Network Evaluation and Defense Strategy Essay Examples & Outline
Are you in High School, College, Masters, Bachelors or Ph.D and need someone to help in your homework? All you need is to ask for research paper help written by a specialist in your academic field. When you buy an essay online from My Essay Services, we offer you an original, nil plagiarized and unique paper written by a dedicated writer who is PhD or Masters qualified. MyEssayServices.com is an experienced service with over 9 years experience having delivered over 83,000 essays over the years.
Network Evaluation and Defense Strategy
Cyber security is a common threat to security globally, and there is a need for security teams to develop the right mechanisms to maintain the internet-connectivity control systems. Globally, the Internet business requires effective safety measures in the internet services to achieve business efficiency. In this speculation, countries such as Australia, America, China, and other advanced nations require proper industrial security because there are high risks involved from insurgent groups (Weiss, 2014).
Terrorist groups have advanced cybercrime systems, and they launch threats on internet control systems regularly. For this reason, the Homeland Security and the Department of Defense should develop robust strategies to deal with cybersecurity. Majorly, cybercrime threats should receive swift responses to mitigate the potential risks. Ideally, terror groups should not gain access to the ICS and if they manage, then they should not be allowed to gain control of the system because that will lead to adverse conditions in the global internet control systems. ICS control is necessary to ensure adverse actions such as reconnaissance, weaponization, and delivery, exploitation and installation, command and control, and to enable security teams to develop actions on objectives (Peng et al. 2012).
Peng et al. (2012) explain that cyber attacks conducted on the industrial control systems (ICS) have different impacts based on various factors such as the adversary’s intentions, their capabilities and sophistication, and their ability to navigate the ICS automated processes. Essentially, cyber criminals target ICS systems through multiple efforts, which enable them to develop sufficient information to conduct the cyber crime. For this reason, it is necessary to assess where the adversary is in his or her campaign to access the ICS systems for the security team to develop better risk management and security decisions. The Cyber Kill Chain was devised to help security personnel in detecting and responding to cyber attacks.
Essentially, reconnaissance is the first step in the ICS cyber kill chain-planning phase. Reconnaissance entails conducting investigations regarding the target, using an open source of information-gathering tools such as Shodan and Google. The primal objective of the planning phase is to reveal the weakness in the ICS system and identify critical information that supports the adversary’s efforts to target, deliver, and exploit important elements of the system. For this reason, some of the information that may help the intruder to gain access in to the system includes networks, host, human, protocol, and account information. Furthermore, information about the firm’s processes, policies, and procedures is also used in the planning phase.
In the case study, the adversary most likely used passive attacks such as eavesdropping by recording network or computer activity. Using a packet sniffer or other tools is a viable way for the adversary to intercept traffic data. It is certain that the adversary used Malware in combining the passive gathering of reconnaissance after assessing the collection techniques. Furthermore, it is this department’s suspicion that possible uses of other technology such as Trojans, Password.
Crackers and Denial of Service attacks were also used in combination to the network interception of traffic data, and a breach of local account passwords. The adversary might have used intensive researching, employed use of identity protocols and randomly choosing or selecting the targets.
Weaponization & Delivery
Moreover, Weiss (2014) explains that weaponization and targeting are critical elements of the preparation phase in the ICS cyber kill chain. Weaponization entails strategies aimed at modifying a harmless file such as a simple document to enable the adversary to get entry into the system. In most cases, weaponization is conducted through files such as PDF’s that contain cyber threat exploits. In this speculation, the weaponized document takes advantage of the features available maliciously to perform the attack. On the other hand, targeting is achieved when the adversary identifies the potential victim for exploitation in the cyber kill chain. Therefore, targeting is the process of prioritizing and analyzing targets and developing lethal actions to the targets to develop the desired effects.
In the case study, the weapon delivery on the ICS was performed by developing a remote access route or bot. The bot was then used as a payload, through some chosen tool over the internet, for delivery of the harmful malware to the ICS. This involves the use of a malicious code of malware hidden behind or encrypted an URL link. This is how the malware was introduced to the unsuspecting victim and by clicking on the URL link; the embedded malware ran an executable to the local PC.
The cyber intrusion phase includes the delivery stage, where the adversary devices a method to interact with the target’s network. For instance, a weaponized URL link was used to deliver the cyber attack in the case study.
Exploitation & Installation
The exploitation phase involves the means, which the adversary uses to conduct malicious attacks. Weiss (2014) states that when the exploitation stage is successful, the adversary installs specific capabilities such as a remote access Trojan or modify existing capabilities to conduct the cyber attack successfully. For instance, in the case study the adversary modified the existing capabilities of the defendant’s system to gain access to the ICS target.
On delivery, the code was provided with a trigger from the server on the adversary end. The command was to destroy the malicious code or setting it vulnerable to connect with the ICS target conditions of its environment. The malicious code connects, after being deployed and made compatible with the target system, were given some other commands to connect back with the sender to relay information.
Command & Control
Peng et al. (2012) argue that command and control (C2) are critical components of the management and enablement phase. In this phase, the attacker establishes multiple C2 functions to ensure their connectivity is not interrupted if their access is removed or detected. Notably, the author argues that C2 methods do not necessarily rely on direct connections to support the high frequency of bidirectional communication. For instance, adversaries may access protected networks through one-way communication paths, which require more time to process critical information and deliver commands.
In the case study, the adversary on gaining access to the target system could easily gain ground and implement the initial objectives. It is all about the use of covert exfiltration of data, as the enemy can also choose to compromise other functionalities and systems in the network or via the partner available network. The adversary concurrently wants to re-direct information from the ICS to the unauthorized destination to bring confusion in the system (Stouffer et al. 2011).
Visualization of Push & Pull Model’s
Push Model Attacker sends and receives fee
Majorly, cyber crime actions on ICS attack development and execution entail the development, testing, delivery, installation or modification, and the execution of the ICS attack. Weiss (2014) states that a cyber attack can have unforeseeable consequences. For instance, simple interactions with ICS infrastructure and applications can lead to unintended outcomes. Ideally, the adversary’s actions mostly come after deployment; having command and control of its target. Majorly, this is covert and was at will over a long period. The information and further exploits may compromise further systems internally or via a partner network. Furthermore, the Western Interconnection Power grid is at security risk, as the attacker gathered enough Intel over the period, to find security holes in the network ports, the email server, and the firewall. Active listening ports compromised the response time of our security because ports are left open for specific communications, which are designated permanently for other systems. The adversary had been covertly extracting our network security vulnerabilities through the deployed malware and other malicious command provided for control.
Defense in Depth Recommendations: People
The security personnel should develop highly advanced antivirus to detect the malware in time and using the same procedures to carry out regular scans. The software will aid in sending debugs to the security team, which in turn will provide a faster response time of combating threats.
Consequently, the use of data encryption: for sharing of sensitive information across the network by the ICS, as well as other security departments and stakeholders will help to improve the level of privacy and confidentiality in information sharing. Ideally, information shared to the adversary would make no meaning if it were encrypted.
Regular update and upgrade of the software by the ICS will help combat foreign objects from gaining access to the system. Besides, it also helps in notifying the server about the changes on the system upon detecting a malicious program. The antivirus, which forms part of the system, would be in a position to detect the foreign codes and instructions if it is kept updated (Weiss et al, 2014).
Any attack on the ICS requires the adversary to have adequate knowledge for the steps of making an attempt, since ICS has the industrial system in control and they are defensible and designed to cause unforeseen consequences to the attacker. The process does not end at the information collection level, rather, the ICS systems on the adversary attempt to discover their network hosts can influence the disruption of information flow and at the same time can cause the communication cards to crash.
The ICS system manipulation is difficult and it requires substantial sophistication from the attacker. Fundamentally, the system works solely to combat attacks and any intrusion on detection; the whole network from the adversary is blocked temporarily until the system gains stability to manage the intrusion or block permanently (Gordon et al, 2006).
In conclusion, evidence provided in this paper suggests that effective steps were taken to address the threat, however, there is need for mandatory on-going training to hold people accountable in understanding our security policies.
Inherently, the more training and pro-active courses provided to staff will keep them sharp and keep them engaged.
Defense in Depth Recommendations: Technology
The Western Interconnection Power Grid will enhance more stringent security policies, processes, and standards. Furthermore, the system will also help in re-designing our network infrastructure and firewalls.
Currently, there is no DMZ’s (Demilitarized Zones) in place, and this makes our systems vulnerable because an intruder can freely move about the network in covert operation. The Western Interconnection Power Grid is essential to implement multiple DMZ’s with multiple firewalls to protect the control network. Notably, it is important to segment this network into multiple routers and gateways. In a segregated network with DMZ’s, multiple routers, gateways, and firewalls there will be a line of sight advantage to the company if an intruder tried to infiltrate the network.
Defense in Depth Recommendations: Operations
A response department is necessary for counter-attack incase of any future intrusion into the network. This will allow more time for research, investigation, and counter measure set forth by the team and mitigate further threats to our systems. Once all policy and procedures are updated and implemented, a response team will be trained and delegated. The new team will take into account our internal needs of network access and work without compromising our current departmental needs. Furthermore, the team is also necessary to fortify these areas to maximize operational gains. One specific policy to ensure operational gain will be to disallow the use of outside USB memory sticks or hardware. By minimizing this, attackers cannot target current employees through embedded malware and infiltrate our network from the inside.
Gordon, Lawrence A., and Martin P. Loeb. (2006). Managing cybersecurity resources: a cost-benefit analysis. Vol. 1. New York: McGraw-Hill.
Peng, Yong, et al. (2012). "Industrial control system cybersecurity research." Journal of Tsinghua University Science and Technology 52.101396-1408.
Stouffer, Keith, Joe Falco, and Karen Scarfone. (2011). "Guide to industrial control systems (ICS) security." NIST special publication 800.82 16-16.
Weiss, Joe. (2014). "Industrial Control System (ICS) cyber security for water and wastewater systems." Securing Water and Wastewater Systems. Springer International Publishing, 87-105.