Energy Industry - Cyber-Attacks And Regulations
For many industries relying solely on NIST framework is not enough. The framework is not meant to replace their existing processes of handling cyber threats, however, by using the framework as a base, they can find the gaps in the most important infrastructure and figure out a way to harden and improve its security. For example, the energy industry is one of the most important industries and it has critical role in keeping the country safe. Therefore, most of the cyber-attacks are targeting it. In order to keep it safe, many agencies are involved in improving the best practices and standards for the industry, and hardening its critical infrastructure.
According to the Department of Homeland Security - Industrial Control Systems
Cyber Emergency Response Team (ICS-CERT) the energy sector has been a focal point for cyber-attacks.
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is taking the effort to reduce the risks related to all critical infrastructure for different industries. It coordinates control systems-related security incidents and information sharing between the critical infrastructure stake holders such as federal, state, local, and tribal governments and control systems owners, operators, and vendors.
In the first half of fiscal year 2013, (October 1, 2012–May 2013), ICS-CERT has responded to over 200 incidents across all critical infrastructure sectors. The highest percentage of incidents reported to ICS-CERT occurred in the energy sector at 53%.
The 53% of the attacks that hit the energy sector were done for either, competitive advantage, information warfare, extortion, protest, financial gain, and revenge. And usually they are done through...
... middle of paper ...
...nd Technology Directorate Cyber Security Division
The Cyber Security Division’s objectives are to:
• Develop and transition new technologies, tools, and techniques to protect and secure systems, networks, infrastructure, and users, improving the foundational elements of our nation’s critical infrastructure and the world’s information infrastructure.
• Provide coordination and research and development (R&D) leadership across federal, state, and municipal government; international partners; the private sector; and academia to improve cybersecurity research infrastructure.
The National Science Foundation (NSF)
The NSF is an independent federal agency that promotes the progress of science; to advance the national health, prosperity, and welfare; and to secure the national defense. It has funded many researchers to help in improving the cyber security industry practices.
Previous centuries did not have to contend with or plan for the failure of electronic components, or the threats poses to the modern age as a result of the introduction of the nuclear/chemical age. These technologies and the introduction of terrorism into the risk management equation results in a complicated management problem of identifying, assessing, and preparing for the effects of the failures of modern technology. Emerging technological advances continue to change the planning cause the emergency management community to adapt to and identify new tools to manage technological risk (Haddow, Bullock, Coppola,
Wilshusen, Gregory. "Cyber Security: A Better Defined and Implemented National Strategy Is Needed to Address Persistent Challenges." United States Government Accountability Office. http://www.gao.gov/assets/660/652817.pdf (accessed April 27, 2014.
What concerns the government of the United States most is the security of the critical infrastructure from the cyber threats. The nation is depending heavily on the technology in most of its critical sectors to keep it up and running. Thus, this makes its more vulnerable to cyber-attacks from outsiders and insiders. Therefore, its protection must be a priority.
...ial approaches which are Normal Accident and HROs, although it seems certain that both of them tends to limit the progression that can contribute toward achieving to highly protective systems. This is because the scope of the problems is too narrow and the potential of the solutions is too limited as well. Hence, Laporte and Consolini et.al., (1991) as cited in Marais, et.al., (2004) conclude that the most interesting feature of the high reliability organization is to prioritize both performance and security by the managerial oversight. In addition, the goal agreement must be an official announcement. In essence, it is recommended that there is a continuing need in the high risk organizations for more awareness of developing security system and high reliability environment in order to gain highly successful method to lower risk in an advance technology system.
The threats to security from the United States Department of Defense, the national power grid and the Chamber of Commerce are very real and omnipresent. The Defense Department made an admission of the first major cyber attack upon its systems in August 2010. It was revealed that the attack actually took place in 2008 and was accomplished by placing a malicious code into the flash drive of a U.S. military laptop. “The code spread undetected on both classified and unclassified systems, establishing what amounted to a digital breachhead.” (2) This quote, attributed to then Deputy Defense Secretary William J. Lynn III, is just part of the shocking revelations that were disclosed in his speech made on July 14, 2011.
Although this support is mainly conducted at the strategic and operational levels, it can be conducted in all operational environments (FM 3-05.132). Although specific situations may require the teams to operate in higher levels of protection, they are designed and trained to function without interruption. While conducting CBRN reconnaissance the elements must also be aware of the security aspect. If they don’t have the capability to provide their own, they must ensure that they coordinate with their supporting force, if available. The CRD will then be asked to conduct CBRN Survey operations. They will be required to conduct missions that will determine the nature, scope, and the extent of the hazard (Redesign Concept). The CRDs primary use of this task is to acquire more information during sensitive site exploitation
For this assignment, I will discuss the evaluation process in assessing and calculating vulnerabilities for one of our nation’s Critical Infrastructures identified, as Defense Industrial Base. A vulnerability assessment is a tool used to evaluate weaknesses of a facility against threats and hazards. Norman describes vulnerability as (Norman, 2010, p.32),” Any condition or factor associated with the selected target that can be exploited to carry out an attack – vulnerabilities may be individuals or systems.” The more vulnerable an asset is, the more it’s deemed attractive, or susceptible to threats. In general, a vulnerability assessment identifies an organizations most critical assets needed to continue its function. They help determine, if functions can be repeated under threat scenarios, or need to be
The Incident Command System (ICS) is a systematized approach to deal with the order, control, and coordination of crisis reaction giving a typical chain of importance inside which responders from various organizations can be viable (Incident command system (ICS), 2007).
For example, the state of Michigan will host one of the first three-cyber protection teams established by the National Guard. Cyber protection team members will begin their assignment with intensive specialized cyber training in order to qualify as Army Cyber Soldiers. These academically challenging cyber courses are planed for a four to twelve months in duration and are held in multiple locations, including beginning to intermediate levels of challenging instruction in the program. When fully trained, captain members will be responsible for conducting defensive cyberspace operations, readiness inspections, and vulnerability assessments, as well as a variety of other cyber roles and
The National Institute of Standards and Technology (NIST), United States National Security Agency (NSA), United States Department of Energy, The President 's Critical Infrastructure Protection Board as well as Public Safety and Emergency Preparedness Canada (PSEPC) have recognized that security in SCADA systems is essential.
In recent years, many possible plans to enact government regulation to improve cybersecurity have been suggested. Most recently, in 2017, then U.S. president Barack Obama implemented the Cybersecurity National Action Plan (CNAP). The plan would have invested $19 billion in cybersecurity by gathering experts to make recommendations in regards to cyber security, help secure the government IT group, and encourage more advanced security measures (Daniel 1). However, while CNAP does present a way to solve the problem, it just adds another program that attempts to enhance cybersecurity: “It is the multiplicity of programs and division of responsibility that diminishes their effectiveness. At least eleven federal agencies bear significant responsibility for cybersecurity” (Cohen 1). Every so often, another cybersecurity program will be established, but former plans are seldom removed. This leads to a large amount of departments to share responsibility, which creates general confusion and limits each department’s power. Furthermore, widespread government regulation may weaken cybersecurity. Many fear that any regulation would not be flexible enough and would instead allow easier hacking (Ridge 3). If every system in the entire nation had the same security measures, it would be much easier to break into as by breaking into one system, a hacker a could break into everything.
Unequivocally speaking, the threat of a cyber-attack has become one of the most critical domestic and national security challenges we face as a nation today. Infrastructures supporting government operations are ...
My strong curiosity towards the field of Cybersecurity dates back to my pre-university days when I started reading sci-fi novels. Digital Fortress, a techno-thriller novel written by Dan Brown, explored the theme of government surveillance, security and civil liberties. This theme is brought out in the book by portraying cryptographic techniques, security policies and implications of these policies. This gravitated me towards the field of security. With little programming experience, I was eager to begin my nascent adventure in the field of Cybersecurity. Although I’ve gained exposure in the field of security during the course of my Bachelor’s degree, I believe pursuing a master’s degree in Cybersecurity will allow me to explore the field of security in greater depth and utilize it effectively to address more real-world challenges.
As our relies on networks increase our national infrastructure becomes more vulnerable to cyber-attack. This is because we rely heavily on networks to communicate, travel, run our economy and provide government services. This is why cyber intrusions and attacks have increases over the last decade. With this increase in cyber-attack come exposing of information which can be used to collect intelligence information; disrupting critical operation, and imposing high cost on the economy. The only thing the intelligence community can do at this point is prepare the nation for future cyber-attack. DHS needs to recognize cyber security challenges and address them. DHS also need to collaborate with government entities about cyber threats. As for the government they should be updating network every 6 months to decrease the possible of
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.