Are you in High School, College, Masters, Bachelors or Ph.D and need someone to help in your homework? All you need is to ask for research paper help written by a specialist in your academic field. When you buy an essay online from My Essay Services, we offer you an original, nil plagiarized and unique paper written by a dedicated writer who is PhD or Masters qualified. MyEssayServices.com is an experienced service with over 9 years experience having delivered over 83,000 essays over the years.
Cyber security is a common threat to security globally, and there is a need for security teams to develop the right mechanisms to maintain the internet-connectivity control systems. Globally, the Internet business requires effective safety measures in the internet services to achieve business efficiency. In this speculation, countries such as Australia, America, China, and other advanced nations require proper industrial security because there are high risks involved from insurgent groups (Weiss, 2014).
Terrorist groups have advanced cybercrime systems, and they launch threats on internet control systems regularly. For this reason, the Homeland Security and the Department of Defense should develop robust strategies to deal with cybersecurity. Majorly, cybercrime threats should receive swift responses to mitigate the potential risks. Ideally, terror groups should not gain access to the ICS and if they manage, then they should not be allowed to gain control of the system because that will lead to adverse conditions in the global internet control systems. ICS control is necessary to ensure adverse actions such as reconnaissance, weaponization, and delivery, exploitation and installation, command and control, and to enable security teams to develop actions on objectives (Peng et al. 2012).
Peng et al. (2012) explain that cyber attacks conducted on the industrial control systems (ICS) have different impacts based on various factors such as the adversary’s intentions, their capabilities and sophistication, and their ability to navigate the ICS automated processes. Essentially, cyber criminals target ICS systems through multiple efforts, which enable them to develop sufficient information to conduct the cyber crime. For this reason, it is necessary to assess where the adversary is in his or her campaign to access the ICS systems for the security team to develop better risk management and security decisions. The Cyber Kill Chain was devised to help security personnel in detecting and responding to cyber attacks.
Essentially, reconnaissance is the first step in the ICS cyber kill chain-planning phase. Reconnaissance entails conducting investigations regarding the target, using an open source of information-gathering tools such as Shodan and Google. The primal objective of the planning phase is to reveal the weakness in the ICS system and identify critical information that supports the adversary’s efforts to target, deliver, and exploit important elements of the system. For this reason, some of the information that may help the intruder to gain access in to the system includes networks, host, human, protocol, and account information. Furthermore, information about the firm’s processes, policies, and procedures is also used in the planning phase.
In the case study, the adversary most likely used passive attacks such as eavesdropping by recording network or computer activity. Using a packet sniffer or other tools is a viable way for the adversary to intercept traffic data. It is certain that the adversary used Malware in combining the passive gathering of reconnaissance after assessing the collection techniques. Furthermore, it is this department’s suspicion that possible uses of other technology such as Trojans, Password.
Crackers and Denial of Service attacks were also used in combination to the network interception of traffic data, and a breach of local account passwords. The adversary might have used intensive researching, employed use of identity protocols and randomly choosing or selecting the targets.
Weaponization & Delivery
Moreover, Weiss (2014) explains that weaponization and targeting are critical elements of the preparation phase in the ICS cyber kill chain. Weaponization entails strategies aimed at modifying a harmless file such as a simple document to enable the adversary to get entry into the system. In most cases, weaponization is conducted through files such as PDF’s that contain cyber threat exploits. In this speculation, the weaponized document takes advantage of the features available maliciously to perform the attack. On the other hand, targeting is achieved when the adversary identifies the potential victim for exploitation in the cyber kill chain. Therefore, targeting is the process of prioritizing and analyzing targets and developing lethal actions to the targets to develop the desired effects.
In the case study, the weapon delivery on the ICS was performed by developing a remote access route or bot. The bot was then used as a payload, through some chosen tool over the internet, for delivery of the harmful malware to the ICS. This involves the use of a malicious code of malware hidden behind or encrypted an URL link. This is how the malware was introduced to the unsuspecting victim and by clicking on the URL link; the embedded malware ran an executable to the local PC.
The cyber intrusion phase includes the delivery stage, where the adversary devices a method to interact with the target’s network. For instance, a weaponized URL link was used to deliver the cyber attack in the case study.
Exploitation & Installation
The exploitation phase involves the means, which the adversary uses to conduct malicious attacks. Weiss (2014) states that when the exploitation stage is successful, the adversary installs specific capabilities such as a remote access Trojan or modify existing capabilities to conduct the cyber attack successfully. For instance, in the case study the adversary modified the existing capabilities of the defendant’s system to gain access to the ICS target.
On delivery, the code was provided with a trigger from the server on the adversary end. The command was to destroy the malicious code or setting it vulnerable to connect with the ICS target conditions of its environment. The malicious code connects, after being deployed and made compatible with the target system, were given some other commands to connect back with the sender to relay information.
Command & Control
Peng et al. (2012) argue that command and control (C2) are critical components of the management and enablement phase. In this phase, the attacker establishes multiple C2 functions to ensure their connectivity is not interrupted if their access is removed or detected. Notably, the author argues that C2 methods do not necessarily rely on direct connections to support the high frequency of bidirectional communication. For instance, adversaries may access protected networks through one-way communication paths, which require more time to process critical information and deliver commands.
In the case study, the adversary on gaining access to the target system could easily gain ground and implement the initial objectives. It is all about the use of covert exfiltration of data, as the enemy can also choose to compromise other functionalities and systems in the network or via the partner available network. The adversary concurrently wants to re-direct information from the ICS to the unauthorized destination to bring confusion in the system (Stouffer et al. 2011).
Visualization of Push & Pull Model’s
Push Model Attacker sends and receives fee
Majorly, cyber crime actions on ICS attack development and execution entail the development, testing, delivery, installation or modification, and the execution of the ICS attack. Weiss (2014) states that a cyber attack can have unforeseeable consequences. For instance, simple interactions with ICS infrastructure and applications can lead to unintended outcomes. Ideally, the adversary’s actions mostly come after deployment; having command and control of its target. Majorly, this is covert and was at will over a long period. The information and further exploits may compromise further systems internally or via a partner network. Furthermore, the Western Interconnection Power grid is at security risk, as the attacker gathered enough Intel over the period, to find security holes in the network ports, the email server, and the firewall. Active listening ports compromised the response time of our security because ports are left open for specific communications, which are designated permanently for other systems. The adversary had been covertly extracting our network security vulnerabilities through the deployed malware and other malicious command provided for control.
Defense in Depth Recommendations: People
The security personnel should develop highly advanced antivirus to detect the malware in time and using the same procedures to carry out regular scans. The software will aid in sending debugs to the security team, which in turn will provide a faster response time of combating threats.
Consequently, the use of data encryption: for sharing of sensitive information across the network by the ICS, as well as other security departments and stakeholders will help to improve the level of privacy and confidentiality in information sharing. Ideally, information shared to the adversary would make no meaning if it were encrypted.
Regular update and upgrade of the software by the ICS will help combat foreign objects from gaining access to the system. Besides, it also helps in notifying the server about the changes on the system upon detecting a malicious program. The antivirus, which forms part of the system, would be in a position to detect the foreign codes and instructions if it is kept updated (Weiss et al, 2014).
Any attack on the ICS requires the adversary to have adequate knowledge for the steps of making an attempt, since ICS has the industrial system in control and they are defensible and designed to cause unforeseen consequences to the attacker. The process does not end at the information collection level, rather, the ICS systems on the adversary attempt to discover their network hosts can influence the disruption of information flow and at the same time can cause the communication cards to crash.
The ICS system manipulation is difficult and it requires substantial sophistication from the attacker. Fundamentally, the system works solely to combat attacks and any intrusion on detection; the whole network from the adversary is blocked temporarily until the system gains stability to manage the intrusion or block permanently (Gordon et al, 2006).
In conclusion, evidence provided in this paper suggests that effective steps were taken to address the threat, however, there is need for mandatory on-going training to hold people accountable in understanding our security policies.
Inherently, the more training and pro-active courses provided to staff will keep them sharp and keep them engaged.
Defense in Depth Recommendations: Technology
The Western Interconnection Power Grid will enhance more stringent security policies, processes, and standards. Furthermore, the system will also help in re-designing our network infrastructure and firewalls.
Currently, there is no DMZ’s (Demilitarized Zones) in place, and this makes our systems vulnerable because an intruder can freely move about the network in covert operation. The Western Interconnection Power Grid is essential to implement multiple DMZ’s with multiple firewalls to protect the control network. Notably, it is important to segment this network into multiple routers and gateways. In a segregated network with DMZ’s, multiple routers, gateways, and firewalls there will be a line of sight advantage to the company if an intruder tried to infiltrate the network.
Defense in Depth Recommendations: Operations
A response department is necessary for counter-attack incase of any future intrusion into the network. This will allow more time for research, investigation, and counter measure set forth by the team and mitigate further threats to our systems. Once all policy and procedures are updated and implemented, a response team will be trained and delegated. The new team will take into account our internal needs of network access and work without compromising our current departmental needs. Furthermore, the team is also necessary to fortify these areas to maximize operational gains. One specific policy to ensure operational gain will be to disallow the use of outside USB memory sticks or hardware. By minimizing this, attackers cannot target current employees through embedded malware and infiltrate our network from the inside.
Gordon, Lawrence A., and Martin P. Loeb. (2006). Managing cybersecurity resources: a cost-benefit analysis. Vol. 1. New York: McGraw-Hill.
Peng, Yong, et al. (2012). "Industrial control system cybersecurity research." Journal of Tsinghua University Science and Technology 52.101396-1408.
Stouffer, Keith, Joe Falco, and Karen Scarfone. (2011). "Guide to industrial control systems (ICS) security." NIST special publication 800.82 16-16.
Weiss, Joe. (2014). "Industrial Control System (ICS) cyber security for water and wastewater systems." Securing Water and Wastewater Systems. Springer International Publishing, 87-105.
An extranet refers to a private network that uses the internet technology as well as the systems of public communication to safely and securely share some part of business data or the operations within the vendors, suppliers, customers, partners and other businesses. An extranet is a composite of the World Wide Web and is based on the main internet backbones and protocols, it is private contrary to the internet, and when compared to the intranet it is public, it is majorly for sharing and access to information based on business to business and is characterized by the provision of security as well as access control (Kallioranta and Vlosky, 2004). They link business partners and are scalable, flexible, and extensible and can integrate throughout a distributed and heterogeneous system platforms and environments. Extranets use Web browser front ends that make them user-friendly as it does not need any high competence in information technology as it is based on a connection to the internet. They are founded on the web technology of open standards and are economical as compared to creating as well as maintaining propriety network. The main goal of an extranet is to integrate communications between and among the businesses and external clients, and the customers or partners. Further than these overall goals, though, different companies are likely to use extranets in varied ways as outlined below (Benefits of intranets and extranets).
Uses of Extranets
To begin with, extranet are used in manufacturing. These can be observed from airlines industry to automobiles industry. The manufacturing industries use extranets to deliver accessibility to product manuals as well as technical specifications. Extranets, therefore, improves the efficiency of sharing and transferring these types of information, which is capable of running to thousands of pages usually in print format. Furthermore, those companies with access are in a better position to update information and flag problems while issuing warnings all promptly, in a format that is self-serve. Extranets are also significant in financial services corporations. For example, Bank institutions, brokerages institutions, and other institutions use extranets to performing a multiplicity of transactions that cover almost everything from consumer banking to clearing of check services. Among these are the Internal Revenue Services which have developed an extranet that allows companies that process tax to make their submissions of forms over the internet (Vlosky et al., 2015).
Another use of extranet is in the online catalogs. The suppliers, particularly wholesalers, are using extranets to create online catalogs that are made available to vendors. These extranets also permit suppliers to give discounts to their favored customers and also to discount items that are overstocked, hence being phased out and are not easily getting moved. The extranet’s capacity to presenting up-to-date inventory information streamlines the process of purchasing for both the buyers and sellers. Extranets are used in web design and development. The web-design companies use extranets to provide their customers with easy access regarding the constant design and development projects. When used correctly, this kind of extranet can make the processes of development more efficient by keeping the customers informed and involved, as well as keeping the project on time and within the budget limits. Extranets are also used in publications. Extranets offer an efficient way for publishers to distributing their editorial calendars and accepting work from the authors. Publishers can, therefore, put together an extranet with an obtainable content management coupled with workflow applications hence allowing them to mainstream remote bureaus, contractors, freelance authors and other off-site group members (Vlosky et al., 2015).
Additionally, extranets are used in public relations. Just like publishers, companies of public-relations usually use extranets in the management of their content workflow. Worth mentioning is that extranets are also important for publishing those late-breaking news and the updates that make them promptly available to investors, reporters, and analysts. Extranets are also important in the customer service usage. Many organizations can now let clients log in and view the customized account data, to track orders, and to communicate with sales as well as supervise staff. Since the increasing numbers of companies are adopting the online customer-service tools, it is anticipated that more customers expect to find the tools when they transact with the organization.
Extranets are important in training and education sector. Extranets create a platform for the online training organizations to offer course materials as well as other relevant resources to their customers. A number of schools and universities are now conducting at least some of the courses they provide over extranets hence allowing students to learn and earn credits irrespective of their locality or their ability to attending classes on a regular basis (Vlosky et al., 2015).
Project managers also use extranets to manage their projects. For companies that employ contractors, a project-management system that is based on an extranet offers an easy-to-use way out for keeping the entire players on course. Such types of systems also let in-house players to observe external salespersons who can use the extranet in reporting their progress. Extranets are important in the Supply chain management as it is being used for the automatic ordering of products to conducting inventory analysis. Extranets are critical in the field of supply-chain management irrespective of the size of a company. Organizations that have created extranet report have reported on numerous of benefits such as payoffs that are measurable and focuses on improvement in supply chain management. A properly designed extranet serves as portal to the internal applications that are used to do procurement, support sourcing, marketing, manufacturing, distribution as well as customer service. Hence, the company is in the position to extending its legacy systems to the trading partners in a safe, secure as well as cost effective way (Entering the Extranet Era, 1999).
In virtual sales, extranets are also viewed as being important. For example, in some cases, the sales teams can introduce and close deals more successfully when they can give hands-on demonstrations through an extranet. In this case extranets permits sales representatives to provide interactive presentations irrespective of a customer’s place, and they, therefore, can reduce an organization’s sensitivity to outdated sales challenges that may include tradeshow industry programs and fixed travel budgets.
An extranet, therefore, enables a company or a business to communicate and cooperate more effectively with identified business partners, customers, and suppliers. An extranet plays a significant role in enhancing trade relationships as well as improving the supply chain management.
Kallioranta, S. M., & Vlosky, R. P. (2004). A Model of Extranet Implementation Success. Effects on Business Performance, 1-20.
Entering the Extranet Era. (1999). How Extranets Can Help Create the Intelligent Supply Chain, 1-16.
Benefits of intranets and extranets. (n.d.). Retrieved October 27, 2015, from NIBUSINESS INFO.CO.UK: https://www.nibusinessinfo.co.uk/content/what-extranet
Vlosky, R. P., Fontenot, R. J., & Blalock, L. (2015). Extranet Mediated Business Linkages: Effects on Buyer-Seller Relationships. In Proceedings of the 1999 Academy of Marketing Science (AMS) Annual Conference (pp. 415-419). Springer International Publishing.
Browse More Essay Topics 24/7/365 Support 11+ Yrs in Essay Writing Pay for Quality not Quantity Score that A+ Grade
Research Paper for Sale
Cheap Research Papers
Buy Term Papers
Buy Research Paper
Write My Paper
Buy an Essay
Cheap Essay Writer
Write my Essay
Paper Writing Service
Pay for Homework
Pay for Research Paper
Do My Essay for Me
Pay for Essay
College Papers for Sale
Do My Homework for Me
College Essays for Sale
Buy Research Papers Online
Buy College paper
Client: "(Berlin, G.K., CA)"
Topic title:"Leadership shortfalls in Blue Chips"
Pages: 5, (APA)
" Awesome, the writer delivered it as required by the professor. They also sent me a plagiarism & grammar report Wow!. I was worried about how the essay would turn up but this is exactly what wanted. Thank you and will be back with a longer essay"
Accounting Research Papers
Business Research Papers
Communication Research Papers
Computer Science Research Papers
Economic Research Papers
Film Studies Research Papers
Finance Research Papers
Geography Research Papers
Psychology Research Papers
Political Science Research Papers
Nursing Research Papers
World Affairs Essays