Expert answer:I have a Cyber Security paper

Solved by verified expert:I need assistance reviewing a Cyber Security paper.Below are the instruction on the revision needed.COMMENTS ON THIS CRITERION:09/21/2017: The report discusses infiltrating the network by use of the trusting packets and mentions learning about the control system’s process. The response also indicates the system under the attacker’s control can be used to find and extract data on the states served by the power grid. What is not clearly provided is a description that addresses how information is collected, how it is exfiltrated from the Western Interconnection power grid, and how the collected/exfiltrated information could subsequently be used to successfully execute an attack.I have also attached the paper.
cyberwarfare_688_task2.1.docx

Unformatted Attachment Preview

DEFENSE REPORT: TASK 2
1
Western Governors University
Joseph Mulwa
Cyberwarfare Defense Report
Task 2: SCADA Network Evaluation and Defense-in-Depth Strategies
Course Number: Cyberwarfare-688
Date: September 19, 2017
DEFENSE REPORT: TASK 2
2
To: CIO – U.S Department of Defense
From: Analyst, Red Cell 637 Defense
Subject: Defense Report
Introduction
In the recent years, there have been increased global risks of cyber-attacks against
both governmental and non-governmental organizations’ basic frameworks causing
both a growing awareness and anxiety amongst the potential victims of these attacks.
The network systems of these organizations have similarly been exposed to various
security risks as a result of the mounting SCADA network interconnection. Sheldon et al
(2003) argue that most of the existing systems are linked not only to the firms’
organizational frameworks but the open Internet as well. This report aims at evaluating
the SCADA networks vulnerabilities that are common for example the power grid of
Western interconnection, and subsequently relate the Cyber Kill Chain in order to find
out the manner in which the enemy could have abused the weaknesses to attack the
system. Additionally, the report will, through use of an in-depth defense strategy relating
to the computer networks of the power grid, make recommendations for the
implementation of tougher actions and measures that will result in the safeguarding of
the system against prospective cyber-attacks.
A. ICS Vulnerabilities and Cyber Kill Chain
1. Reconnaissance
In this phase the adversary uses various techniques to gather background data on the
potential targets. Once the adversary identifies the target, they embark on establishing
DEFENSE REPORT: TASK 2
3
vulnerabilities in the system that can be exploited. The adversary could have made use
of either or both passive and active gathering methodologies to attain information on the
target.
Passive techniques involve probing the system without having direct contact with it by
use of information that is readily available. Examples of ways in which the attacker
could have done this in the given scenario is through use of social networks such as
Facebook and LinkedIn to obtain information on Western interconnection’s key
employees and the organization itself. According to Pernet (2014), these networks allow
for anonymous search of employees information for a given company. Another example
is tapping which is the monitoring of communication that is not encrypted for example
telephone calls and emails.
Active techniques are those in which the attacker interacts/engages with the system
through manipulation of data. This could be done through port scanning in order to
locate UDP/TCP ports that are not securely configured in order to gain access in to the
system’s network. The attacker could also use fingerprinting to probe the server to
determine the operating system in use and after carrying out research on the particular
operating system’s vulnerabilities, use them to attack the system. Another active
technique is use of password crackers that enable the attacker to find passwords that
are weak and use them to access the system.
2. Weaponization and Delivery
Once the attacker gathers intelligence on the network/system through the techniques
aforementioned, they could use the data to produce a malicious payload. The adversary
DEFENSE REPORT: TASK 2
4
designs the payload based on the vulnerabilities of the operating system or less secure
ports and disguises it using a file considered to be harmless. Weaponization in this case
may involve modifying a file used in everyday business for example a Microsoft office
document or PDF file and attaching the exploit to it. This file when opened by the target
enables the adversary to gain access into the system.
The attacker can deliver the malicious payload using email attachments or URL links to
the employees at the power grid and once they open the attachments or click on the
links, the malicious payload automatically installs itself into the system. The attacker can
also use administrator passwords obtained during the reconnaissance phase to directly
upload the payload into the system.
3. Exploitation and Installation
As soon as the email containing the malicious payload is sent to an employee with a
personal computer connected to the network, the unsuspecting will then open and
download the infected attachment containing a code previously written, that will search
the system for vulnerabilities. Should the system not be frequently updated with
patches, the exploit will discover this and use this vulnerability to introduce the malware
into the computer and system as a whole. Once it establishes a connection back to the
attacker, it makes it possible for them to control the system and achieve their goals.
Once the malicious payload is delivered and it embeds itself into the system, it can
create a connection with the adversary within the system to enable the attacker
manipulate the system in whichever malicious way they please. This suggests after the
network has been compromised and the malware is introduced, at that point the
purpose of the assault is done in the rest of the phases under the aggressor’s control.
DEFENSE REPORT: TASK 2
5
4. Command & Control
The adversary is able to send exploit commands to system once a connection is
established with the network at Western Interconnection power grid. The backdoor
created by the adversary is then used to transfer information and commands from the
command and control servers. In order to transfer information and go undetected, the
adversary will then use the organization’s router through port 80.
A visual representation of the attack:
5. Actions
Information on open ports and information on the server services will enable the
attacker to infiltrate the network by use of the trusting packet and learn about the control
system’s process under. . The attacker can access the human-machine interfaces and
DEFENSE REPORT: TASK 2
6
databases containing information on how the system works, therefore enabling the
attacker to take control of it. The attacker can then use these control to shut down
power in the eleven targeted states. Useful information including set points,
descriptions, and point data type are contained in the databases. The Human Machine
Interface describes the equipment and operator relationship and is very easily
understood. The system, now under the attacker’s control, can be used to find and
extract data on the states served by the power grid. The attacker can use this
information to determine how and what time to shut off the power supply for the targeted
states.
B. “Defense in Depth” Recommendations
1. People
Policies and procedures aimed at safeguarding the network should be created and
enforced. Recommendations for procedures and policies include:
Training on Security – It is recommended that the administrators of the power grid’s
network be continuously trained on security matters that may affect the organizations
network. New threats are constantly emerging and therefore continuous training will is
necessary to keep them updated of the same so that they can update the securities of
the network as well. Every employee and management, including the administrators of
the system ought to be trained to safeguard against security issues like email phishing
attacks. The trainings will raise information assurance levels by raising conscience and
alerting all system users on likely attacks schemes and enable them to identify the
diverse threats within the network.
DEFENSE REPORT: TASK 2
7
Policies on Passwords– A strict policy prohibiting sharing of passwords between users
of the system should be enforced. Also different network entry points should have
different passwords so that if one password is compromised, some parts of the network
still remain secure. The passwords for each user should also be set to expire after a
given period such that users are prompted to change their passwords every period. This
policy will raise information assurance levels by making sure that information is not
accessed by unauthorized persons.
Procedures on Incident response – Procedures should be put in place to help users
understand what to do in case of an incidence. This will enable swift actions that will
result in the protection of critical data within the systems.
Physical Security – Policies that limit access to facilities housing network equipment
and computers should be established in order to control movement of unauthorized
persons who can easily compromise the network systems. Additionally facilities should
be under constant surveillance so that action can be quickly taken in case an intruder is
seen within the premises. Ways in which management can ensure security is through
barricades, doors only accessible using key cards, security perimeters, gates and
fences. Similarly within the premises, there should be controlled areas in which
equipment are stored, that can be accessed by very few authorized personnel. The
management can also make use of asset and personnel tracking devices to ensure that
items and employees remain within their authorized spaces. The control center should
be specially secured to prevent an authorized physical access. This can be done
through use of biometrics so that only particular persons can access the room. This
DEFENSE REPORT: TASK 2
8
policy will also raise information assurance levels by making sure that information is not
accessed by unauthorized persons.
2. Technology
It is recommended that the organization establishes effective processes and policies
that are founded on the security specifications and requirements for acquisition of
technology so that the right technology is procured and deployed.
An assessment of acquisitions should be carried out to make sure that the systems
being procured are not posing a security risk to the internal systems, networks, and
critical data. The procurement team and process should actively include Information
Systems experts. The policy on security, standards and architectures on system level
information, principles on Information Assurance, and products acquisition from
reputable suppliers, guidance on configuration and risk assessment need to be
established and enforced.
The policy on acquisitions ought to include a mandatory testing and review of all
procured equipment before installation and use by the organization. These equipment
include servers, personal computers, firewalls, and human machine interfaces. The
equipment ought to undergo a rigorous testing and evaluation process for security
purposes. A list of approved equipment vendors can be created after this testing is
carried out. Their supplied equipment should be in line with the standards set in the
technology policy. Any servicing needed on these equipment should be carried out by
these approved suppliers. Only equipment that have gone through this rigorous testing
should be allowed to connect to the SCADA Network. Vulnerabilities can also be
DEFENSE REPORT: TASK 2
9
reduced by having these suppliers disable services in the equipment that are not
necessary to improve security.
The power grid’s SCADA network can be partitioned numerous routers and installing of
firewalls that safeguard the system’s network. Intrusion detection capabilities should be
used when designing the firewalls. Krutz (2005) argues that the use of these partitions
will protect the network from hopping attacks and exploitation. Additionally, the power
grid should set up response systems once an intrusion is detected. The power grid
should set up structures aimed at detecting invasions, investigating them, and connect
the results in addition to reacting properly. These structures will assist the responsible
staff to establish whether there is an attack in the system.
3. Operations
This refers to the daily running and maintenance of the networks security. It involves
establishing policies of security, installation and updating of database of viruses,
assessments of the system’s security, observing the system for threats and responding
to the threats. These would raise information assurance levels by making sure that
information stealing malwares do not find their way into the system by detecting and
deleting them on time. Recommended daily operations would include regular scanning
of the system to remove any unauthorized applications that may access critical
information and reviewing of security policies to ensure they are up to date so that they
maintain an operational environment safeguarding information, audits implementation to
ensure that policies and procedures relating to the system are being complied with to
make sure no individual or equipment is compromising critical information and
continuous assessment of the system to establish vulnerabilities that can lead to
DEFENSE REPORT: TASK 2
10
information being stolen. These vulnerabilities are then addressed immediately to raise
information assurance levels. Additionally, according to Jones (2005), quick
identification and removal of intruders in the system is helpful in preventing damage in
the future. Therefore constant monitoring of network traffic is recommended to enable
the identification of these intruders looking to steal information therefore raising
assurance levels.
DEFENSE REPORT: TASK 2
11
References
Jones, B. (2005). Global Information Assurance Certification Paper. Retrieved from
https://www.giac.org/paper/gsec/4235/overview-dod-defense-in-depthstrategy/106802
Krutz, R.L. (2005). Securing SCADA Systems, 1st ed. Wiley Pub.
Pernet, C. (2014). APT Kill chain – Part 3: Reconnaissance. Retrieved from
http://blog.airbuscybersecurity.com/post/2014/05/APT-Kill-chain-Part-3-%3AReconnaissance
Sheldon, F.T., Batsell, S.G., P. S. J., & Langston M, A. (2003). Cryptographic protection
of SCADA communications – part 1: Background, policies and test plan,
Prepared by AGA 12 task group, Draft 6, no. 12
…
Purchase answer to see full
attachment

How it works

1. Paste your instructions in the instructions box. You can also attach an instructions file
2. Select the writer category, deadline, education level and review the instructions 
3. Make a payment for the order to be assignment to a writer
4.  Download the paper after the writer uploads it 

Will the writer plagiarize my essay?

You will get a plagiarism-free paper and you can get an originality report upon request.

Is this service safe?

All the personal information is confidential and we have 100% safe payment methods. We also guarantee good grades