Case Study: SCADA Worm
Protecting the nation’s critical infrastructure is a major security challenge within the U.S. Likewise, the responsibility for protecting the nation’s critical infrastructure encompasses all sectors of government, including private sector cooperation.
Q1: Describe the impact and the vulnerability of the SCADA / Stuxnet Worm on the critical infrastructure of the United States.
Q2: Describe the methods to mitigate the vulnerabilities, as they relate to the seven (7) domains.
Q3: Assess the levels of responsibility between government agencies and the private sector for mitigating threats and vulnerabilities to our critical infrastructure.
Q4: Assess the elements of an effective IT Security Policy Framework, and how these elements, if properly implemented, could prevent or mitigate and attack similar to the SCADA / Stuxnet Worm.
As the technology is evolving day by day, the organizations along with the government bodies need to maintain the cyber security in order to enhance the organizational performance. According to Andress (2014), the different virus and malicious worms can be used in order to attack the system of an organization. These are able to take out all the important source of data and can easily manipulate that data set for making any kind of unethical practices. Therefore, the organizations along with the different governmental bodies need to be very much aware of those kinds of activities. In addition to that, there are certain basic principles of the information security management. The organizations need to ensure the confidentiality along with the privacy measures in order to enhance their performance.
The primary aim of this study is to evaluate the impact of the different malicious worms over the different organizational functions. Along with that, the study also aims to satisfy the mitigation process from the security threats that those worms provides to them. In addition to that, the study also defines the different elements that are in the IT security policy and how these elements can help the organization to mitigate the different threat factors. Moreover, the study also provides proper information regarding the role and responsibilities of both the governmental and private bodies of mitigating the threat factors.
Impact and vulnerability issues of SCADA/ Stuxnet worm on the US infrastructure
The risk factor regarding the cyber security has enhanced to such extent, that the organizations along with the governmental bodies now mainly puts focus on the systems that are capable of managing the critical set of information. According to Crossler et al. (2013), the critical infrastructure of US government can easily defined as the assets those are very much essential for the entire US economy and over the entire society to maintain the proper functionalities.
The different items that can be considered as the critical infrastructure are the telecommunication service, food production along with the agriculture, manufacturing, and the logistics network. As the numbers of users are significant, therefore it can be said that both the private and public sector organizations are under the threat factor. The systems that can manage the different operational aspects of the critical infrastructure are mainly known as SCADA (Supervisory Control and Data Acquisition) systems. D'Arcy, Herath & Shoss (2014) said that, the SCADA is also considered as a small part of ICS (Industrial Control System) along with the RTS (Real Time System). These are mainly used for the monitoring the entire logical process.
In June 2010, a worm namely Stuxnet mainly targeted the Siemens SCADA industrial software along with the equipments that mainly operates at the Iranian nuclear facilities. However, the worm was mainly created for a specific target, still it leveraged the Windows, and the different USB flash drives. Along with that, according to Peltier (2013), that worm also had the capability to spread throughout the entire system. Therefore, it raised a sense of emergence in between the organizations who share the same SCADA system regardless of the fact that whether they are the target or not.
Another example can be taken into consideration while discussing this aspect. In 2003, a virus namely SoBig spread through the e-mails and it creates an ample amount of impact over the entire train signaling system at the CSX Corporation. The organization mainly manages a huge number of train lines in United States. The virus creates impact over the entire signaling process that resulted in a delay of near about 2 hour for the entire transportation process.
In addition to that, in 2000, a developer left his job due to the improper relationship with the management. The developer was associated with the project that implemented a system in order to manage the Shire’s sewage project. Along with that, he was also turned down from another job by the same organization. In order to take revenge, that person used a wireless radio transmitter in order to break into the system and manipulate the data set on the SCADA controller of the pumping station. This was resulted in a huge malfunction in the entire sewage system (www.cso.com.au, 2017).
Therefore, it can be easily said that the unethical usage of the Stuxnet worms can affect the entire system negatively. It can dispute the entire system and is able to find out the vulnerabilities very easily. Therefore, based on those loopholes the worms are spread and malfunction the entire system. That disrupts the entire process of US critical infrastructure to carry on smoothly.
Process of mitigating the vulnerabilities
According to Safa, Von Solms & Furnell (2016), there are certain steps that an organization or the government bodies can take into their account in order to mitigate the threat factors along with the vulnerabilities. These are described below.
Sharing the information that have the malicious elements can cause disruption in the overall functionalities of an organization. Therefore, the organizations need to have trained and skilled employees who can easily maintain and sustain the given data set (Siponen, Mahmood & Pahnila, 2014).
Proper allocation of the resources
The organizations need to allocate the resources to the proper employees who are skilled enough to handle and utilize the resource. Along with that, the proper implementation of the tiered threat model makes the organization able to assess and priories the threat factors and then they divide their resources properly.
Identification of the gaps in cyber security
In order to identify the risk factors, the organizations can perform an internal data audit to establish the thing that what the gaps available are whether it is internal or external. According to Von Solms & Van Niekerk (2013), this process also enhances the visibility of the different risk factors and allows the users to implement more promising cyber-threat assessment process.
The organizations can develop certain algorithms that can easily filter their data set. This mainly helps the data analysts to put focus on the accurate data set. It in turns helps the organization to identify the new threat elements in a timely manner.
Level of responsibility for both government and private organizations to reduce the mitigate threat factors
In order to reduce the different threat factors the organizations along with the government needs to take a step forward together. That can easily reduce the chance of different type of cyber attacks that can hamper the overall organizational function. The organizations need to incorporate a network administrator who can easily monitor the entire network in order to assess the network scenario. Along with that, the organizations also need to restrict the authorization of the network to the random users. Therefore, according to Whitman & Mattord (2013), it reduces the chance of cyber threat. Along with that, incorporation of firewalls can also be factor that can enhance the process of security risk mitigation. When it comes to government, they also need to take certain steps that can knock out the security threat regarding the cyber attacks. The different policies regarding the cyber attacks need to be monitored and updated with the advancement in the technological field. Therefore, it is considered as a critical element of the threat mitigation process.
Different elements of IT security framework and their importance to reduce the security threats
There are mainly seven different elements of the IT security framework. Those are described below.
The organizations need to create a sense of accountability in the three different employee categories like the general users along with the management and the important staffs. Along with that, the organizations also need to ensure one thing that no confidential data can be circulated outside the organization without having the permission of the management.
Network service policies
The organizations need to generate different policies in order to access the network securely along with the IP address and the proper configuration of the different network devices.
The organizations need to describe the fact that which particular services should run on which networks.
In addition to the network security, the organizations also need to ensure the proper security measures regarding their physical aspects. Xu, Jiang, Wang, Yuan & Ren (2014) said that, the organizations need to keep one thing in mind that without having the proper physical security, no organization is safe from the intrusion.
The organizations need to specify their staffs the process that they would take into their account while there is a security breach.
Acceptable use policies
The organization also needs to monitor the behavior of the staffs and the staffs should agree with the different security terms and conditions.
The proper implementation of the security training regarding the cyber threat can easily make the staffs of the organizations technically skilled. Therefore, they would become able to find out the updated cyber threats and can mitigate those.
After going through the entire study, it can be easily evaluated that every organization along with the government bodies need to ensure the aspects that can enhance their cyber security. However, in order to perform this both the private organizations and the government bodies needs to take a step forward. In addition to that, it can also be concluded that the mitigation of the cyber threats can enhance the organization’s operational processes.