Recent orders
Class 643 Week 6
Class 643 Week 6
Author’s Name
Institutional Affiliation
Class 643 Week 6
The differences between the 2015 cyber-attack on the Ukrainian electricity grid and the 2003 attack on the United States national electricity grid were so substantial because of the source or cause of the attack and the length of days the attack took. While the U.S. attack came from an unprecedented software failure or a software-based blackout bug within General Electric’s system (Poulsen, 2004; Wald, 2013), the Ukrainian attack emanated from perfectly synchronized, highly coordinated, and brilliantly executed multisite and multistage cyber-attack (Liang et al., 2016; Sullivan & Kamensky, 2017). Also, while the Ukrainian attack lasted only for about 6 hours, the American attack lasted for two weeks (14 days), making the impacts more profound than in Ukraine. While insider data security threats could have an equal impact as outsider data security threats, I think that we do perceive external attacks differently than a lack of proper internal controls. Most people feel that external attackers who can access data via keyloggers (as in the case of Ukraine) pose a greater threat than internal players who can directly access and compromise data for personal gains.
From a critical stance, I think that the vector of attack or the threat is of particular consequence. This is because the vector of attack relates to the variants of malware used to steal authorized users’ credentials that are then used to exploit vulnerabilities aimed at gaining access to systems and executing the cyber-attack. Similar tactics, techniques, procedures, and methodologies can be deployed to launch massive attacks of unprecedented ramifications, a fact that Sullivan and Kamensky (2017) confirm.
As we move into the future, hackers and cyber attackers will leverage new technologies to develop new and possibly more resilient versions of malware. What this means is that they will find new methods of executing future attacks that have higher rates of destructiveness compared to the methods used in the Ukrainian cyber-attack. The vulnerabilities in the Ukrainian system are still a concern because these new methods will allow attackers to exploit the vulnerabilities faster than defenders can provide remedies for them. So, my recommendation as regards preventing a repeat of such attacks anywhere in the world is an emphasis on international collaboration in rigorous and proactive updating and enforcement of critical infrastructure protection standards facilitated by vigorous independent auditing.
References
Liang, G., Weller, S. R., Zhao, J., Luo, F., & Dong, Z. Y. (2016). The 2015 Ukraine blackout: Implications for false data injection attacks. IEEE Transactions on Power Systems, 32(4), 3317-3318.
Poulsen, K. (2004). Software bug contributed to blackout. Security Focus. Retrieved February 20, 2020, from https://www.securityfocus.com/news/8016.
Sullivan, J. E., & Kamensky, D. (2017). How cyber-attacks in Ukraine show the vulnerability of the US power grid. The Electricity Journal, 30(3), 30-35.
Wald, M. L. (2013). The blackout that exposed the flaws in the grid. The New York. The New York Time Company. Retrieved February 20, 2020, from https://www.nytimes.com/2013/11/11/booming/the-blackout-that-exposed-the-flaws-in-the-grid.html.
Class 643 Week 5
Class 643 Week 5
Author’s Name
Institutional Affiliation
Class 643 Week 5
Stuxnet Attack Summary
Stuxnet is an advanced weaponized cyber-attack that targeted Iranian industrial control systems. As an Advanced Persistent Threat (APT), it consists of multiple zero-day exploits utilized in delivering malware that targets and infects particular industrial controls (Knapp & Langill, 2014). These targeted attacks serve the primary purpose of sabotaging automated industrial processes or precise industrial equipment (Baezner & Robin, 2017). Stuxnet is the first cyber-attack specifically designed and technologically created to target industrial control systems. The most likely technique of attack used with Stuxnet is a worm that uses four zero-day vulnerabilities to infect Windows-based computer networks through Universal Serial Bus (USB) access ports and flash drives (Baezner & Robin, 2017; Knapp & Langill, 2014). The vulnerabilities that Stuxnet exploited include zero-day vulnerabilities that affect driver certificates (that were stolen and employed in malware) and some privilege escalation vulnerabilities.
Impacts of Stuxnet
Stuxnet had numerous political, social, economic, international, and technological impacts. Stuxnet impacted the Iranian political realm and society by making them appear weak and vulnerable for failing to secure critical infrastructure adequately (Baezner & Robin, 2017). In the Iranian economy, Stuxnet’s impact was that the nation had to incur budgetary spending in replacing the centrifuges broken by the attack, along with establishing a new cybersecurity unit. Stuxnet’s international impacts were that it triggered wake-up calls for countries to enhance their cybersecurity initiatives. Also, Stuxnet sensitized nations to appreciate the need for robust cybersecurity strategies that extended comprehensively to critical infrastructure and actors in the private sector that manage the infrastructure (Baezner & Robin, 2017). Furthermore, Stuxnet lessened the Middle-East military tensions because the nuclear program in Iran was no longer deemed an immediate threat. Lastly, the hotspot analysis of Stuxnet raised concerns in the international community regarding the emergence of new Stuxnet versions within the cybercrime circles. As regards the technological impacts, Stuxnet was found to be instrumental in designing malware that could specifically sabotage industrial controls and precise industrial equipment. Also, the new zero-day vulnerabilities that Stuxnet exploited affected driver certificates, which were stolen and employed in creating malicious software (Baezner & Robin, 2017).
Prevention of Such Attacks
Going forward, Stuxnet and other APT attacks get prevented by augmenting security awareness, setting up layered defenses that cover all ICS systems, ensuring logical separation of networks, writing software in a way that detects non-conforming actions, and ensuring stricter user privileges. What was lacking here was properly written software and stricter user privileges, which could have provided better mechanisms for preventing Stuxnet. What could potentially reduce the extent of risk is the separation of networks.
References
Baezner, M., & Robin, P. (October 2017). Hotspot analysis: Stuxnet (No. 4) version 1. Center for Security Studies (CSS), ETH Zurich.
Knapp, E. D., & Langill, J. T. (2014). Industrial network security: Securing critical infrastructure networks for smart grid, SCADA, and other Industrial Control Systems, 2 Ed. Syngress.
Class 643 Week 4 Discussion
Class 643: Week 4 Discussion
Author’s Name
Institutional Affiliation
Class 643: Week 4 Discussion
The standardization of the five core functions of the NIST Cybersecurity Framework, namely, identify, detect, protect, respond, and recover, can assist in creating a unified approach to cybersecurity across all infrastructure sectors and industries in two ways. Firstly, the standardization would provide a cost-effective, flexible, repeatable, and prioritized approach to collective management of cybersecurity-related risks that effectively integrates best practices and guidelines for promoting critical infrastructure protection (NIST, 2019). Secondly, standardizing these functions would ensure the creation of a unified approach to cybersecurity by allowing streamlined and standards-based communication, discourses, collaboration, and risk management planning between and among players in these sectors and industries in a way that allows for the classification, reconciliation, and redistribution of critical infrastructure protection guidelines, policies, and standards.
The Presidential Executive Order that I select from the two is that of 2017 released by President Donald Trump. This executive order resulted from the constitutional mandate of the Office of the President to protect the American innovation and values by stretching critical infrastructure cybersecurity. This executive order has impacted the current state of cybersecurity significantly in several ways. For instance, the order has greatly strengthened the cybersecurity of federal networks and critical infrastructure by increasing the modernization of federal information technology infrastructure towards collaboration and cooperation with foreign allies in ensuring full-scale critical infrastructure security. Also, the executive order has impacted cybersecurity by augmenting accountability reporting by heads of enterprises and agencies across the United States (The White House, 2017). Thirdly, the executive order has impacted cybersecurity by increasing the promotion of marketplace transparency of critical infrastructure entities in their cybersecurity risk management practices.
The area or component of the NIST Cybersecurity Framework that I select is the protect component. This function relates to developing and implementing suitable safeguards for ensuring the secure delivery of critical infrastructure services (Dickinson, 2017; U.S. General Services Administration, 2020). This function of the framework has six categories involved, namely data security, access control, information protection processes and procedures, awareness and training, protective technology, and maintenance. The importance of three of them is addressed. The importance of data security is that it ensures the protection of confidentiality, availability, and integrity of information in the management of records and information. The importance of access control is to ensure that only authorized users, devices, transactions, and processes have access to facilities and assets (Yeagley, 2017). The significance of the information protection processes and procedures is the emphasis on maintaining and employing security policies, procedures, and processes in managing the protection of information assets and systems.
References
The White House. (May 11, 2017). Presidential executive order on strengthening the cybersecurity of federal networks and critical infrastructure. Washington, DC. The White House. Retrieved February 04, 2020, from https://www.whitehouse.gov/presidential-actions/presidential-executive-order-strengthening-cybersecurity-federal-networks-critical-infrastructure/.
NIST. (November 18, 2019). Cybersecurity framework. Gaithersburg, MD. National Institute of Standard and Technology (NIST). Retrieved February 04, 2020, from https://www.nist.gov/cyberframework/new-framework.
Dickinson, D. (2017). Cybersecurity: going beyond protection to boost resiliency. White Paper. Harrisburg, PA. Phoenix Contact.
Yeagley, G. (July 19, 2017). The NIST cybersecurity framework – The protect function. North Providence, RI. Compass IT Compliance, LLC. Retrieved February 04, 2020, from https://www.compassitc.com/blog/the-nist-cybersecurity-framework-the-protect-function.
U.S. General Services Administration. (2020). NIST Cybersecurity Framework (CSF). Washington, DC. U.S. General Services Administration. Retrieved February 04, 2020, from https://www.gsa.gov/technology/technology-products-services/it-security/nist-cybersecurity-framework-csf.
