Industrial Control System Assignment Help
CYBER SECURITY
TABLE OF CONTENTS
INTRODUCTION 4
b. Current state of cyber security standard of the PureLand WasteWater 4
c. Network design of PureLand Wastewater 5
d. Threats and vulnerabilities in Industrial Control System 6
e. Regulations on PureLand wastewater 8
f. Recommended practices and future state for security in ICS 9
g. Security improvement in ICS of PureLand 10
CONCLUSION 11
REFERENCES 13
INTRODUCTION 4
b. Current state of cyber security standard of the PureLand WasteWater 4
c. Network design of PureLand Wastewater 5
d. Threats and vulnerabilities in Industrial Control System 6
e. Regulations on PureLand wastewater 8
f. Recommended practices and future state for security in ICS 9
g. Security improvement in ICS of PureLand 10
CONCLUSION 11
REFERENCES 13
LIST OF FIGURES
Figure 1: Network design of PureLand Wastewater 6
INTRODUCTION
Industrial Control system is a term used to define the components those are used to control the operations of an industry to achieve desired functionality. PureLand wastewater Treatment Inc is a company which has a great experience to deal with waste water to transform it into fundamental form by using biological fermentation and chemical manufacturing. The report will emphasize the present network design and security along with threads and vulnerabilities. Report will suggest the impact of regulations and provisional suggestions in order to implement the security in ICS. Challenges and standard recommendations will be provided in context of PureLand organization. The report will describe the security improvements for ICS in organization. In this manner, report will go through the present to future with security of ICS and implementation of CFATS in workplace as expected by government.
b. Current state of cyber security standard of the PureLand WasteWater
PureLand wastewater Treatment Inc is a company which has a great experience to deal with waste water to transform it into fundamental form by using biological fermentation and chemical manufacturing. The organization is analyzing and implementing the higher standard of cyber security that required for managing the privacy and planning of the networking for maintaining the communication using the external devices as well evaluating the new standards. The organization is following the rules and regulations that have been proposed by the government and leading authority of the cyber security. Under the governance of regulation, organization is bounded to use biological treatment with wastewater under the circumstance that it will lead the biological hazards. Secondary treatments cannot use increased amount of discharge in satirize of water as it is prohibited by act. For instance, Chlorine dioxide is toxic and need to be in right amount to ensure the health with drinking water. Exceed amount of chlorine dioxide may reverse the usage and benefits those are in its limited quantities. PureLand can use complex password policies and rules to secure the network from the attacks based on assumption of values and passwords so that unauthorised access to assets can be eliminated. Supervisory network unit is responsible to supervise the functionality and values from the equipments in control system. Digital data is obtained from various MTU in control system which further manages the data from underlying equipments.
Industrial Control system is a term used to define the components those are used to control the operations of an industry to achieve desired functionality. PureLand wastewater Treatment Inc is a company which has a great experience to deal with waste water to transform it into fundamental form by using biological fermentation and chemical manufacturing. The report will emphasize the present network design and security along with threads and vulnerabilities. Report will suggest the impact of regulations and provisional suggestions in order to implement the security in ICS. Challenges and standard recommendations will be provided in context of PureLand organization. The report will describe the security improvements for ICS in organization. In this manner, report will go through the present to future with security of ICS and implementation of CFATS in workplace as expected by government.
b. Current state of cyber security standard of the PureLand WasteWater
PureLand wastewater Treatment Inc is a company which has a great experience to deal with waste water to transform it into fundamental form by using biological fermentation and chemical manufacturing. The organization is analyzing and implementing the higher standard of cyber security that required for managing the privacy and planning of the networking for maintaining the communication using the external devices as well evaluating the new standards. The organization is following the rules and regulations that have been proposed by the government and leading authority of the cyber security. Under the governance of regulation, organization is bounded to use biological treatment with wastewater under the circumstance that it will lead the biological hazards. Secondary treatments cannot use increased amount of discharge in satirize of water as it is prohibited by act. For instance, Chlorine dioxide is toxic and need to be in right amount to ensure the health with drinking water. Exceed amount of chlorine dioxide may reverse the usage and benefits those are in its limited quantities. PureLand can use complex password policies and rules to secure the network from the attacks based on assumption of values and passwords so that unauthorised access to assets can be eliminated. Supervisory network unit is responsible to supervise the functionality and values from the equipments in control system. Digital data is obtained from various MTU in control system which further manages the data from underlying equipments.
c. Network design of PureLand Wastewater
Network of PureLand Wastewater is subdivided into four sections: supervisory network, business network, control system and field system. Business LAN is mostly used to capture the information from historian database so that analytical results and decisions can be made. Web and mail server is used to communicate for business purpose and to share information among end-users via emails and terminals. In supervisory network, SCADA is used to manage the control system via a signal to remote location and HMI helps operator to analyse the complied and formatted information for decision making. That remote signal is used to identify the status of remote equipments and to acquire the information from remote display in control system. Supervisory network unit is responsible to supervise the functionality and values from the equipments in control system. Digital data is obtained from various MTU in control system which further manages the data from underlying equipments (Gupta.et.al.2012).
Also a historian system is used along with database so that activities and data in network from control system can be stored for later use. Most of subdivisions use the TCP/IP protocol to communicate with each other which is secure and encrypted. Field system and business LAN are connected with internet and firewall is used to filter out the request so that sensitive data can be protected from being disclose. Field system consist equipments those are at core to sanitize and treatment the wastewater automatically. A number of sensors and equipments are used to collect the data automatically and accurately.
Whole of network design is manageable and capable to accomplish organizational objectives but there are a few weaknesses those may lay down network architecture. First is, SCADA as part of supervisory network has no direct control over other facility in organization. In order to collect data from sensors it depends on the historian and TCP/IP channel at control system. Thus, SCADA is being unable to collect data and to be updated with remote locations. Second big weakness of network design is absence of filter in field system as business LAN and field system is connected with internet, there is a big possibility of security hack. Attacker might get control over the refinery or can interrupt the services with field system for a while (Grady.et.al.2011). Thus, a filter application to identify the right source of request and a historian to collect the data from field system are required to sustain the information in every incidence. Back up units in form of historian and historian databases are expected in every subdivision of network for better availability of information. Addition to it, wireless equipments can be used for remote connectivity and cost saving.
Network of PureLand Wastewater is subdivided into four sections: supervisory network, business network, control system and field system. Business LAN is mostly used to capture the information from historian database so that analytical results and decisions can be made. Web and mail server is used to communicate for business purpose and to share information among end-users via emails and terminals. In supervisory network, SCADA is used to manage the control system via a signal to remote location and HMI helps operator to analyse the complied and formatted information for decision making. That remote signal is used to identify the status of remote equipments and to acquire the information from remote display in control system. Supervisory network unit is responsible to supervise the functionality and values from the equipments in control system. Digital data is obtained from various MTU in control system which further manages the data from underlying equipments (Gupta.et.al.2012).
Also a historian system is used along with database so that activities and data in network from control system can be stored for later use. Most of subdivisions use the TCP/IP protocol to communicate with each other which is secure and encrypted. Field system and business LAN are connected with internet and firewall is used to filter out the request so that sensitive data can be protected from being disclose. Field system consist equipments those are at core to sanitize and treatment the wastewater automatically. A number of sensors and equipments are used to collect the data automatically and accurately.
Whole of network design is manageable and capable to accomplish organizational objectives but there are a few weaknesses those may lay down network architecture. First is, SCADA as part of supervisory network has no direct control over other facility in organization. In order to collect data from sensors it depends on the historian and TCP/IP channel at control system. Thus, SCADA is being unable to collect data and to be updated with remote locations. Second big weakness of network design is absence of filter in field system as business LAN and field system is connected with internet, there is a big possibility of security hack. Attacker might get control over the refinery or can interrupt the services with field system for a while (Grady.et.al.2011). Thus, a filter application to identify the right source of request and a historian to collect the data from field system are required to sustain the information in every incidence. Back up units in form of historian and historian databases are expected in every subdivision of network for better availability of information. Addition to it, wireless equipments can be used for remote connectivity and cost saving.
Figure 1: Network design of PureLand Wastewater
(Source: PureLand network, 2016)
d. Threats and vulnerabilities in Industrial Control System
Industrial control system may contain SCADA, DCS (Distributed control system) and programmable logic controllers those have several security threads and vulnerabilities. Some of common threats on ICS are:
Critical infrastructure: Attackers may target PureLand for its critical infrastructure. Insecure rooms and physical access to assets are always taken into favour to generate disruption and denies to services. PureLand needs to safeguard the infrastructure with surveillance and sensor devices so that changes with infrastructure can be alarmed to make prior notice.
Insiders: limitless trust on individual in organization may result in theft of information and disclose of business secrets to others in industry. In this manner, PureLand may lose the business and values in market. Organization needs to monitor and log the activities of employees (Stouffer.et.al.2011).
Authentication: default values and weak password may works as the open door to intrude in network and to interrupt the service. PureLand can use complex password policies and rules to secure the network from the attacks based on assumption of values and passwords so that unauthorised access to assets can be eliminated.
Advance Persistent threads: industrial species may use advance persistent methods to remain in network without being detected for a long time and capture the data to break the business. PureLand needs to identify backdoors and poor configuration with recommended practices and solution to eliminate the persistency of intruders in network.
Addition to threads, there are some serious vulnerability issues with PureLand wastewater. These vulnerabilities are discussed below with the recommended solutions to them:
Policy based and functional: Security policies and functions of PureLand are pillars to define the security in workplace. Organization needs to maintain the proper documentation and achieving so that practices can be directed in more adequate manner. Following vulnerabilities are possible in policies and functions of organization:
• Inappropriate security policies and procedures.
• Lack of proper training and awareness to use ICS.
• Weak ICS design and architecture along with poor administration (Weiss, 2010).
• Lack of regulation based control and configuration
• Absence of DRP (disaster and recovery plan)and CP (Continuity plan)
Platform based vulnerabilities: issues in software and operating system are vulnerable for security in ICS assets as they can bypass the threads and access in network. Software may be configured well, patched or bug proof to provide security. For instance, unstable updates, unmanaged space, unfaltering etc weakness in platform are vulnerable.
Recommended solution: Defence in depth
It is the framework designed and maintained by DHS to facilitate the organization to test the network against the security and threads. PureLand needs identify the enclaves in network so that whole can be partitioned into enclaves those are specific in functionality and design. It is required to implement the defence in depth framework (Cheminod.et.al.2013). Using it, organization can easily find out the weaknesses and strengths in network. PureLand wastewater can use it to close the open configuration and to improve the security parameters.
e. Regulations on PureLand wastewater
PureLand includes a number of governmental rules and regulations in working. PureLand needs parallelize the working and operations according to regulations to ensure the sustainable business. Regulations are useful to control the organizations so that a balanced growth can be achieved with nature resources. Also it control the profit based consumption of natural resources and treatment in a worst manner. Regulations are liable to set the boundaries for organizations to sustain the natural resources for next generation. There are number of rules defined by government. PureLand organization mainly implements the following regulations to apply governmental obedience:
Waste water treatment act, 2001: The act focuses on the well treatment of wastewater in industry. Under the governance of regulation, organization is bounded to use biological treatment with wastewater under the circumstance that it will lead the biological hazards (Spellman, 2013). Secondary treatments cannot use increased amount of discharge in satirize of water as it is prohibited by act.
Clean water act, 1972: Clean water act provides the assistance to organizations those are treating the polluted water and improving it for reusability. This act helps to restore the natural integrants of water in term 0o chemical and biological combinations by blocking profitable and no profitable practices on water resources. This act also controls the enforcements and technologies to permit and licence the organizations. PureLand wastewater implies this rule to treat wastewater as to produce the healthy water back to nature. In this manner, organization follows the clean water act to ensure the values in natural water sources.
CFATS regulation: Chemical facility anti-terrorism Standards (CFATS) helps to identify and regulate the security measures to treat the chemical output in a healthy manner. It means that regulation prohibit the organizations to dump the chemical waste in a hazardous form because it may degrade the land, soil and water at place which will finally affect the population at place in term of diseases and deaths (Khakzad and Reniers, 2015). The act also ensures the security of chemical properties so that it can be kept away for terroristic attacks on health and safety.
PureLand needs to ensure the follow of some practices in workplace for CFATS regulation. For instance, PureLand needs to protect the hazardous chemical interest with physical as well as cyber securities so that terrorist cannot control the systems to produce and misuse the chemical against the health and safety of place. Organization needs to error proof the network and access to assets. As described in case study, organization needs to hire the experts and to conduct the audit on regular basis to ensure the safety of chemical substances. Administrators and monitoring tools are suggested to implement the CFATS in workplace (Spence and Tuozzoli, 2011). Also standard filtering of wastage from organization should be done to eliminate the health issue in place.
f. Recommended practices and future state for security in ICS
In order to implement cyber security in organization, PureLand can use the following standard and best practices in workplace which will be helpful to protect the theft of data and chemical of interest from workplace for the purpose of destroy and benefits. Major recommendations on practices to ensure the cyber security and CFATS in workplace are:
Regular audit and installation by experts: PureLand needs to hire experts from outside when required talent is not available in members. The installation and audit of cyber system should be done with practices of experts those have efficient knowledge to deal with cyber security. Regular audits and error proof installation of network will help the organization to identify the weak portions of network.
Improve awareness and skills: PureLand needs to enhance the awareness and skill set of employees to enforce the cyber security in workplace (Stouffer.et.al.2011). Training and development programs can be conducted to eliminate the erroneous actions in network those may lead the network security breach.
Response capabilities: PureLand needs to respond the threads and vulnerabilities as immediately as possible because a delay may result in loss of information and secrets. Thus, more IT staff and tools can be used to automate the response to network fails and errors. Organization needs not to take a single error as an obvious thing.
Managing risk with third party: PureLand needs to analyse the security and safety with third party software and equipments. Organization also can use defence in depth to test the network weakness in security and implementations (Wilhoit, 2013).
As the technology is being rapid in changes, so organization needs to identify the alternative to enhance the security. Persistent activities and remote controls are increasing so organization needs to be updated with technologies to ensure the data availability and access within workplace. Current security of ICS is capable to provide physical and cyber security but future trends like big data, scalability and control over internet may be considered to implement security in present context.
g. Security improvement in ICS of PureLand
PureLand is currently using the radar based security to ensure the physical security of network and assets in ICS. However the following security improvements are recommended in implementation of ICS security to conqueror the weaknesses:
• Close end configuration: Organization needs to configure the assets with newer values so that default value based attacks and detections can be eliminated in ICS. Also the configuration policies can be documented under the governance of security experts so that strong implementation can be made. Configuration of firewall and wireless devices are recommended to a high level of password and security algorithms. The data transfer in network can be encrypted as part of configuration (Knapp and Langill, 2014).
• Logging: Logging of data and user activities are required to identify right source of action. Data can be backed up within a small interval so that more adequate data can be recovered from incidental lost. Thus, each unit network in workplace need to maintain data historian to collect the recent copy of data form sensors and network. Log system may include user id, time, and IP address, total time of session, data modified, old values and newer values along with the access to assets. All this information can be used to identify the source of changes and to recover the data modified or deleted due to accidental user activities.
• Direct access: Most of network activities and equipments in field system should be put under the control of supervisory network so that they can be directed and managed from a single point. Addition to it, supervisory network units and SCADA can be configured to access the field units via a fast and secure channel so that events can be responded more frequently (Zhao, 2011). Direct access to major parts of network is required to enhance the response capabilities but it should be done carefully because a single wrong implementation may result in down of network and loss of information as disclosure.
• Automatic security: Several tools like ID card system and fingerprint logins can be used to restrict the employees those are not authorized to visit the certain places in workplace and at remote site of organization. Addition to it, sensors on pressure and temperature can be used to alarm the abnormal changes in filed system and control system. All this can be done with security equipments and software but they should be error-proof and well tested in circumferences of organizational operations.
• Proper handling of chemicals: The waste of organization in term of chemical substance need to be handled properly in workplace so that chemical hazards in workplace and health issues can be eliminated. For such chemicals, organization can use reversible process to make their effect negligible on health and explosion in combination with other chemicals (Cárdenas.et.al.2011). For instance, Chlorine dioxide is toxic and need to be in right amount to ensure the health with drinking water. Exceed amount of chlorine dioxide may reverse the usage and benefits those are in its limited quantities.
CONCLUSION
The report has been successfully concluded the present security level in PureLand organization and ICS in it. The present network of PureLand is described in brief along with the weaknesses and positions of components. The report has been identified the number of security threads and vulnerabilities along with recommendation in ICS of organization. Provisional solution is suggested to organization to implement the regulations and CFATS in workplace along with standard practices in security. Addition to it, five security improvements has been suggested for ICS in organization. In brief, report has been go through the present weakness of PureLand network to its future stable and secure network infrastructure within the regulation of laws.
REFERENCES
Book and journals
Cárdenas, A.A., Amin, S., Lin, Z.S., Huang, Y.L., Huang, C.Y. and Sastry, S., 2011, March. Attacks against process control systems: risk assessment, detection, and response. In Proceedings of the 6th ACM symposium on information, computer and communications security (pp. 355-366). ACM.
Cheminod, M., Durante, L. and Valenzano, A., 2013. Review of security issues in industrial networks. IEEE Transactions on Industrial Informatics,9(1), pp.277-293.
Grady Jr, C.L., Daigger, G.T., Love, N.G. and Filipe, C.D., 2011. Biological wastewater treatment. CRC press.
Gupta, V.K., Ali, I., Saleh, T.A., Nayak, A. and Agarwal, S., 2012. Chemical treatment technologies for waste-water recycling—an overview. Rsc Advances, 2(16), pp.6380-6388.
Khakzad, N. and Reniers, G., 2015. Protecting Chemical Plants against Terrorist Attacks: A Review. J Socialomics, 5(142), pp.2167-0358.
Knapp, E.D. and Langill, J.T., 2014. Industrial Network Security: Securing critical infrastructure networks for smart grid, SCADA, and other Industrial Control Systems. Syngress.
Spellman, F.R., 2013. Handbook of water and wastewater treatment plant operations. CRC Press.
Spence, S.D. and Tuozzoli, C.M., 2011. New Security Regulations and How They Might Affect You. Proceedings of the Water Environment Federation,2011(9), pp.6201-6204.
Stouffer, K., Falco, J. and Scarfone, K., 2011. Guide to industrial control systems (ICS) security. NIST special publication, 800(82), pp.16-16.
Weiss, J., 2010. Protecting industrial control systems from electronic threats. Momentum Press.
Wilhoit, K., 2013. Who’s really attacking your ICS equipment?. Trend Micro.
Zhao, G., 2011. Wireless sensor networks for industrial process monitoring and control: A survey. Network Protocols and Algorithms, 3(1), pp.46-63.
(Source: PureLand network, 2016)
d. Threats and vulnerabilities in Industrial Control System
Industrial control system may contain SCADA, DCS (Distributed control system) and programmable logic controllers those have several security threads and vulnerabilities. Some of common threats on ICS are:
Critical infrastructure: Attackers may target PureLand for its critical infrastructure. Insecure rooms and physical access to assets are always taken into favour to generate disruption and denies to services. PureLand needs to safeguard the infrastructure with surveillance and sensor devices so that changes with infrastructure can be alarmed to make prior notice.
Insiders: limitless trust on individual in organization may result in theft of information and disclose of business secrets to others in industry. In this manner, PureLand may lose the business and values in market. Organization needs to monitor and log the activities of employees (Stouffer.et.al.2011).
Authentication: default values and weak password may works as the open door to intrude in network and to interrupt the service. PureLand can use complex password policies and rules to secure the network from the attacks based on assumption of values and passwords so that unauthorised access to assets can be eliminated.
Advance Persistent threads: industrial species may use advance persistent methods to remain in network without being detected for a long time and capture the data to break the business. PureLand needs to identify backdoors and poor configuration with recommended practices and solution to eliminate the persistency of intruders in network.
Addition to threads, there are some serious vulnerability issues with PureLand wastewater. These vulnerabilities are discussed below with the recommended solutions to them:
Policy based and functional: Security policies and functions of PureLand are pillars to define the security in workplace. Organization needs to maintain the proper documentation and achieving so that practices can be directed in more adequate manner. Following vulnerabilities are possible in policies and functions of organization:
• Inappropriate security policies and procedures.
• Lack of proper training and awareness to use ICS.
• Weak ICS design and architecture along with poor administration (Weiss, 2010).
• Lack of regulation based control and configuration
• Absence of DRP (disaster and recovery plan)and CP (Continuity plan)
Platform based vulnerabilities: issues in software and operating system are vulnerable for security in ICS assets as they can bypass the threads and access in network. Software may be configured well, patched or bug proof to provide security. For instance, unstable updates, unmanaged space, unfaltering etc weakness in platform are vulnerable.
Recommended solution: Defence in depth
It is the framework designed and maintained by DHS to facilitate the organization to test the network against the security and threads. PureLand needs identify the enclaves in network so that whole can be partitioned into enclaves those are specific in functionality and design. It is required to implement the defence in depth framework (Cheminod.et.al.2013). Using it, organization can easily find out the weaknesses and strengths in network. PureLand wastewater can use it to close the open configuration and to improve the security parameters.
e. Regulations on PureLand wastewater
PureLand includes a number of governmental rules and regulations in working. PureLand needs parallelize the working and operations according to regulations to ensure the sustainable business. Regulations are useful to control the organizations so that a balanced growth can be achieved with nature resources. Also it control the profit based consumption of natural resources and treatment in a worst manner. Regulations are liable to set the boundaries for organizations to sustain the natural resources for next generation. There are number of rules defined by government. PureLand organization mainly implements the following regulations to apply governmental obedience:
Waste water treatment act, 2001: The act focuses on the well treatment of wastewater in industry. Under the governance of regulation, organization is bounded to use biological treatment with wastewater under the circumstance that it will lead the biological hazards (Spellman, 2013). Secondary treatments cannot use increased amount of discharge in satirize of water as it is prohibited by act.
Clean water act, 1972: Clean water act provides the assistance to organizations those are treating the polluted water and improving it for reusability. This act helps to restore the natural integrants of water in term 0o chemical and biological combinations by blocking profitable and no profitable practices on water resources. This act also controls the enforcements and technologies to permit and licence the organizations. PureLand wastewater implies this rule to treat wastewater as to produce the healthy water back to nature. In this manner, organization follows the clean water act to ensure the values in natural water sources.
CFATS regulation: Chemical facility anti-terrorism Standards (CFATS) helps to identify and regulate the security measures to treat the chemical output in a healthy manner. It means that regulation prohibit the organizations to dump the chemical waste in a hazardous form because it may degrade the land, soil and water at place which will finally affect the population at place in term of diseases and deaths (Khakzad and Reniers, 2015). The act also ensures the security of chemical properties so that it can be kept away for terroristic attacks on health and safety.
PureLand needs to ensure the follow of some practices in workplace for CFATS regulation. For instance, PureLand needs to protect the hazardous chemical interest with physical as well as cyber securities so that terrorist cannot control the systems to produce and misuse the chemical against the health and safety of place. Organization needs to error proof the network and access to assets. As described in case study, organization needs to hire the experts and to conduct the audit on regular basis to ensure the safety of chemical substances. Administrators and monitoring tools are suggested to implement the CFATS in workplace (Spence and Tuozzoli, 2011). Also standard filtering of wastage from organization should be done to eliminate the health issue in place.
f. Recommended practices and future state for security in ICS
In order to implement cyber security in organization, PureLand can use the following standard and best practices in workplace which will be helpful to protect the theft of data and chemical of interest from workplace for the purpose of destroy and benefits. Major recommendations on practices to ensure the cyber security and CFATS in workplace are:
Regular audit and installation by experts: PureLand needs to hire experts from outside when required talent is not available in members. The installation and audit of cyber system should be done with practices of experts those have efficient knowledge to deal with cyber security. Regular audits and error proof installation of network will help the organization to identify the weak portions of network.
Improve awareness and skills: PureLand needs to enhance the awareness and skill set of employees to enforce the cyber security in workplace (Stouffer.et.al.2011). Training and development programs can be conducted to eliminate the erroneous actions in network those may lead the network security breach.
Response capabilities: PureLand needs to respond the threads and vulnerabilities as immediately as possible because a delay may result in loss of information and secrets. Thus, more IT staff and tools can be used to automate the response to network fails and errors. Organization needs not to take a single error as an obvious thing.
Managing risk with third party: PureLand needs to analyse the security and safety with third party software and equipments. Organization also can use defence in depth to test the network weakness in security and implementations (Wilhoit, 2013).
As the technology is being rapid in changes, so organization needs to identify the alternative to enhance the security. Persistent activities and remote controls are increasing so organization needs to be updated with technologies to ensure the data availability and access within workplace. Current security of ICS is capable to provide physical and cyber security but future trends like big data, scalability and control over internet may be considered to implement security in present context.
g. Security improvement in ICS of PureLand
PureLand is currently using the radar based security to ensure the physical security of network and assets in ICS. However the following security improvements are recommended in implementation of ICS security to conqueror the weaknesses:
• Close end configuration: Organization needs to configure the assets with newer values so that default value based attacks and detections can be eliminated in ICS. Also the configuration policies can be documented under the governance of security experts so that strong implementation can be made. Configuration of firewall and wireless devices are recommended to a high level of password and security algorithms. The data transfer in network can be encrypted as part of configuration (Knapp and Langill, 2014).
• Logging: Logging of data and user activities are required to identify right source of action. Data can be backed up within a small interval so that more adequate data can be recovered from incidental lost. Thus, each unit network in workplace need to maintain data historian to collect the recent copy of data form sensors and network. Log system may include user id, time, and IP address, total time of session, data modified, old values and newer values along with the access to assets. All this information can be used to identify the source of changes and to recover the data modified or deleted due to accidental user activities.
• Direct access: Most of network activities and equipments in field system should be put under the control of supervisory network so that they can be directed and managed from a single point. Addition to it, supervisory network units and SCADA can be configured to access the field units via a fast and secure channel so that events can be responded more frequently (Zhao, 2011). Direct access to major parts of network is required to enhance the response capabilities but it should be done carefully because a single wrong implementation may result in down of network and loss of information as disclosure.
• Automatic security: Several tools like ID card system and fingerprint logins can be used to restrict the employees those are not authorized to visit the certain places in workplace and at remote site of organization. Addition to it, sensors on pressure and temperature can be used to alarm the abnormal changes in filed system and control system. All this can be done with security equipments and software but they should be error-proof and well tested in circumferences of organizational operations.
• Proper handling of chemicals: The waste of organization in term of chemical substance need to be handled properly in workplace so that chemical hazards in workplace and health issues can be eliminated. For such chemicals, organization can use reversible process to make their effect negligible on health and explosion in combination with other chemicals (Cárdenas.et.al.2011). For instance, Chlorine dioxide is toxic and need to be in right amount to ensure the health with drinking water. Exceed amount of chlorine dioxide may reverse the usage and benefits those are in its limited quantities.
CONCLUSION
The report has been successfully concluded the present security level in PureLand organization and ICS in it. The present network of PureLand is described in brief along with the weaknesses and positions of components. The report has been identified the number of security threads and vulnerabilities along with recommendation in ICS of organization. Provisional solution is suggested to organization to implement the regulations and CFATS in workplace along with standard practices in security. Addition to it, five security improvements has been suggested for ICS in organization. In brief, report has been go through the present weakness of PureLand network to its future stable and secure network infrastructure within the regulation of laws.
REFERENCES
Book and journals
Cárdenas, A.A., Amin, S., Lin, Z.S., Huang, Y.L., Huang, C.Y. and Sastry, S., 2011, March. Attacks against process control systems: risk assessment, detection, and response. In Proceedings of the 6th ACM symposium on information, computer and communications security (pp. 355-366). ACM.
Cheminod, M., Durante, L. and Valenzano, A., 2013. Review of security issues in industrial networks. IEEE Transactions on Industrial Informatics,9(1), pp.277-293.
Grady Jr, C.L., Daigger, G.T., Love, N.G. and Filipe, C.D., 2011. Biological wastewater treatment. CRC press.
Gupta, V.K., Ali, I., Saleh, T.A., Nayak, A. and Agarwal, S., 2012. Chemical treatment technologies for waste-water recycling—an overview. Rsc Advances, 2(16), pp.6380-6388.
Khakzad, N. and Reniers, G., 2015. Protecting Chemical Plants against Terrorist Attacks: A Review. J Socialomics, 5(142), pp.2167-0358.
Knapp, E.D. and Langill, J.T., 2014. Industrial Network Security: Securing critical infrastructure networks for smart grid, SCADA, and other Industrial Control Systems. Syngress.
Spellman, F.R., 2013. Handbook of water and wastewater treatment plant operations. CRC Press.
Spence, S.D. and Tuozzoli, C.M., 2011. New Security Regulations and How They Might Affect You. Proceedings of the Water Environment Federation,2011(9), pp.6201-6204.
Stouffer, K., Falco, J. and Scarfone, K., 2011. Guide to industrial control systems (ICS) security. NIST special publication, 800(82), pp.16-16.
Weiss, J., 2010. Protecting industrial control systems from electronic threats. Momentum Press.
Wilhoit, K., 2013. Who’s really attacking your ICS equipment?. Trend Micro.
Zhao, G., 2011. Wireless sensor networks for industrial process monitoring and control: A survey. Network Protocols and Algorithms, 3(1), pp.46-63.
No comments:
Post a Comment