Running Head: CYBER SECURITY IMPROVEMENT AREAS
CYBER SECURITY
Cyber Security Improvement Areas
Pureland Wastewater Treatment is a company that provides all aspects of waste water treatment especially in the areas of both biological fermentation industries as well as chemical manufacturing. However, due to the toxic nature of the chemicals this company uses, it has quite some special security concerns. However, it is good to note that this company has only put all its efforts on physical security and completely ignoring on the cyber security. The Department of Homeland Security however recently contacted both the organization’s operation folks as well as the executives in regard to the chemical they use in their operations terming it as very toxic. As much as the company knew that this chemical, ( Chlorine Dioxide) is very harmful, little did it not know that it is prone to risks such as cyber terrorism. DHS therefore needs the company to comply with not only the physical but also cyber security regulations that are related to the use of this chemical failure to which they will be subjected to heavy fines and penalties or even the closure of the company.
Personally, there are a number of ways that I would recommend the company to follow so as to ensure not only the improvement of the company’s security, but also so as to ensure compliance. To begin with, the company needs to create an internal policy. This is because one of the greatest cyber security risks in any company is usually the employees. For example, there are quite a lot of cases where criminals get through a company’s network either because an employee used a poor password or he/she clicked on a line in an email which led to the installation of a malware. Therefore, as much as the employees should be educated or rather informed of the latest scams that are going around, it is always good to check with the personnel who put the server so as to ensure that all the company’s protection rights are in place. Secondly, the company needs to ensure that all its computers are up to date. This basically means that the personnel behind the computers have to ensure that all the notifications regarding firewall, operating system or even antivirus are all up to date failure to which they may lead to the creation of cracks within the defense system.
Thirdly, the company can consider using cloud services so as to store their data as well as when it comes to handling their application needs. This is because, with the cloud services, the companies crucial information remains safe even when let’s say a malware destroys some files since the cloud services can provide backup at any time. However, the company should remember to only stick on reputable companies. Fourthly, increasing the employees’ awareness is also very necessary. Actually, it is one of the most cost effective methods of curbing cyber-attacks. Awareness can only be achieved through training. The company needs to tr ...
Hybridoma Technology ( Production , Purification , and Application )
Running Head CYBER SECURITY IMPROVEMENT AREASCYBER SECURITY.docx
1. Running Head: CYBER SECURITY IMPROVEMENT AREAS
CYBER SECURITY
Cyber Security Improvement Areas
Pureland Wastewater Treatment is a company that provides all
aspects of waste water treatment especially in the areas of both
biological fermentation industries as well as chemical
manufacturing. However, due to the toxic nature of the
chemicals this company uses, it has quite some special security
concerns. However, it is good to note that this company has
only put all its efforts on physical security and completely
ignoring on the cyber security. The Department of Homeland
Security however recently contacted both the organization’s
operation folks as well as the executives in regard to the
chemical they use in their operations terming it as very toxic.
As much as the company knew that this chemical, ( Chlorine
Dioxide) is very harmful, little did it not know that it is prone
2. to risks such as cyber terrorism. DHS therefore needs the
company to comply with not only the physical but also cyber
security regulations that are related to the use of this chemical
failure to which they will be subjected to heavy fines and
penalties or even the closure of the company.
Personally, there are a number of ways that I would
recommend the company to follow so as to ensure not only the
improvement of the company’s security, but also so as to ensure
compliance. To begin with, the company needs to create an
internal policy. This is because one of the greatest cyber
security risks in any company is usually the employees. For
example, there are quite a lot of cases where criminals get
through a company’s network either because an employee used a
poor password or he/she clicked on a line in an email which led
to the installation of a malware. Therefore, as much as the
employees should be educated or rather informed of the latest
scams that are going around, it is always good to check with the
personnel who put the server so as to ensure that all the
company’s protection rights are in place. Secondly, the
company needs to ensure that all its computers are up to date.
This basically means that the personnel behind the computers
have to ensure that all the notifications regarding firewall,
operating system or even antivirus are all up to date failure to
which they may lead to the creation of cracks within the defense
system.
Thirdly, the company can consider using cloud services so
as to store their data as well as when it comes to handling their
application needs. This is because, with the cloud services, the
companies crucial information remains safe even when let’s say
a malware destroys some files since the cloud services can
provide backup at any time. However, the company should
remember to only stick on reputable companies. Fourthly,
increasing the employees’ awareness is also very necessary.
Actually, it is one of the most cost effective methods of curbing
cyber-attacks. Awareness can only be achieved through training.
The company needs to train its employees about cyber-attacks,
3. how they occur, how to curb them as well as other issues. For
example, the company can introduce privacy training which will
help their employees to know the need of maintaining privacy
especially when it comes to their devices. This is because there
are malicious people who can take their devices and use them in
acquiring crucial information about the company.
The company also needs to ensure that their passwords are
very strong as well as that they change them frequently. Strong
passwords have to be long enough and should also combine
symbols, letters, numbers as well as other factors. They also
have to be changed regularly so as to prevent security issues,
for example, with a poor password; one can easily guess it and
hack the company’s accounts as well as get some very crucial
and confidential files. Lastly, the company will have to hire a
few competent security consultants. They will in turn help in
identifying any holes in the company’s infrastructure as well as
provide the right remedy.
4. References
Katrina Manning, (2015). 8 Ways Businesses Can Avoid Cyber
Attacks. Business 2 Community.
Craig Scotts, (2015). How to Stop Cyber Attacks on Your
Organization. The Guardian.
Bertrand Liard, (2015). Cyber risk: Why cyber security is
important. White & Case.
Cyber Security Improvement Plan1. Case Learning Objectives:
This assignment provides practical experience developing a plan
to improve security on an Industrial Control System based on a
completed Cyber Security risk assessment (provided to the
student). The following learning objectives are designed to
reinforce the unique requirements associated with Industrial
Control System Security.
· Document and communicate the current state for security of
the ICS
· Provide an overview of the network design including major
weaknesses in the physical design and layout of network
components with suggested network layout improvements
· Identify the threats and vulnerabilities facing the assets of an
Industrial Control System including Advanced Persistent
Threats and recommend potential security measures that could
have prevented those incidents
· Understand applicable regulations and include provisions for
achieving compliance within the plan
· Based on knowledge of recommended security best practices
and standards, document and communicate the desired future
state for security of the ICS
· Build the plan in a way that incorporates differing levels of
security controls depending on risk and criticality of the various
devices within the system
· Demonstrate understanding of ICS functionality, network
components, and protocols by devising a plan that improves
security and concurrently minimizes negative impact to process
5. operations and productivity
· Provide multiple options for security enhancements to
management with guidance on trade-offs involved with the
different options
· Demonstrate awareness of the unique challenges the exist in
securing Industrial Control Systems and customize security plan
to address those challenges
2. Assumptions for this case
Build your security improvement plan while taking into account
the following assumptions.
· The information provided in the risk assessment is accurate.
· Time Horizon for implementation is 12-24 months.
· DHS Regulated Chemical of Interest is used at the
Pressurization Station which is physically isolated from the
main plant site at a remote location with good physical security.
· Sample organization is using two ICS standards systems to
target Cyber Security improvements:
1. NIST Guide to Industrial Control Systems (ICS) Security as
its preferred guidance document.
2. Department of Homeland Security CFATS regulation where
chemicals of Interest are used.
· Security on the business network is average for a mid-sized
corporation but has much room for improvement and routinely
deals with malware infection and security incidents.Assignment
Requirements used in grading rubric
The final paper pulls together all the parts you have been
working on throughout the course in a comprehensive cyber
security improvement plan that could be used by Pureland
Chemical. Be sure to include improvements to any content
submitted earlier in the course so that errors are not repeated.
Here are the guidelines for writing the paper including required
components and grading criteria.
6. failing-Below 74
Satisfactory-74-82
Good-83-91
Excellent-92-100
Knowledge of Content: 50% of rubric score
Work marginally reflects the assignment purpose
Work reflects the assignment purpose
Work is accurately detailed, and in line with course content
Work stands-out as exemplary, is accurately detailed, and in
line with course content
0-12.3
12.4-13.7
13.8-15.2
15.3-16.7
Current State provides only basic information
Current State provides general information
Current State provides a detailed description of the security
status of the system
Current State provides a clear and concise description of the
security status of the system
0-12.3
12.4-13.7
13.8-15.2
15.3-16.7
Includes a basic overview of the network design without
weaknesses identified
Includes a general overview of the network design including
basic description of weaknesses but no suggested improvements
Includes a relatively detailed overview of the network design
including general description of weaknesses and associated
improvements
7. Includes a clear and concise overview of the network design
including detailed description of weaknesses and associated
improvements
0-12.3
12.4-13.7
13.8-15.2
15.3-16.7
Basic description of threats and vulnerabilities facing Industrial
Control Systems
Includes a general description of threats and vulnerabilities
facing Industrial Control Systems with no mention of APTs
Includes a relatively detailed description of threats and
vulnerabilities facing Industrial Control Systems with a general
description of APTs
Includes a clear and concise description of threats and
vulnerabilities facing Industrial Control Systems with a detailed
description of APTs
0-12.3
12.4-13.7
13.8-15.2
15.3-16.7
Includes description of applicable regulations but no provisions
for achieving compliance
Include basic description of applicable regulations and
provisions for achieving compliance
Include detailed description of applicable regulations and
provisions for achieving compliance
Include clear and concise description of applicable regulations
and provisions for achieving compliance
0-12.3
12.4-13.7
8. 13.8-15.2
15.3-16.7
Desired Future State description provides only basic
information
Desired Future State description provides general information
Desired Future State description provides a detailed description
of the security status of the system
Desired Future State description provides a clear and concise
description of the security status of the system
0-12.3
12.4-13.7
13.8-15.2
15.3-16.7
Plan suggests less than 5 areas of improvement which are not
covered well
Plan thoroughly addresses less than 5 areas of improvement.
Plan covers 5 areas of improvement but not thoroughly
Plan thoroughly addresses 5 or more areas of improvement with
at least one page per area
0-12.3
12.4-13.7
13.8-15.2
15.3-16.7
Uses at least 2 Prof ref to support research with poor integration
Uses at least 3 Prof ref to support research with adequate
integration
Uses at least 4 references and integrates them acceptably into
the document
Uses 5 or more references and integrates them clearly and
concisely into the document
9. 0-12.3
12.4-13.7
13.8-15.2
15.3-16.7
Developing
Competent
Accomplished
Exemplary
Critical Thinking: 30% of rubric score
Ability to incorporate graphical data/info is emerging
Ability to incorporate graphical data/info is basic
Ability to incorporate graphical data/info & link key
relationships is proficient
Ability to incorporate graphical data/info & link key
relationships is superior
0-12.3
12.4-13.7
13.8-15.2
15.3-16.7
Plan marginally describes the impact of the unique challenges
that exist in securing Industrial Control Systems
Plan assesses the impact of the unique challenges that exist in
securing Industrial Control Systems
Plan effectively assess the impact of the unique challenges that
exist in securing Industrial Control Systems with generalized
solutions to address those challenges
Plan assess in technical detail the impact of the unique
challenges that exist in securing Industrial Control Systems
with customized solutions to address those challenges
0-12.3
12.4-13.7
13.8-15.2
10. 15.3-16.7
Written: 20% of rubric score
Developing
Competent
Accomplished
Exemplary
Sentences are somewhat clear and well constructed, but lack
variety in format& length
Most sentences are clear and well-constructed some evidence of
variety in format, length, and complexity.
Sentences are clear and well-constructed - Some evidence of
variety in format, length, and complexity
Varied well-constructed sentences are evident throughout the
document with an appropriate stylistic flair
0-12.3
12.4-13.7
13.8-15.2
15.3-16.7
Paper contains 5 or 6 spelling, punctuation, and/or grammatical
errors
Paper contains 3 or 4 spelling, punctuation, and/or grammatical
errors
Paper contains 1 or 2 spelling, punctuation, and/or grammatical
errors
No spelling, punctuation, and/or grammatical errors are readily
apparent
0-12.3
12.4-13.7
13.8-15.2
15.3-16.7
Paper contains 5 or 6 APA errors
11. Paper contains 3 or 4 APA errors
Paper contains 1 or 2 APA errors
No APA errors are readily apparent
0-12.3
12.4-13.7
13.8-15.2
15.3-16.7
PureLand Cyber Secrity Assessment
1/1/2014
Assessor: Luke Reissman
Disclaimer
This report is provided “as is” for informational purposes only.
The Department of Homeland Security (DHS) does not provide
12. any warranties of any kind regarding any information contained
within. In no event shall the United States Government or its
contractors or subcontractors be liable for any damages,
including but not limited to, direct, indirect, special or
consequential damages and including damages based on any
negligence of the United States Government or its contractors or
subcontractors, arising out of, resulting from, or in any way
connected with this report, whether or not based upon warranty,
contract, tort, or otherwise, whether or not injury was sustained
from, or arose out of the results of, or reliance upon the report.
The DHS does not endorse any commercial product or service,
including the subject of the assessment or evaluation in this
report. Any reference to specific commercial products,
processes, or services by trademark, manufacturer, or otherwise,
does not constitute or imply its endorsement, recommendation,
or favoring by DHS.
The display of the DHS official seal or other DHS visual
identities on this report shall not be interpreted to provide the
recipient organization authorization to use the official seal,
insignia or other visual identities of the Department of
Homeland Security. The DHS seal, insignia, or other visual
identities shall not be used in any manner to imply endorsement
of any commercial product or activity by DHS or the United
States Government. Use of the DHS seal without proper
authorization violates federal law (e.g., 18 U.S.C. §§ 506, 701,
1017), and is against DHS’s policies governing usage of the
seal.
The report is prepared and intended for internal use by the
organization that made the request. The contents of this report
may be subject to government or private intellectual property
rights. To request distribution of this report outside the
organization for which it was prepared, contact the CSET®
Program Office. The contents of this report may be reproduced
or incorporated into other reports, but may not be modified
without the prior express written permission of the CSET®
Program Office.
13. Advisory
CSET is only one component of the overall cyber security
picture and should be complemented with a robust cyber
security program within the organization. A self-assessment
with CSET cannot reveal all types of security weaknesses, and
should not be the sole means of determining an organization’s
security posture.
The tool will not provide an architectural analysis of the
network or a detailed network hardware/software configuration
review. It is not a risk analysis tool so it will not generate a
complex risk assessment. CSET is not intended as a substitute
for in depth analysis of control system vulnerabilities as
performed by trained professionals. Periodic onsite reviews and
inspections must still be conducted using a holistic approach
including facility walk downs, interviews, and observation and
examination of facility practices. Consideration should also be
given to additional steps including scanning, penetration
testing, and exercises on surrogate, training, or non-production
systems, or systems where failures, unexpected faults, or other
unexpected results will not compromise production or safety.
CSET assessments cannot be completed effectively by any one
individual. A cross-functional team consisting of
representatives from operational, maintenance, information
technology, business, and security areas is essential. The
representatives must be subject matter experts with significant
expertise in their respective areas. No one individual has the
span of responsibility or knowledge to effectively answer all the
questions.
14. Data and reports generated by the tool should be managed
securely and marked, stored, and distributed in a manner
appropriate to their sensitivity.
Table Of Contents
Table Of Contents4
Assessment Information6
Description Of Assessment7
Executive Summary7
Standards Compliance 8
Network Diagram9
Ranked Subject Areas10
PureLand Cyber Secrity Assessment
Page 3Assessment Information
Assessment Name:
PureLand Cyber Secrity Assessment
Assessment Date, (MM/DD/YYYY):
1/1/2014
Facility Name:
PureLand Wastewater Treatment Plant
City or Site Name:
Kalamazoo
State, Province or Region:
MI
Principal Assessor Name:
Luke Reissman
Assessor E-mail:
[email protected]
Assessor Telephone:
302-555-1212
15. Additional Notes and Comments:
Contact(s):
Description Of Assessment
Ficticious Cyber Security Self EvaluationExecutive Summary
Cyber terrorism is a real and growing threat. Standards and
guides have been developed, vetted, and widely accepted to
assist with protection from cyber attacks. The Cyber Security
Evaluation Tool (CSET) includes a selectable array of these
standards for a tailored assessment of cyber vulnerabilities.
Once the standards were selected and the resulting question sets
answered, the CSET created a compliance summary, compiled
variance statistics, ranked top areas of concern, and generated
security recommendations.
Standards Compliance
Network Diagram
Ranked Subject Areas
This chart shows subject areas needing the most attention. Each
bar represents the labeled subject area’s weighted contribution
so that the combined total always equals 100%. The weighted
contribution includes the importance of both the question and
the subject area, as well as the percentage of missed questions
in that subject area.
PureLand Wastewater Treatment
Cyber Security Case StudyCompany Summary
PureLand Wastewater Treatment Inc. (est. 2001) is a company
providing years of experience in all aspects of Wastewater
Treatment with special emphasis on the Chemical
16. Manufacturing and Biological Fermentation industries. We are a
flexible, responsive organization with a network of resources to
handle any size project. Each project is approached by utilizing
our strong sterilization and engineering skills while drawing on
our background in Operations, Service, Validation, and Quality
to provide solutions for all of your Wastewater Treatment
needs. We provide personal attention to ensure customer
satisfaction in all services and equipment we supply.Security
Concerns
PureLand has special security concerns due to the highly toxic
nature of some of the chemicals they use to sterilize and treat
wastewater streams for their customers. Although Physical
Security has always been on their radar and relatively strong,
Cyber Security has not been something that they were
particularly concerned about. After all, the chemicals they use
to do their work were not proprietary so they had little concern
about theft of intellectual property or trade secrets being
compromised.
All this changed recently when PureLand executives and
operations folks were contacted by the Department of Homeland
Security (DHS) in regard to a particularly toxic chemical they
use to sanitize Wastewater in biologically hazardous processes-
Chlorine Dioxide. DHS officials were aware of their use of the
chemical because of publicly available waste treatment permits
provided to PureLand by the EPA. As it turns out, Chlorine
Dioxide is on the DHS Chemical Facility Anti-Terrorism
Standards (CFATS) list of chemicals of interest because of the
risks associated with chemical release or sabotage using this
chemical. PureLand was aware Chlorine Dioxide was a very
dangerous chemical, but they had never considered Cyber
Terrorism or theft of the chemical for sabotage when
completing prior risk assessments. The implications of this were
quite serious for PureLand, as they now are required by Federal
law to comply with both Physical and Cyber Security
17. regulations related to their use of this chemical of interest. DHS
officials made PureLand aware of their obligations and
informed them that they would be subject to an audit by DHS
within eighteen months that would assess their compliance with
CFATS regulations. If compliance was not achieved within 12
months of the initial audit, PureLand would be subject to huge
fines and penalties that could include closure of their facility.
PureLand Reaction
The PureLand Executives were quite alarmed by the news and
immediately formed an internal team to create a Cyber Security
improvement and compliance plan. The team researched the
issue and reviewed the information provided by DHS around
security standards. The first objective was to use a tool
provided by DHS to perform a Cyber Security Self Evaluation
on their computing systems. The hope was that by using this
free tool, they could get some insight on the most critical Cyber
Security gaps that existed and potentially provide a road map on
where to focus their security improvement plan. A team of
system administrators, security professionals, and management
representatives worked on the Cyber Security Self Evaluation
over a period of two days.
Cyber Security Self Evaluation Results
The results of the Self Evaluation were very disturbing for the
entire team. The evaluation reported varying levels of
compliance from 0% to 100%, but it was very clear that they
had their work cut out for them. The leadership team met with
the IT staff and their IT Security Analyst, and it was decided
that they didn’t have the internal staffing or appropriate skillset
to implement the needed security improvements within one
year. The decision was made to hire an outside consultant to
help devise and implement a Cyber Security improvement plan
that would achieve these critical objectives:
1. Reduce their risk from Cyber Security incidents to an
acceptable level
18. 2. Achieve compliance with CFATS regulations
3. Minimize negative impacts to production and safety
Path Forward
As the outside consultant, it’s your job to lead the effort to
create the Cyber Security improvement plan per the objectives
laid out in the accompanying document: Developing Cyber
Security Improvement Plan for Industrial Control System - Case
Study.
You’ll focus your efforts by studying the PureLand Cyber
Security Assessment which includes various tables and charts
indicating the areas of most concern. PureLand has contracted
you to provide two major deliverables for this contract:
1. Industrial Control System Cyber Security Improvement Plan
(Detailed requirements included in document – ICS security
improvement case description)
2. Presentation to key stakeholders one week prior to formal
plan presentation
Running Head: THREATS & VULNERABILITIES
1
CYBER SECURITY
4
Threats & Vulnerabilities
19. Threats & Vulnerabilities for the Pure_Land_wastewater:
As per analysis, there have been different threats and the
vulnerabilities which are not reflecting any priority or the
severity of the impacts. These are grouped under the following:
The Data:
The sensitivity of the PCS data has been never observed. It has
a major secured information with the proper identification of
the data into the category of sensitivity. The communication
links are mainly to handle the secured connection with the
database protection. The category of the vulnerability is based
on the default configuration of the OS with the administration
setup where there is no saving of the passwords as well as there
have been indefinite platform setups and the passwords are not
easily shares on this platform.
The security Administration:
For the handling of the different security policies, there is a
need to include the integration and the effectiveness of the PCS
which is basically directed to the security administration. The
policy and the procedures are for implementation, operation and
the maintenance. There has been effective policy and also the
security atrophies that direct to line the products of the security
free legacy environment. There are explorations based on the
contribution for the security furthermore as training the workers
for the prices and also the different reasons.
Architecture:
The architecture has been supported the together with of the
info storage and also the controlling. There are failure points
that aren't just for the vulnerability however also for the modern
architecture. the security and also the fireplace has been
integrated into PCS with the various measure and also the
control systems. The combination is mainly for compounding
20. the potential for the intrusion furthermore because the
disruption.
Network:
The vulnerabilities rely upon the system with the
implementation relying on the protocol setup with the lower
bandwidth of the channels of data. The configuration of the
passwords are effective with the technology setup just like the
local area network, routers and also the firewalls. These have
the vulnerability for the administrative deficiency beside
insecure configuration and management of the PCS network. the
main factor has been the connection between the PCS and also
the external network system.
Platforms:
The analysis is based on setting proprietary and non-proprietary
with the specifications just like the remote telemetry units and
also the intelligent electronic devices with the measurement of
the hardware. The devices are set for the specialisation of the
hardware with the set functionality with totally different
operational requirements. The password control and the
detection is principally supported the accessing of the
configurations to the RTUs--Remote telemetry units. These are
in the main set for the development and the deployment of the
program software.
Reference
Jason S, John D, and William Y (2011). common vulnerabilities
in critical infrastructure control systems Sandia, National
Laboratories Albuquerque, NM 87185-0785 22 May 2003.
Running Head: NETWORK SECURITY IMPROVEMENTS
21. 1
IMPROVING CYBER SECURITY
4
Network security improvements
One of the secure enclaves that the PureLand Water Waste
adopted to improve cyber security is the defense-in –depth
strategy. This strategy puts into account that a combination of
security technologies, controls and policies must be done so as
to protect an industry control system.
Enclave Characteristic
Description
Comments
Functional group
They include the supervisory control, control loop and user
group
They have to active
Criticality of devices
Devices that ensure the data is protected and there is flow of
communication
22. Devices that are well working are recommended.
Data flow in/out
Steady flow
Reaches where it is required.
Perimeter Security Devices recommended
Intrusion prevention system, data diode and industrial protocol
filters
They protect accessing these enclaves without authority
Data monitored within enclave
The information of the hardware like the physical location of
the manufacture, the network address of the equipment and the
hardware device detail.
Should be secured and encrypted.
Methods used to monitor enclave
The use of host base security that controls the end-user
authentication
Helps improve the created enclave
The other secure enclave for the PureLand Water Waste is the
limit access. In the limit access strategy, monitoring of who is
accessing certain information and for what purpose is done.
Limited access
Enclave Characteristic
Description
Comments
Functional group
Control loops and user groups
They should be active functional groups
Criticality of devices
Role based- access control
Outsiders cannot access information
Data flow in/out
Steady but to authorized users only
23. Should be encrypted
Perimeter Security Devices recommended
Cctv, access control
They will prevent unnecessary access of data.
Data monitored within enclave
The water waste data
Should only be accessed by authorized operators
Methods used to monitor enclave
A control strategy ran by an operator
This strategy can start and even stop a pump but cannot be able
to change it.
The other secure enclave for this company is the physical
control. This is the physical attempt to prevent information
which includes; looking the computers in a cabinet and even
blocking the USB ports, mapping, putting the Ethernet switch
control.
Description
Comments
Functional group
Owner, operator, equipments and buildings
Must be active
Criticality of devices
Should be role- based controlled
Authorized users only access the information.
Data flow in/out
regulated
Should be regulated
Perimeter Security Devices recommended
Sensors, building systems, alarms, Cctv and lighting control
system,
Should be operational and very effective.
Data monitored within enclave
The information of the software as well as for the hardware
devices.
Should be the recommended data.
24. Methods used to monitor enclave
Blocking off the USB ports so that information cannot be
transferred from one device to another.
Very helpful.
Other Facility
ICCP Master
Historian
Database
SCADA
Historian
Endpoints
Business ServicesEmail
Web Server
HMI
Historian
MTU
IED/PLC IED/PLC IED/PLC IED/PLC
MTU
IED/PLC IED/PLC IED/PLC IED/PLC
26. PureLand Chemical Network Diagram
PureLand network 1.1.vsdPage-1
Running Head: CYBER SECURITY
1
CYBER SECURITY
4
Improvement Plan Outline
Improvement Plan Outline
A. Introduction
1. Definition of cybersecurity
2. Objectives of cybersecurity implementation plan
i. Maintain data integrity
ii. Protect confidentiality
iii. Ensure availability
B. Current state description
1. Identifying risks and vulnerabilities
i. Hardware and software configuration
a. Unsecured user accounts
27. b. Misconfigured internet services
c. Unsecured setting within the network equipment
ii. Network design
iii. Technological weaknesses
a. TCP/IP protocol weaknesses
b. OS weaknesses
c. Network equipment weaknesses
2. Internet security policy
i. Develop a written policy
ii. Application of logical access controls
iii. Software and hardware installation policy
iv. Developing disaster recovery plan
C. Overview of network weaknesses
1. Wireless access points
2. Internal unauthorized access
3. USB flash drives
D. Threats and vulnerabilities facing ICS
1. Unstructured threat from inexperienced employees
2. Structured threat from experienced hackers
3. External threat
E. Understanding of applicable regulations
1. CFATS compliance inspection
i. Preparation for inspection
a) Site map and current chemical inventory list
b) Documents showing changes to the existing security
measures
c) Documents to explain the procedures involved in storage and
transportation of chemicals.
d) Documented progress of planned security measures
e) The key human resource involved
ii. The inspection process
a. Observations
b. Interviews
28. c. Review of documents referenced in the security plan
d. Testing of the systems
F. Desired future state
1. To have all stakeholders responsible for the ICS security
2. A divided corporate and control network
3. Use of the recommended risk analysis and risk reduction
methodologies
4. Safe and secure working internal and external environment
G. Five areas of cyber-security to improve
1. Develop a formal plan security
2. Protect all computer networks and applications
3. Protect the firm against internal and external threats
4. Recruiting the required human resource to implement the
cybersecurity system
5. Investing cybersecurity training and education
H. Conclusion
1. Emerging issues in network security
2. Challenges facing cybersecurity
3. Continuous network monitoring and assessment
PureLand Wastewater Treatment
Cyber Security Improvement Plan
1
Introduction to PureLand
PureLand’s Current State
Cyber Security Evaluation
Threats
Vulnerabilities
29. Security Concerns- Overview
Network Diagram
Suggested Network Diagram
Desired Future State of Security
Recommendations for Areas of Improvement
Conclusion
Topics
PURELAND
Introduction to PureLand
The PureLand Wastewater Treatment Inc.- Established in 2001
Expertise in Wastewater Treatment solutions for Chemical
manufacturing and Biological Fermentation Industries
Rich in skilled resources with ability to handle projects of all
sizes and delivers quality solutions
A wide range of solutions for all Wastewater Treatment needs
Project specific approach by utilizing unique sterilization and
engineering skills
Client specific personal attention to maximize customer
satisfaction
The PureLand Wastewater Treatment Inc. was established in
2001 and gained 16 years of rich experience in the wastewater
treatment solutions
30. The PureLand is experience in wastewater treatment with
specialized treatment solutions for Chemical Manufacturing and
Biological Fermentation industries
The PureLand is capable of handling wide range of projects
with any size (Small, big, and complex projects)
The PureLand is rich with human resources who can design
project specific solutions with unique sterilization and
engineering skills
The PureLand is experienced in strong sterilization and
engineering skilled team, that can provide operations,
validations and quality solutions for wastewater treatment
The client specific personal attention provides maximum
customer satisfaction for its clients
References:
PureLand Cyber Security Case Study. (2014). PureLand Cyber
Security Case Study. Cyber Security Case Study
3
PureLand’s Security Concerns
Wastewater treatment process utilizes toxic and hazardous
chemicals, which has a special security concerns
Physical security is relatively stronger than Cyber Security and
it is vulnerable for malicious activity
PureLand’s Current State
The chemicals used for wastewater treatment process are not
proprietary
The PureLand is not majorly concerned about theft of
intellectual property or trade secrets
The PureLand uses Chlorine Dioxide for wastewater treatment
The Department of Homeland Security (DHS) officials were
aware of use of Chlorine Dioxide for PureLand’s wastewater
sterilization
31. The DHS Chemical Facility Anti-Terrorism Standards (CFATS)
listed Chlorine dioxide as chemicals of interest, because of its
risk of chemical sabotage
The PureLand is aware of toxic nature of Chlorine Dioxide, but
never considered the risk of Cyber Terrorism or chemical theft
for sabotage
PureLand’s Security Concerns
PureLand’s wastewater treatment uses toxic and hazardous
chemicals which has a special security concerns
The physical security is relatively stronger than Cyber Security,
and the network is highly vulnerable for malicious activities
like hacking, intrusions, and malware attacks
The chemicals that were used for wastewater treatment process
are not proprietary
The PureLand is not concerned about the theft of intellectual
property and trade secrets as they are not owned by PureLand
and does not come under drug category
The PureLand uses Chlorine Dioxide for wastewater treatment
which is a biological hazard
The DHS is aware of use of Chlorine Dioxide for PureLand’s
wastewater sterilization
The DHS listed this chemical as Chemical of Interest according
to Chemical Facility Anti-Terrorism Standards (CFATS)
The PureLand is aware of toxic nature of Chlorine Dioxide, but
never considered as a risk of Cyber Terrorism or chemical theft
for sabotage
References:
PureLand Cyber Security Case Study. (2014). PureLand Cyber
Security Case Study. Cyber Security Case Study
4
32. PureLand’s Current State Cont.
DHS Audit Timelines
The DHS made PureLand aware of the obligations
The PureLand is subjected to CFATS regulations audit in 18
months
If PureLand fails CFATS regulations compliance in initial audit
(i.e. in 12 months) , then PureLand may be subjected to huge
fines, that results in facility closure
PureLand’s Reaction
Executives were worried about CFATS regulatory compliance
The PureLand formed an Internal Team to design Cyber
Security Improvement and Compliance Plan
Researched DHS report on security standards with an initial
objective to use Cyber Security Self Evaluation tool to identify
critical Cyber Security gaps
DHS Audit Timelines
The DHS made PureLand aware of the situation with respect to
CFATS regulations
The PureLand is subjected to CFATS regulations audit in 18
months
If PureLand fails in initial audit in 12 months period, then may
result in huge fines and penalties that may lead to closure of the
facility
PureLand’s Reaction
The PureLand’s Executive team is worried about DHS report on
CFATS regulatory compliance
The PureLand formed an Internal team to design Cyber Security
Improvement and Compliance Plan
33. A team of administrators, security professionals, and
management representatives researched the DHS reports with
initial objective to use Cyber Security Self Evaluation tool to
identify the gaps
References:
PureLand Cyber Security Case Study. (2014). PureLand Cyber
Security Case Study. Cyber Security Case Study
5
PureLand’s Current State Cont.
Cyber Security Self Evaluation Results
The PureLand’s Self Evaluation results were worrying with
compliance levels vary from 0% to 100%
The leadership meeting with IT staff and IT Security Analyst
had concluded that internal staff is not capable of
accomplishing security improvement in 12 months period
The decision was to hire external consultant to implement Cyber
Security improvement Plan
Cyber Security Improvement Plan Objectives
Reduce the Cyber Security incidents risks to an acceptable level
Achieve CFATS regulatory Compliance
Minimize negative impacts to Production and Safety
Cyber Security Self Evaluation Results
The PureLand’s Self Evaluation results were worrying and the
compliance levels vary from 0% to 100%
34. The leadership meeting with IT staff and IT Security Analyst
had concluded that internal staff is not capable of
accomplishing security improvement in 12 months period
The decision was made to hire external consultant to implement
Cyber Security improvement Plan
Cyber Security Improvement Plan Objectives
Reduce the Cyber Security incidents risks to an acceptable level
Achieve CFATS regulatory Compliance
Minimize negative impacts to Production and Safety
References:
PureLand Cyber Security Case Study. (2014). PureLand Cyber
Security Case Study. Cyber Security Case Study
6
Cyber Security Evaluation
Standard Compliance- Good Level
System Protection
Portable/Mobile/ Wireless
Maintenance
Configuration Management
Audit & Accountability
Standard Compliance- Need Improvement
Training
Remote Access Control
Procedure
Policies
Physical Security
Personnel
Organizational,
Information and Documentation
Incident Response
Environmental Security
Continuity
Access Control
35. Standard Compliance- Undisturbed
System Integrity
Systems and services Acquisition
Risk Management and Assessment
Policies & Procedures General
Plans
Monitoring & Malware
Info Protection
Communication Protection
Account Management
The Cyber Security evaluation results grouped the standards as
Good, Need improvement and Undisturbed
Standards Compliance- Good Level
System Protection
Portable/Mobile/ Wireless
Maintenance
Configuration Management
Audit & Accountability
Standards Compliance- Need Improvement
Training
Remote Access Control
Procedure
Policies
Physical Security
Personnel
Organizational,
Information and Documentation
Incident Response
Environmental Security
36. Continuity
Access Control
Standards Compliance- Undistributed
System Integrity
Systems and services Acquisition
Risk Management and Assessment
Policies & Procedures General
Plans
Monitoring & Malware
Info Protection
Communication Protection
Account Management
References
Reissman, L. (2014). PureLand Chemical Network Diagram.
Cyber Security Evaluation Tool
7
Cyber Security Evaluation Cont.
SWOT ANALYSIS
The SWOT analysis fro Cyber Security Evaluation results are
represented in the diagram
Strengths
System Integrity
Policies & Procedures- General
Monitoring & Malware
Information Protection
Communication Protection
Account Management
Weakness
Training
37. Remote Access Control
Procedures
Policies
Physical Security
Personnel
Organizational
Information and Documentation
Incident Response
Environmental Security
Continuity
Access Control
Opportunities
DHS Inspection provided an opportunity to avoid future cyber-
attacks
12 months time for Corrective Action for CFATS regulatory
Compliance
DHS Cyber Security Self Evaluation helps in conducting self
evaluation for CFATS regulatory Compliance
External Consultant for Cyber Security Improvement Plan
Threats
Cyber-attack during design and implementation of Cyber
security Improvement Plan
Loss or theft of critical information
References
Reissman, L. (2014). PureLand Chemical Network Diagram.
Cyber Security Evaluation Tool.
8
Strengths
System Integrity
Weakness
38. Training
Threats
Cyber-attack during design and implementation of Cyber
security Improvement Plan
Opportunities
DHS Inspection to avoid future cyber-attacks
Policies & Procedures- General
Monitoring & Malware
Information Protection
Communication Protection
Account Management
39. 12 months time for Corrective Action
Cyber Security Self Evaluation
External Consultant for Cyber Security Improvement Plan
Loss or theft of critical information
Remote Access Control
Procedures
Policies
Physical Security
Personnel
Organizational
40. Information and Documentation
Incident Response
Environmental Security
Continuity
Access Control
Cyber Security Evaluation Cont.
The expected values of PureLand security is compared with
Universal and Ranked subjected areas
References
Reissman, L. (2014). PureLand Chemical Network Diagram.
Cyber Security Evaluation Tool.
9
PureLand Security Evaluation Report
Universal Training System Protection System Integrity
Systems and Services Acquisition Risk Management and
Assessment Remote Access Control Procedures
Portable/ Mobile/ Wireless Policies and Procedures
General Policies Plans Physical Security Personnel
Organizational Monitoring & Malware Maintenance
Information and Documentation Info Protection
Incident Response Environmental Security Continuity
41. Configuration Management Communication Protectio
n Audit and Accountability Account Management
Access Control 0.62 0.41 0.69 0
7.0000000000000007E-2 0.56000000000000005 0.8
0.33 0.62 0.68 0.17 0.77 0.43 0.55000000000000004
0.28999999999999998 0.32 1 0.26 0.42 0.73 0.48
0.26 0.25 0.42 0.73 0.73 Ranked Subject Areas
Training Syst em Protection System Integrity
Systems and Services Acquisition Risk Management and
Assessment Remote Access Control Procedures
Portable/ Mobile/ Wireless Policies and Procedures
General Policies Plans Physical Security Personnel
Organizational Monitoring & Malware Maintenance
Information and Documentation Info Protection
Incident Response Environmental Security Continuity
Configuration Management Communication Protection
Audit and Accountability Account Management Access
Control 0.01 0.04 0.12 0.01 0.02 0.03 0.01 0.03 0.1 0.02
0.05 0.02 0.02 0.03 7.0000000000000007E-2 0.02 0
0.08 0 0.01 0.01 0.03 0.06 0.03 0.15 0.02 Expected
Values Training System Protection System Integrity
Systems and Services Acquisition Risk Management and
Assessment Remote Access Control Procedures
Portable/ Mobile/ Wireless Policies and Procedures
General Policies Plans Physical Security Personnel
Organizational Monitoring & Malware Maintenance
Information and Documentation Info Protection
Incident Response Environmental Security Continuity
Configuration Management Communication Protection
Audit and Accountability Account Management Access
Control 4.924543288324066E-2 3.2565528196981726E-2
5.4805401111993633E-2 0 5.5599682287529786E-3
4.4479745830023829E-2 6.3542494042891182E-2
2.6211278792692611E-2 4.924543288324066E-2
5.4011119936457505E-2 1.3502779984114376E-2
6.1159650516282756E-2 3.4154090548054003E-2
42. 4.3685464654487687E-2 2.3034154090548049E-2
2.5416997617156472E-2 7.9428117553613967E-2
2.0651310563939634E-2 3.3359809372517868E-2
5.7982525814138194E-2 3.8125496425734706E-2
2.0651310563939634E-2 1.9857029388403492E-2
3.3359809372517868E-2 5.7982525814138194E-2
5.7982525814138194E-2
Man-made Threats
Physical
Chemical leaks
Catastrophic event
External Threats
Sabotage
Terrorist attack
Chemical Explosion
Mass destruction
Internal Threat
Dissatisfied employees
Theft and Damage to critical assets
Natural Disaster
Hurricanes, Floods and Earthquakes
Tornadoes and Windstorms
Snow, Ice storms and lightning strikes
Threats
Cyber Threats
Hacking
Malware attacks
43. Service Disruption
Operational Manipulation
Infrastructure Design Threats
Intrusions from Business Network to ICS
Single Firewall for Internet traffic
Infrastructure aging
Lack of network segmentation and enclaves
Inefficient patch management
Work Force Threats
Aging workforce
Skill set deficient
Dependency on External consultants
Advance Persistent Threats (E.g.. Stuxnet)
Man-made Threats
Intentional or Unintentional threats that can be physical threats,
chemical threats or leaks or Cyber Threats
These result in Conflicts, Violence or even catastrophic events
External Threat
Unauthorized access to physical assets resulting in Sabotage
Terrorist attacks on the PureLand ICS
Accidental or purposeful chemical explosion
Intentional use of weapons to cause mass destruction
Internal Threats
Threat from the dissatisfied employees, formal employees,
vendors, or from third party contractors, who are aware of
network weakness
Theft and damage to critical assets with with an intention of
monetary gain
Manipulating the wastewater treatment process resulting in
damage to the environment
Natural Disasters
44. In U.S. the Gulf Coast is prone to hurricanes, the West Coast is
prone to earthquakes, the Midwest prone to floods
Addition to this the U.S is prone to tornadoes, windstorms,
snow, ice storms, lightning strikes and droughts
Cyber Threats
The PureLand’s Cyber Security is weak, and is prone to hacking
and intrusion
Hackers can electronically corrupt the system by seizing the
information that is required for critical system process
The ICS network is vulnerable to service disruption and
operational manipulation
Infrastructure Design Threats
The Business network is connected to Control system network
and provides a good access and communication across the
network
This design facilitates business user access to critical systems
A single firewall between the internet and business network,
and this firewall is not capable of filtering packet data
There is no network segmentation, enclaves and perimeter
defense for ICS
The aging infrastructure is an another threat for PureLand and
old infrastructure can increase the risk of crisis
Workforce Threats
The DHS self-evaluation results have identified the risks for
PureLand, and at the same time, the PureLand does not have
technical capabilities to manage remediation for identified
findings
The PureLand need to depend on the external consultants to
reduce the risk and achieve compliance to an acceptable limit
Advanced Persistent Threats
The APTs are sophisticated network attacks in which
unauthorized individual gains access to the network and remains
undetected for a long period of time
The PureLand is vulnerable to APT attacks like Stuxnet, Flam,
Black Energy that can cause catastrophic events for Wastewater
plant
45. References
Jason Stamp, J. D. (2003). Common Vulnerabilities in Critical
Infrastructure Control Systems. Sandia National Laboratories,
1-14.
10
Data Vulnerabilities
Lack of critical data segregation
Unrestricted access to critical information
Data historian access from business network
Business user’s can access control process
Intellectual property and chemical formulas are vulnerable to
theft
Security Administration and Management
Weak policies for data security and protection
Need for Security audits
Requires Trainings and awareness program
Vulnerabilities
Architecture
Single communication line for entire network
Ring topology with administrative control at each node
ICS Network
Practice of Shared user accounts and passwords
Ex-employees access to Pure Land's information
Sub-standardized remote authentication and encryption methods
Platform
No patch management and latest security updates
Hardware, software, ICS platforms are vulnerable to malware
attacks
46. Data Vulnerabilities
The PureLand does not differentiate the segregation of critical
data. The users can access the data in the network without
restriction
The business related information, intellectual property, critical
systems, and Data Historians can be accessed from the business
network
The business users do not require access or control critical
systems, but the present infrastructure allows business user’s
access to control process
The intellectual property and chemical formulas can be stolen
from the PureLand’s data systems and there is a high risk of
hacking and unauthorized access
Security Administration and Management
The policies and procedures need to be strengthened with
respect to security and data protection
The audits are not regularly conducted and it is necessary to
conduct periodical security audits to ensure the effective
implementation and enforcement of policies and procedures
The training and awareness programs are not enforced in polices
and procedures
Architecture
The network architecture provides a communication line
between business network and ICS in a ring topology
In a ring topology, one node will have administrative control
over another node and the failure at one node may result in
entire network disruption
ICS Network
The password management is weak and the practice of shared
accounts as well as password is a risk
The physical assets are not protected properly and the ex-
employees can gain access to the physical assets
The remote access authentication and encryption methods are
sub-standardized
Platform
47. The PureLand lacks patch management and security updates
The PurLand’s Hardware, software, ICS platforms are
vulnerable to malware attacks
References
Jason Stamp, J. D. (2003). Common Vulnerabilities in Critical
Infrastructure Control Systems. Sandia National Laboratories,
1-14
11
ICS and business environment is with the risk of security breach
because of physical and Cyber Security threats
The PureLand need to design and implement Security
Improvement Plan based on identified threats and
vulnerabilities
The threats are from internal (employees) or from external
parties (third party)
The PureLand is not prepared for Cyber Security incidents
The DHS is worried about increase threats from PureLand’s
evaluation results
The PureLand requires risk mitigation steps to secure ICS
Security Concerns-Overview
The PureLand’s ICS and business environment is with risk of
security breach because of physical and Cyber Security threats
The PureLand need to design and implement Security
Improvement Plan based on identified threats and
vulnerabilities
The threats are from internal or from external parties
The PureLand is not prepared for Cyber Security incidents
The DHS is worried about increase threats from PureLand’s
48. evaluation results
The PureLand requires risk mitigation steps to secure ICS
References
Reissman, L. (2014). PureLand Chemical Network Diagram.
Cyber Security Evaluation Tool
PureLand Cyber Security Case Study. (2014). PureLand Cyber
Security Case Study. Cyber Security Case Study
12
Network Diagram
NETWORK DIAGRAM
The present network diagram for Pureland
Network Weakness
In PureLand ICS network is with pressurization station, the
business LAN, the dispatch center and the water treatment
station
The network topology is Ring topology in which the nodes are
interconnected with each other
This topology provides equal administrative control at each
node and any disconnect at one node results in entire network
failure
The network is interconnected with single communication line
to facilitate free communication between the business lines
The backbone cable facilitates the servers to access internet and
web surfing
References:
Reissman, L. (2014). PureLand Chemical Network Diagram.
Cyber Security Evaluation Tool.
13
49. Suggested Network Diagram
Suggested Network Diagram
This network diagram shows Corporate network is separated
from SCADA network
There are Internet DMZ and Supervisory network DMZ were
separated
The SCADA is connected to field sites
There are firewalls between the networks
There are IDPS and anti malware systems in the servers
continuously monitors the malicious activity
References:
Keith Stouffer, V. P. (2015). Guide to Industrial Control
Systems (ICS) Security. Gaithersburg: NIST Special Publication
800-82. Retrieved from
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.8
00-82.pdf
14
Efficient employee trainings and awareness
Defence-in-depth strategy
Network Segmentation, perimeter and enclaves
Package data filtering firewalls between perimeter zones
Dual firewall for corporate business network and ICS network
Implementation of IDPS to monitor suspicious activates in
network
Desired Future State of Security
SIEM systems to monitor event logs
Multi-factor authentication for system access
Patch Management
Application Whitelisting
Data encryption methods
50. Restrict access to critical information
Password management and use of shared user credentials
Efficient employee training and awareness program to improve
security policies and procedures
The Defense-in-depth strategy to use multiple security counter
measures including firewalls, IDPS, anti-virus, biometric
authentication, SIEM and other security measures to protect ICS
The implementation of Network segmentation with enclaves
and perimeter security to protect PureLand’s network
The installation of perimeter firewalls monitors inbound and
outbound packet to detect packet loss and filters suspicious
package data
The IDPS at each level detects suspicious activities and
malware across the network
The SIEM systems monitors the event log and provides real-
time dashboard visualizations and reports
The multi-factorial authentication to ensure maximum security
to access physical and network access
The patch management helps in maintaining latest security
updates and protect the system from Cyber Security events
The application whitelisting controls the use of software in the
PureLand’s systems
The standardized data encryption methods maximizes data
security and transmission
The restricted access to critical information facilitates right
people to use appropriate critical information
The password management and use of shared credentials should
be organized and limit inappropriate use
15
Improvised Network Topology
51. Network Segmentation and Demilitarized Zone
Defense-in-Depth Strategy
Cyber Security Polices Training and Awareness
Implementation of Anti-malware Systems and Patch
Management
Recommendations for Areas of Improvement
Improvised Network Topology
Implementation of Start topology with nodes connected to
central hub with centralized administration for entire network
SCADA network separated from corporate business network
Centralized network firewall control from central hub
Secured network access and data protection across the network
Network Segmentation and Demilitarized Zone (DMZ)
Logical grouping of network systems that share network
resources using network devices
Facilitates demarcation of the larger network into a manageable
smaller network
The DMZ act as a security network layer that facilitates data
access without accessing the PureLand’s LAN
The firewalls between the DMZs controls network traffic
between the networks and restricts direct communication
between the network
Recommendations for Areas of Improvement- Cont.
Improvised Network Topology
The PureLand should implement star topology for its network in
which the nodes are connected to the central hub with
centralized administrative function for the entire network
52. The Supervisory Control and Data Acquisition (SCADA)
network topology should be separated from the business
network, and the user access should be restricted to the business
users
The firewall should be incorporated into the corporate business
network and ICS network and these firewalls can be controlled
from a central hub to manage data security, integrity,
confidentiality, and availability
The new network topology improves the secured network access
and data protection across the network
Network Segmentation and Demilitarized Zone
The network segmentation is a logical grouping of network
systems that share network resources using network devices like
repeater, hub, bridge, switches or routers
The network segmentation facilitates demarcation of the larger
network into a manageable smaller network that prevents
unauthorized communication between the network
The DMZ separates Local Area Network (LAN) from untrusted
networks like internet and acts as a security network layer that
facilitates data access without accessing the PureLand’s LAN
The firewalls between the DMZs controls network traffic
between the networks and restricts direct communication
between the network and restricts unauthorized access to
critical information
17
Defense-in-Depth Strategy
The Defense-in-Depth Strategy uses multiple methods of
security measures to protect PureLand’s ICS from hacking
The countermeasures are
Human personnel-Awareness and Training
Physical layer- Data diodes
Network layer-IDPS and firewalls
Application layer- Application Monitoring
Data integrity level- File integrity monitoring
53. Data access-Access control
Use Management- Active directory
System level-Anti-spyware
Physical access- Biometrics
A balanced approach for threat prevention and detection to
reduce damage and controls the impact from sophisticated
attacks like APTs and Cyber attacks
Build Advance Persistent Diligence with strong Defense-in-
depth approach
Recommendations for Areas of Improvement Cont.
Defense-in-depth Strategy
The Defense-in-Depth Strategy uses multiple methods of
security measures to protect PureLand’s ICS
The components are Awareness and Training for Human
personnel, Data diodes at physical layer, Intrusion Detection
and Prevention Systems (IDPS) and firewalls for network layer,
Application monitoring at Application layer, File integrity
monitoring at Data integrity level, Access control for data
access, Active directory for user management, Anti-spyware at
system level, and Biometrics for Physical access
The defense-in-depth strategy provides a balanced approach for
threat prevention and detection to reduce damage and controls
the impact
The PureLand need to build Advance Persistent Diligence which
requires a strong Defense-in-depth approach that limits the
network exposure to attackers
This approach monitors the threat activity and manages the
incident response, analysis, remediation, restoration and
investigation
18
Cyber Security Policies Training and Awareness
54. The Cyber Security policies should focus on employee training
and awareness on Cyber Security
Continuous training programs with user access management,
Cyber Security, password management, incident management
and signs of Cyber attacks
The training should include internal as well as external
stakeholders
The policies and procedures to prevent unauthorized physical
access
The USB port disabling and data security training restricts
inappropriate access to the PureLand network
Implementation of Anti-malware Systems and Patch
Management
Good anti-malware and anti-virus systems
IDPS system monitors the network and monitors suspicious
network activities
The host-based defense system identifies malicious activity
specific to ICS
The SIEM monitors the audit logs and scrutinizes security
events for suspicious activities
The patch management monitors installation and validation of
software updates
Recommendations for Areas of Improvement Cont.
Cyber Security Polices Training and Awareness
The Cyber Security policies need to be improvised and should
focus on employee training and awareness on Cyber Security
The training programs should prioritize user access
management, Cyber security, password management, and
incident management
The employees need to be trained on the signs and symptoms of
Cyber attacks like frequent flickering of the screen, increased
55. system processing, and reduced internal storage space
The employees should be aware of password and authentication
methods to access secured areas
The training should include internal as well as external
stakeholders who work with the PureLand business process
The policy of USB port disabling and data security training
restricts inappropriate access to the PureLand network
The password encryption and change password prompting
enforce the right use of a password
Implementation of Anti-malware systems and Patch
Management
The PureLand requires a good anti-malware and anti-virus
systems that protect the system from viruses, Trojans, SQL
injections, worms and other malicious activities
The IDPS system monitors the network and monitors suspicious
network activities
The implementation of host-based defense system identifies
malicious activity specific to ICS
The IDPS systems are boosted with Security Information and
Event Management System (SIEM) that monitors the audit logs
and scrutinizes security events for suspicious activities
The patch management addresses the installation and validation
of software updates related to software operational issues and
security vulnerabilities
The Security Conduit is established with security controls and
firewalls secure network as a whole and limit network traffic
and the vulnerabilities that exploit PureLand’s network
19
The PureLand should improve its security and protects their
system from Cyber attacks
The Defense-in-depth strategy maximizes the security and
minimizes the risk of Cyber attacks
The new network topology with segmentation and enclaves
rectifies present security weakness
56. Conclusion
The training and awareness program facilitates the internal and
external stakeholders to understand the risk and its mitigation
An efficient incident management program can help in effective
management of suspicious events and breach
The PureLand should improve its system to bring its security
controls to acceptable level of compliance
References
DHS. (2016). Recommended Practice: Improving Industrial
Control System Cybersecurity with Defense-in-Depth
Strategies. Homeland Security.
Eric D. Knapp, J. T. (2015). Industrial cyber security history
and trends. In J. T. Eric D. Knapp, Industrial Network Security:
Securing Critical Infrastructure Networks for Smart Grid,
SCADA, and Other Industrial Control Systems (pp. 41-57).
Waltham, MA: Elsevier.
Eric D.Knapp, J. T. (2015). Implementing Security and Access
Controls. In J. T. Eric D.Knapp, Industrial Network Security:
Securing Critical Infrastructure Networks for Smart Grid and
Industrial Control Systems (pp. 283-321). Waltham, MA:
Elsevier.
Eric D.Knapp, J. T. (2015). Industrial Network Design and
Architecture. In J. T. Eric D.Knapp, Industrial Network
Security: Securing Critical Infrastructure Networks for Smart
Grid, SCADA, and Other Industrial Control Systems (pp. 85-
120). Waltham, MA: Elsevier.
Reissman, L. (2014). PureLand Cyber Security Assessment: Site
Summary Report. Kalamazoo: Cyber Security Evaluation Tool.