Cyber Security Improvement Plan for Industrial Control System By Winnie Melda

18 December 2017 Technology ≈ Advancements

PureLand Wastewater Treatment Inc was established in 2001, and it has become a company that has experience in all aspects of wastewater treatment. The company works with special emphasis on the chemical manufacturing and biological fermentation industries, and it has become a flexible organization that has the potential of handling any size of the project.

All the projects run by the company are operated by professionals so as to provide solutions to all wastewater treatment needs. The company offers personal attention for the purpose of ensuring customer satisfaction in all equipment and services that it supplies. Due to the highly toxic nature of some of the chemicals the company uses to treat and sterilize wastewater streams, PureLand has special security concerns that need to be addressed.

Although the company has ensured that physical security has been met, cyber security is something that has not been put into considerations. The company had little about concern about theft of trade secrets or intellectual property being compromised. After the company was had informed by department of homeland security about the issue of cyber security, a team of internal operations was formed on order to handle the issue. A cyber security evaluation was conducted in a period of two days where results indicated that the formed team or professionals from the company had no skills set to implement the required security improvement within a year. Below is a detailed cyber security improvement plan that the company may use to handle and deal with concerns that affect its operations, (Powell, 2005).


Current State for Security of the ICS

According to the case study, PureLand organization has a special security concern because of the highly toxic nature of some of the chemicals used in treatment and sterilization of streams for the clients. Cyber security is this company is something that has not been focused a lot simply because chemicals that were used by the company were not proprietary. The problem was based on the management for the company because the management had little concern about the theft of trade secrets and intellectual property being compromised. When the department of homeland security contacted PureLand executives, everything changed. DHS contacted the company because of the toxic chemical that was used to sanitize the wastewater in biologically hazardous processes chlorine dioxide. Officials from DHS were aware that the company was using the chemical due to the publicly available waste treatment permits that the company was provided by the EPA. Chlorine dioxide is among the chemicals of interest in the DHS chemical facility anti-terrorism standards due to the level of risks that are associated with chemical release, as well as sabotage, (Horowitz & Pierce, 2013).

The current ICS security is faced by different security challenges that prevent the provision of quality and appropriate services to the society. It is true that within modern transmission control protocol/internet protocol based computing settings such as the corporate infrastructure aimed at managing the business that provides operations in the control system. The issues have been the work of the organization IT security system so as to govern operations of the company in the appropriate aspect. It is clear that the key aspect as industrial control systems is to be part of a larger conjoined system so as to offer security procedures that ensure that proper measures are provided to the system, (Brenner, (2013).

The ICS communication protocols were not established with the idea of security in mind. A good number of the protocols were initially established as serial protocols without built in message integrity, encryption or authentication mechanisms. Currently, ICS systems as well as other corporate IT systems are well interconnected whereby the state of interconnectivity capabilities is improved because it is common to have the IP-based ICS communication channel. Nowadays it is normal to perform any remote administration security control systems, as well as any other associated network devices. Support personnel and control engineers may have access to make supervisions on the ICS from points outside the control network as well as making the use of the internet. It is true that attacks to the ICS may be generated from any part of the security system, (Ponemon, 2008).

There are some characteristics that make ICS different from the original information processing systems. The ICS systems have different aspects of priorities that imply risks with a much broader impact and scope. It is true that the system was designed to meet tight reliability and performance requirements that are not typical in a conventional ICT security setting. ICS technologies have specific characteristic that results from a difficult environment for direct application of security procedures and solutions. The ICS is currently facing challenges that result from cyber security related issues. These incidents are either collateral damage or intentional targeted attacks from computer viruses or wrong practices. Stuxnet is one of the most malicious software that is currently affecting ICS. The software is advanced that was probably conceived as a cyber weapon designed for sabotage, (Valacich & Schneider, 2011).


Network Topology and Major Weaknesses

The typical control systems are made of a collection of control loops with sensors and different actuators that interact with cyber security system in the human machine interfaces as well as maintenance utilities and remote diagnostics. It is through this network topology human operators need to monitor the state of issue commands and control process so as to change the control objective in emergency situations. The control loop must have a hardware thing so as to make interpretations of signals received from sensors, transmit the variables to controllers, set variables based on the signals, as well as control motors, breakers, and switches, (Powell, 2005).

The work of maintenance utilities and remote diagnostics in the system are to recover, identify, and prevent threats from abnormal failure and operations. Supervisory control and data acquisition systems operate, in a way, of control and data monitoring at the central server. The work of the data acquisition process is connected to system functions that are the data critical to operate integrity. It is essential to understand that any disruption in the SCADA system is critical because it can directly threaten public safety and health, (Horowitz & Pierce, 2013).

Cross Site Scripting: It allows attackers in the system to inject code into the web pages that are used by the organization for running its operations. In this case, attack code is executed on the way that it affects the client with the based on the privileges of the web server. The cause in the organization is based on a cross site scripting and vulnerability that is similar to SQL injection, which has a poorly sanitized data. The XXS attack is unique because the web application sends the malicious code to the user unwittingly. In this case, the attacker can inject malicious script into a link and manage to affect the website. The affected web browser then runs the malicious script for it comes from the server something that compromises the computer of the victim by using of the many browser exploits, (Marsh, 2006). Lack of data sanitization is the major cause of such situations that normally happens in regular intervals. In most cases, users are fooled in clicking on a given link simply because the link points at a known entity that has trust of the user. Study shows that the common attack that is developed by cross-site scripting is that of information disclosure that is stored in the user cookies. Recommendations for the above situation are that the ICS applications must use well known and tested third party web servers so as to serve the web applications. All web applications that are used must be tested thoroughly for malformed input that may develop compromising situations for the ICS web server. ICS internet access policy, ICS user training and awareness, and secure code are some of the HDS recommended practice, (Ponemon, 2008).

Command Injection: It allows for the code and commands execution arbitrary by the attacker. When a malicious user injects a character, the situation delimits the end of a command situation and starts another command. The situation is possible to get an entirely new as well as unrelated command that was not intended to be executed. In this case, impacts typically happen when data enter the application and comes from untrusted sources. The data in this case are part of the string that is executed as a command by the application in the organization operation system. Through the execution of the command, the application allows the attacker capability of privilege that the attacker could not have received. SQL injection and OS command injections are the two common command injections that are found in the ICS products. Recommendation: It is suitable to use library calls instead of external processes so as to recreate the desired functionality. Otherwise, it should be made sure that all external commands called from the program are statically developed at all time. Another recommendation is to use an accept known good input validation strategy, and it should always reject any input that does not strictly adhere to transform or specifications into something that is not possible to arrive at, (Jinsoo et al., 2014).


Periodic Technical Security Audits of ICS

To conduct periodical security audits as well as technical controls will make it possible to establish a more realistic picture of the organization installed functions and security in systems. There are various extreme relevant differences that are there between the IT equipment used and periodic security tests on administrative IT systems used in the industrial control systems. In this case, a large proportion of the equipment used in control systems usually has poor security qualities. It is easier for the equipment to be attacked and due to trivial programming errors. In the security measures, it is uncommon for the situation to result in a crash, faulty or restart behavior of the test unit in respect to a simple security test. There are some instances when the only installation that exists is in the production and no test or development environment that may be used for practical security tests, (Powell, 2005).

A careful planning need to precede a practical security test of industrial control systems that include a run-through of how any disturbances result from the test is to be dealt with in accordance. The company’s management must ensure that the test plan is approved before it is put into action. When developing any plans, the basic principle is to rely on a number of simple basic interviews and methods rather than automatic tools for penetration testing of traditional IT systems. Several production environments are highly specialized something that requires an understanding of technologies instead of those that are IP-based networks. It is through such a situation it becomes appropriate assumption to make notifications to system vendors, prior to the security test, at all times. At the time of surveying control systems to identify networks, nodes, traditional methods, and host computers, ping sweep may disrupt the system in different ways. Study shows that inventorying the industrial control system is an essential aspect of the test process. Other than the use of automatic tools, the process often involves careful evaluation of documentation plus visiting the site of the process. It also adds to studying physical computers and connections that are made in the organization, (Horowitz & Pierce, 2013).

Intrusion Detection

The work of security monitoring and intrusion detection is to analyze attack's attempt and attack against one’s own organization. Good monitoring, as well as horizon scanning of the organization's own system plus communication, gives a good understanding of threats patterns such as altered attaches trends and the current malicious code used by the organization. In the industrial control system in cyber security, there are two major types of intrusion detection systems used for all operations. Some of the systems have the ability to recognize attack attempts through analysis of communication flows plus systems that are able to monitor events in the computer system as well as usage patterns in an application. The advanced variant of the systems are referred to as intrusion prevention systems that not only detect attack attempts, but they also have the capacity to deflect all the attacks that are directed to the organization, (Marsh, 2006).
In the use of IPS in control systems with the use of incorrect attack classification may lead to a situation known as legitimate traffic being blocked. It is a security system that result in codes unacceptable in industrial control systems or unpredictably blocks control commands. Study shows that the honeypots have the capacity to show attack attempts in progress. A solution to this case is to install a computer in the network that does not normally get any traffic and also it triggers an alarm if something of that type happens. , (Ponemon, 2008)

Secure Site Assets

To secure the site assets may be a tough and technical aspect to the organization but there are appropriate standards that are used to ensure that assets from the site are secure. The organization is obliged to work with current security measures and ensure that timely and regular reports are developed so as to ensure maximum security is offered to the site assets. A risk analysis must be updated in accordance so as to handle all the threats that are directed to the system, (Jinsoo et al., 2014).


Risk Assessment

Study shows that evaluation of the risk analyses and regularly updating the system should be conducted for the purpose of security organization most relevant activities. Developing a risk assessment plus analysis is the key aspect for establishment of decisions on which measures need to be deployed so as to prevent operational disturbances, human injury, environmental damage, and loss of production in the organization operational activities. The basic presumption that should be made in the IT system risk evaluation and assessment is that any of the enemies of the company knows the systems in a better way. When dealing with control systems, most people assume the opposite of the expected in that no outsider knows the details of the vendor specific solutions to the attack situations. It is a situation referred to as security by obscurity and succeeds because the attacker uses a wealth of choices in factors such as time and method of attack. Operating systems, encryption solutions, and communication protocols are not in any way provide the required security to the system. Since the results are mostly opposite, they do not have the ability to stand up to the open examination by technical specialists and researchers, (Valacich & Schneider, 2011).

System and Services Acquisition

System and services acquisition is responsible for contracting and acquiring of control system components, services, and software that comes from third parties. Security in this organization must be included as part of the acquisition process so as to ensure the products that are received fit into the firm’s security plan. They also need to be associated with risk commensurate that have defined risk acceptance levels in the operations. The organization needs to work with a strong policy that is detailed in procedures for the reviewing acquisitions so as to help eliminate the introduction of vulnerabilities that are unknown to the control system. In the acquisition process, there are various aspects that the company needs to factor in so as to ensure that all the aspects are operated in the appropriate manner. There must be a formal policy that defines system and services acquisition aspects that are included in the control system security considerations. The established considerations must address the compliance, management commitment roles, purpose, and organizational entities among other things. In the process, the firm ensures that the services and system acquisition procedures and policy are consistent with any required federal laws, guidance, standards, regulations, and policies as well as directives, (Ponemon, 2008).


Recommendations

At any time of protecting information infrastructure, study indicates that a good security system begins with proactive security models. The iterative model is made of security strategies that are designed include; map architecture, training, incident response, standardize policies, risk assessment, detail asset ID, profile model, and remove vulnerabilities.
 

References:

Brenner, J. F. (2013).The growing threat of cyber attacks. Bulletin Of The Atomic Scientists69(5), 15-20.

Fink, R. K. (2006). Lessons Learned from Cyber Security Assessments. U.S. Department of Energy

Horowitz, B. M., & Pierce, K. M. (2013). The integration of diversely redundant designs the cyber security of physical systems. Systems Engineering16(4), 401-412. doi:10.1002/sys.21239

Jinsoo, S., Hanseong, S., Soonghon, K., & Gyunyoung, H. (2014). Application of Bayesian Network Methodology for Evaluating Industrial Control System. International Journal Of Control & Automation7(3), 189-194. doi:10.14257/ijca.2014.7.3.18

Marsh, P. P. (2006). Controlling the threat [industrial control system cyber-security]. Computing & Control Engineering17(2), 12-17. Doi: 10.1049/cce: 20060201

Ponemon, L. (2008). privacy breach Index Survey: Executive Summary. Ponemon Institute

Powell, W. D. (2005). Data Security, Efficiency and Economics. Pipeline and Gas Journal , 30

PRNewswire. (2010, October 27). Lack Cybersecurity Awareness and Policies

Valacich, J., & Schneider, C. (2011). Information Systems Today: Managing the Digital World. Edinburgh Gate, Essex, England: Pearson Educated Limited

Author is associated with MeldaResearch.Com which is a global college essay writing service provider. If you would like help in essays, research papers, term papers and dissertations, you can visit MeldaResearch.Com

 

About the Author

 

Winnie Melda is an academic writer and an editor and she offers academic writing help online. Thus, people that doubt their own writing abilities can use the best paper writing service for sale online and forget about their fears and unconfidence
 

Article Category