. When analyzing the situation more in depth, it is obvious that the internal attacker had the knowledge and access rights to the critical system using a Single Sign On (SSO) system. The SSO system can make users life easier but may not be the complete solution. In this case the protections were not suitable for protecting the attackers target (Amoroso, 2013). The security policy should include a new diversity with depth SSO authentication system. This needs to be employed so that there can be segmentation in place to restrict access and user permissions access based on the need of each user based on their role. The multiple layers of authentication could have prevented access to the high lift pumps.

The next concept that could have prevented the attack is discretion. More to the point using obscurity layers and organizational compartments might have been the key to preventing the attack. The effect of obscurity layers is that diverse, complimentary, and efficient coverage of the national infrastructure (Amoroso, 2013). Obscurity layers are primarily concerned with protecting data assets but could have been used to protect the program that was changed. A more complete method would be to employ organizational compartments. Organizational compartments are effective because access is based on a need to know. Organizational compartments are similar to clearance levels used by the government. This method uses permissions based on the role of the user. Without the proper write permissions, the program could not have been modified.

All of these measures are effective, but no method can be effective without stringent security policies in place. The organization must look at all possible methods of attack and account for these in a risk management plan. The risk management plan has to be an in depth look at the overall system and identify the weak links and define how the organization will respond.

References

Amoroso, E. (2013). Cyber attacks: protecting national infrastructure. Amsterdam: Butterworth-

Heinemann

“What is SCADA”? (2018). Inductive Automation. Retrieved from https://

Inductiveautomation.com/resources/article/what-is-scada

3

Cyber Security Attack on Water Utility’s SCADA system

The national critical systems support people’s daily lives. They include electricity, water system, transportation, and financial institutions. All these systems depend on the internet, and they require proper security to ensure they continue serving the needs of the nation (Brook, 2018). For each system, there are specific countermeasures that should be put in place to avoid cyber-attacks. SCADA systems control and monitor utility infrastructures such as water and electricity. This shows how important and necessary these systems should be protected against attacks.

In this case, there are specific security measures that can be used to countermeasure the attacks. A countermeasure can be defined as an action that should be taken to counteract the cyber-attack. Discussed below are some of the countermeasures;

1. Segmentation of Networks- this involves placing the systems in separate networks. This will protect the SCADA system from all potential malicious attacks that might target the primary interface (Brook, 2018). In this case, for instance, the SCADA systems can be connected and not to the primary network connection. For proper segmentation use Virtual Area Networks (VLANs)
2. Use of security layers- This involves the use of in-depth methods that will ensure the SCADA system has multiple security layers. In this case, firewalls can be installed to block all unauthorized packets (Gibson, 2018). Through this, one layer of security protection will be achieved.
3. Diversity and Redundancy controls- this involves ensuring that the SCADA systems continue operating even when there is a failure. A RAID is an excellent example of storage that can be used when the storage system has failed. Diversity, on the other hand, refers to protecting the SCADA system with diverse security controls (Gibson, 2018). For instance, the countermeasure would be installing a demilitarized zone with two firewalls.

References

Gibson. D (2018). Protecting SCADA Systems. Retrieved from https://blogs.getcertifiedgetahead.com/protecting-scada-systems/

Brook. C (2018). What is SCADA Security? Retrieved from https://digitalguardian.com/blog/what-scada-securi…

4

They can take preventive measures in advance and allow developing a proactive and predictive stance on cybersecurity; because the information on cyber threats is also an important aspect of protection. Before a cyber attack would target the system of a victim, gathering information is the intelligence of cyber threats. This enables organizations to take a proactive approach to cybersecurity and to take preventive measures in advance. Against three of our effective measurement criteria: resilience against cyber-measures; real-time support and action based on needs; and training materials and education to enhance user awareness of cybercrime; existing protection systems targeted cyber threats and the risks are assessed. It is adapted to the objectives of countermeasure; because companies working on against-security measures must select and use technology, which is far from easy (Rowe, 2003).

Thousands of cyber attacks (fraudulent online activities of obtaining confidential user information via e-mail, online transactions, live video streaming, online gaming, and navigation) are launched every day against Internet users of the entire world. The researchers set up several protective systems to prevent such attacks. Currently, the methods used by cyber attackers to carry out attacks are associated with the exploitation of human beings. These attacks are recorded more often than before and control is more difficult. Traditional security against-measures do not prevent violations against the human element. It describes the current status of attacks, countermeasures and protection tools related to cybersecurity-related to daily activities online. It can participate in a protective process to identify attacks and to take measures in cybersecurity; because it provides a useful taxonomy and classification for cyber attacks. To prevent cyber attacks, the cons-measures to be applied are:

•&νβσπ;&νβσπ;&νβσπ;&νβσπ;&νβσπ; Train employees to the principles of cybersecurity.

•&νβσπ;&νβσπ;&νβσπ;&νβσπ;&νβσπ; Change passwords regularly.

•&νβσπ;&νβσπ;&νβσπ;&νβσπ;&νβσπ; Install, use and regularly update antivirus software and spyware on all computers used in your business.

•&νβσπ;&νβσπ;&νβσπ;&νβσπ;&νβσπ; Limit employee access to data and information, and limit the power to install the software.

•&νβσπ;&νβσπ;&νβσπ;&νβσπ;&νβσπ; Use a firewall for your Internet connection.

•&νβσπ;&νβσπ;&νβσπ;&νβσπ;&νβσπ; Require individual user accounts for each employee.

•&νβσπ;&νβσπ;&νβσπ;&νβσπ;&νβσπ; Download and install the software updates for your operating systems and applications as they become available.

•&νβσπ;&νβσπ;&νβσπ;&νβσπ;&νβσπ; Secure your Wi-Fi networks Make sure it is secure and hidden; if you have a Wi-Fi network for your workplace.

•&νβσπ;&νβσπ;&νβσπ;&νβσπ;&νβσπ; Make data backups and important business information.

•&νβσπ;&νβσπ;&νβσπ;&νβσπ;&νβσπ; Control physical access to your computers and network components (Cronkright, 2019).

References

Cronkright, T. (2019). 5 Types Of Cyber Attacks And How To Prevent Them. Retrieved from, https://certifid.com/5-types-of-cyber-attacks-and-how-to-prevent-them/

Rowe, N. C. (2003). Cyber-attack. Retrieved from, https://faculty.nps.edu/ncrowe/edg_attacks.htm

5

The incident reported in this case comes from the failure of the employee to recognize the magnitude of the impacts of the actions that s/he takes against the corporate systems. The company failed to offer a pay rise to the employee. Such a behavior is not acceptable since it goes against the corporate policies and ethical principles of such a critical area of application. There are numerous types of cyber-attack countermeasures that the company in the context may benefit from. The first intervention or countermeasure that would have prevented the occurrence of the incident includes employee education. Employee education is a simple but powerful; tool and approach that offers a set of guidelines to the workers in a workplace on the best behavior to exhibit when dealing with such critical assets of a company (Lee, 2015). In addition to that, seeking and implementing legal countermeasures that may revolve around setting up policies backed up by various laws may have helped to prevent the occurrence of the incident. Laws offer a set of guidelines and conditions that the workers should not do while at the same time offering the associated consequences. Finally, the company ought to implement access control mechanisms. For instance, through these mechanisms, the company would limit the IT personnel to fully access the systems without the knowledge or inclusion of another specialist within the company (Roy, Kim & Trivedi, 2010).

Pros and cons

Employee education stands out as a critical asset that can help to offer the right sensitization to the workers thus reducing the occurrence of an attack. Education plays a crucial part in that it considers sensitizing the employees on the best practices to implement and avoid when dealing with system systems from a security perspective. However, the primary downside of education comes from the fact that it may not offer complete guidelines that the employees should follow. In addition to that, educating the employees does not guarantee ethical behavior.

Access control plays a critical part in that it allows a company to reinforce and control the type of systems or areas that each employee should access based on the levels of clearance set. Through access controls, a company can set the privileges of the employees thus limiting their areas of access. However, employees may abuse the given privileges as seen in the case mentioned above thus resulting in a cyber-attack.

Legal countermeasures provide the laws that a company and employees must observe when it comes to dealing with SCADA among other systems. This countermeasure is beneficial in that it sets out the legal requirements and consequences of failing to comply (Li et al. , 2012). However, some of the aspects and areas of a company fall beyond the scope of the legal systems making it hard to take legal action against the offenders.

Chapter 7

In this case, the incident represented defines the basics of a distributed denial of service attack and hacking. This attack arises from multiple factors. Attackers use diverse tasks and techniques to launch these attacks. The massive failure of the various financial systems and Automated teller Machines arise from a distributed denial of service attack. In addition to that, the attackers, in this case, launch an attack targeting the entire financial system which in the end affected the various services offered to the customers. Hence To prevent these attacks from happening in the future, the affected industry may need to implement multiple types of countermeasures. These types of countermeasures may include using IDS/IPS, encryption, patches and but not limited to honeypots. Honeypots offer a good platform form identifying a potential attack thus leading the hacker out of the real systems.

On the other hand, IPS/IDS systems offer an excellent platform for not only identifying but also preventing an attack such as hacking from affecting a given system (Lee, 2015). Encryption plays a critical part in that it helps to decode of critical network or system data such as passwords that attackers may use to launch their activities. Patches finally allow a company or a provider to implement a set of measures that seek to continually update the software products of the underlying systems to seal the potentially possible vulnerabilities that attackers can exploit.

Pros and cons

IDS/IPS

The primary advantage of using both the IDS and IPS systems comes from the fact that they help a company to identify potentially malicious traffic flowing within the various systems. In addition to that, the IPS systems help to prevent the malicious traffic from flowing into the networks and systems thus reducing the possibilities of the occurrence of such attacks as mentioned above. However, the primary disadvantage of using these systems comes from the rising cases of false positives and negatives. The high number of false negatives and positives may reduce the ability of the system administrators in the context to identify the real threats (Ashfaq, Wang, Huang, Abbas & He, 2017).

Patches

Patches offer benefits such as the ability of a firm to seal the potentially available vulnerabilities that a system exhibits. However, attackers can get into a system before patching since patches are not issued every minute. Additionally, attackers can create malicious programs that resemble genuine patches thus gaining access to a given system.

Encryption

Encryption stands out as one of the most common and secure countermeasures to prevent the occurrence of cyber attacks. Encryption helps to decode critical credentials into cyphertexts that the attackers cannot make meaning out of (Bendovschi, 2015). This statement means that even if an attacker accesses a system, through encryption, s/he cannot make meaning out of the credentials obtained thus preventing further attacks. However, the most effective encryption mechanisms or strategies are costly in various ways. For instance, the most appropriate encryption measures require a lot of computing resources and are costly to implement as well as maintain in the long run.

Honeypots

A honeypot is advantageous in that it creates a different platform that attracts attackers thus leading them away from the real systems. In addition to that, honeypots allow the affected parties to examine the motives of the attackers before they access the real system thus creating effective countermeasures to stop and prevent the occurrence of similar incidents in the future. However, some attackers use automated systems that exhibit the capabilities of detecting honeypots thus not effective in various areas.

References

Lee, N. (2015). Cyber attacks, prevention, and countermeasures. In Counterterrorism and Cybersecurity (pp. 249-286). Springer, Cham.

Li, X., Liang, X., Lu, R., Shen, X., Lin, X., & Zhu, H. (2012). Securing smart grid: cyber attacks, countermeasures, and challenges. IEEE Communications Magazine, 50(8), 38-45.

Roy, A., Kim, D. S., & Trivedi, K. S. (2010, April). Cybersecurity analysis using attack countermeasure trees. In Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research (p. 28). ACM.

Bendovschi, A. (2015). Cyber-attacks–trends, patterns, and security countermeasures. Procedia Economics and Finance, 28, 24-31.

Ashfaq, R. A. R., Wang, X. Z., Huang, J. Z., Abbas, H., & He, Y. L. (2017). Fuzziness based semi-supervised learning approach for the intrusion detection system. Information Sciences, 378, 484-497.

6

Water Utilities Countermeasures in Prevention of Cyber Attack

Across the globe, national infrastructures are faced with cases of cyber-attack. Such cases include data theft and physical threats, among others. In the case of the discussion, the operators in the water facilities deny access to the reprogramming the systems from other workers. As a result, the lift pumps fail, and Fringe City experiences fire breakout. Cybersecurity systems coordinate the utilization of physical, computational, and communicational procedures. This is done with the aim of prevention of threats (Sun, Hahn & Liu, 2018). In current society, the utilization of digital, physical procedures gets pertinent in various organizations like water control units and telecommunication institutions. In water control units, physical, cyber systems include water distribution networks, fire control systems, and sensor networks. In the control measures, SCADA uses computer integrated systems.

The cybersecurity assault on this framework would prompt a few issues in the organization that manages the control of the water facilities. SCADA permits the water control managers to monitor, control, and mechanize the capacities in the unit. Thus, water management and distribution are maximally optimized.

The integration of estimation methodology in the SCADA systems would help manage cyber risks in water facilities. According to Goyal & Ferrera (2018), in the improved systems for cyber-attack, a graph representation of risk estimation need to be developed. Thus, identification of vulnerabilities is eased in the systems. Additionally, the paths for attacks are identified in the case of a cyber-attack.

Furthermore, the incorporation of Petri net analysis is vital in countering vulnerabilities. The SCADA system will be able to identify attacks that are on high consequences rates. The Petri net models are capable of giving alarms in the SCADA systems (Mahmoudi-Nasr, 2019). Such kind of model will guarantee the protection of infrastructure in an organization. When applying the models, it is critical to assess the operator’s ability and impact on normal operations conduction.

Legal measures should be put in place in case of a cyber-attack. This provides legislation practices in the water facility and the implementation of regulatory systems in the protection of cyberspace. Practice in this entails ensuring mandatory assessment of critical infrastructure via audits in information security.

Additionally, the incorporation of organization measures is key to safeguarding infrastructure. This requires the implementation of policies and national initiatives. In this aspect, a national policy for infrastructure protection is developed. Also, there is a need to identify an agency that will implement such kind of policies. According to Maglaras et al. (2018), organizations are required to conduct audits in security. This will check the preparedness in case of a cyber-attack.

References

Goyal, P., & Ferrara, E. (2018). Graph embedding techniques, applications, and performance: A survey. Knowledge-Based Systems, 151, 78-94.

Maglaras, L. A., Ferrag, M. A., Derhab, A., Mukherjee, M., Janicke, H., & Rallis, S. (2018). Threats, Countermeasures, and Attribution of Cyber Attacks on Critical Infrastructures. ICST Trans. Security Safety, 5(16), e1.

Mahmoudi-Nasr, P. (2019). Toward Modeling Alarm Handling in SCADA System: A Colored Petri Nets Approach. IEEE Transactions on Power Systems.

Sun, C. C., Hahn, A., & Liu, C. C. (2018). Cybersecurity of a power grid: State-of-the-art. International Journal of Electrical Power & Energy Systems, 99, 45-56.