Emerging Threats and Counter Measures Discussion

Anonymous
timer Asked: Feb 24th, 2019
account_balance_wallet $10

Question Description

DEPTH:

This defense in depth discussion scenario is an intentional cybersecurity attack on the water utility’s SCADA system. It occurs during the fall after a dry summer in Fringe City. The water utility’s Information Technology (IT) person did not receive an expected pay raise and decides to reprogram the SCADA system to shut off the high-lift pumps. The operator’s familiarity with the SCADA system allows him to reprogram the alarms that typically notify operators of a high-lift pump failure. In addition, he prevents access to the SCADA system by others. A wildfire breaks out on the outskirts of the city. Please identify what type(s) of new countermeasures should have been implemented to prevent this cyber attack from occurring.

Start a discussion thread and discuss what type(s) of new countermeasures should have been implemented to prevent the cyber attack described above from occurring. Be specific in recommending countermeasures for this scenario.

You must do this following:

1) Create a new thread. As indicated above, discuss what type(s) of new countermeasures should have been implemented to prevent the cyber attack described above from occurring. Be specific in recommending countermeasures for this scenario.

2) Select AT LEAST 3 other students' threads and post substantive comments on those threads. Your comments should extend the conversation started with the thread.

ALL original posts and comments must be substantive. (I'm looking for about a paragraph - not just "I agree.")

Cyber Attacks Protecting National Infrastructure, 1st ed. Chapter 6 Depth Copyright © 2012, Elsevier Inc. All Rights Reserved 1 • Any layer of defense can fail at any time, thus the introduction of defense in depth • A series of protective elements is placed between an asset and the adversary • The intent is to enforce policy across all access points Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 6 – Depth Introduction 2 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 6 – Depth Fig. 6.1 – General defense in depth schema 3 • Quantifying the effectiveness of a layered defense is often difficult • Effectiveness is best determined by educated guesses • The following are relevant for estimating effectiveness – – – – Chapter 6 – Depth Effectiveness of Depth Practical experience Engineering analysis Use-case studies Testing and simulation Copyright © 2012, Elsevier Inc. All rights Reserved 4 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 6 – Depth Fig. 6.2 – Moderately effective single layer of protection 5 • When a layer fails, we can conclude it was either flawed or unsuited to the target environment • No layer is 100% effective—the goal of making layers “highly” effective is more realistic Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 6 – Depth Effectiveness of Depth 6 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 6 – Depth Fig. 6.3 – Highly effective single layer of protection 7 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 6 – Depth Fig. 6.4 – Multiple moderately effective layers of protection 8 • A national authentication system for every citizen would remove the need for multiple passwords, passphrases, tokens, certificates, and biometrics that weaken security • Single sign-on (SSO) would accomplish this authentication simplification objective • However, SSO access needs to be part of a multilayered defense Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 6 – Depth Layered Authentication 9 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 6 – Depth Fig. 6.5 – Schema showing two layers of end-user authentication 10 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 6 – Depth Fig. 6.6 – Authentication options including direct mobile access 11 • Commercial environments are turning to virtual, inthe-cloud solutions to filter e-mail viruses and spam • To that security layer is added filtering software on individual computers • Antivirus software helpful, but useless against certain attacks (like botnet) Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 6 – Depth Layered E-Mail Virus and Spam Protection 12 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 6 – Depth Fig. 6.7 – Typical architecture with layered e-mail filtering 13 • Layering access controls increases security • Add to this the limiting of physical access to assets • For national infrastructure, assets should be covered by as many layers possible Chapter 6 – Depth Layered Access Controls – Network-based firewalls – Internal firewalls – Physical security Copyright © 2012, Elsevier Inc. All rights Reserved 14 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 6 – Depth Fig. 6.8 – Three layers of protection using firewall and access controls 15 • Five encryption methods for national infrastructure protection – – – – – Chapter 6 – Depth Layered Encryption Mobile device storage Network transmission Secure commerce Application strengthening Server and mainframe data storage Copyright © 2012, Elsevier Inc. All rights Reserved 16 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 6 – Depth Fig. 6.9 – Multple layers of encryption 17 • The promise of layered intrusion detection has not been fully realized, though it is useful • The inclusion of intrusion response makes the layered approach more complex • There are three opportunities for different intrusion detection systems to provide layered protection Chapter 6 – Depth Layered Intrusion Detection – In-band detection – Out-of-band correlation – Signature sharing Copyright © 2012, Elsevier Inc. All rights Reserved 18 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 6 – Depth Fig. 6.10 – Sharing intrusion detection information between systems 19 • Developing a multilayered defense for national infrastructure would require a careful architectural analysis of all assets and protection systems – – – – Chapter 6 – Depth National Program of Depth Identifying assets Subjective estimations Obtaining proprietary information Identifying all possible access paths Copyright © 2012, Elsevier Inc. All rights Reserved 20

Tutor Answer

henryprofessor
School: Purdue University

Attached.

Running head: EMERGING THREATS AND COUNTER MEASURES

Emerging Threats and Counter Measures
Name
Institution

1

EMERGING THREATS AND COUNTER MEASURES

2

Emerging Threats and Counter Measures
Public utilities like water and electricity are essential in maintaining stable societies.
Therefore, they have to be secured adequately to prevent possible attacks like the one presented
in the case. Therefore, it is vital to apply defense in depth. In the kind o...

flag Report DMCA
Review

Anonymous
Tutor went the extra mile to help me with this essay. Citations were a bit shaky but I appreciated how well he handled APA styles and how ok he was to change them even though I didnt specify. Got a B+ which is believable and acceptable.

Similar Questions
Hot Questions
Related Tags
Study Guides

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors