As a member of the power sector, DTL Power is absolutely vital to the operations of other critical infrastructure pieces. The other key pieces of critical infrastructure represented in our environment are the Federal Government, Avistel Telecom, Mistral Bank, and Hytema Defense. Electrical power is the core of the US critical infrastructure, and without the energy supplied by the power sector, none of these other infrastructure pieces will be able to continue operations after local backup energy stores are depleted. It is for this reason that DTL Power?s primary security objective is power system uptime.
Managing these risks involves developing approaches that result in sound, scenario-based consequence and vulnerability estimates as well as assessments of the likelihood that the suggested threat will occur (“Executing A Critical”, n.d.). Risk is influenced by the nature and magnitude of a hazard or threat, the vulnerabilities to the threat or hazard, and possible consequences (“Executing A Critical”, n.d.). The threat landscape of the electric utility subsector includes physical attacks/theft, cyber-attack, natural disaster, and nuclear attacks (“Addressing Dynamic”, 2014). In addition to these threats and vulnerabilities, the subsector has identified other key issues and risks such as workforce capability and human errors, equipment failure and aging infrastructure, and evolving environmental, economic, and reliability regulatory requirements (“Energy Sector”, 2015). Electricity assets are numerous including residential homes, commercial offices, utility companies, transmission lines, etc. and their locations vary across the
The Department of Homeland Security supplies a national protection plan concerning critical infrastructure security. This plan targets a wide audience, including public and private critical infrastructure owners and administrators. Managing risks through identifying, deterring, and disrupting threats to critical infrastructure is the direct focus of this plan. The ability of an organization to reduce the impact of a threat that has occurred and reducing the impact of one that may occur is essential to an active security posture. Compromise of a critical infrastructure such as oil, airports, or traffic flow management could result in a major loss of life or resources (Department of Homeland Security, 2013).
Accordingly, this document has been developed to provide information regarding DTL Power and the measures that have been developed and implemented to safeguard its information and information systems from a cyber threat. This document is broken down into several sections that will provide an analysis of DTL Power and the energy sector; as well as the effectiveness of cybersecurity technology/policies in the energy sector, the team’s cyber strategy, and budget.
To detect a cyberattack on the power grid, Western Interconnection should implement a system that will allow public and private authorities to receive Indications and Warning (I&W) when a cyberattack is in its early phase. Koester and Cohen (2012) discuss their Electric Power Grid Indications & Warning Tool in their paper. The purpose of this tool is “to provide near real-time I&W to alert private and public sector authorities when the likely causes of outage events are malicious activity.” (Koester & Cohen, 2012, p. 1). The tool minimizes false alarms due to severe weather and high temperatures. Implementing this solution will allow administrators at the Western Interconnection power grid to take precautionary measures as necessary. For example, the substations can be manually shutdown in case of a cyberattack, to prevent potential damage and spread of malware.
The Department of Homeland Security (DHS) is Incharge of shielding our country’s crucial infrastructure from physical and cyber dangers. Of the varied kinds of infrastructure, cyberspace is crucial constituting the information regarding the government and business operations, crisis management and readiness information, and our crucial digital and process control systems. Safeguarding these critical resources and infrastructure is
Throughout this research we have shown the affects of a cyber attack on our water supply. We have also evaluated the impact that a cyber-attack could have on our water supply. Lastly we looked at the probable third and fourth order effects from the cyber-attack on this critical infrastructure to include the effects on other critical infrastructures that may be affected by the initial cyber-attack. If we do not take the actions of those who seek to harm us through either a physical attack or cyber attack seriously and work as a team we will fail as a
The Initial phase in cyberattack is reconnaissance. In reconnaissance phase, attackers gather information about target’s vulnerabilities which can be exploited further.
In round two of the simulation, an attack on DTL Power left services down for hours last Wednesday. The cyber-attack left residential, business, and government customers in the dark for hours. During the forensic investigation, evidence revealed that the cause of the attack was a worm intrusion that caused a reduction in DTL system functions. This reduction in system functions resulted in an excessive amount of downtime. The confidentiality, integrity, and availability of DTL?s system was compromised. Cyberterrorism tools such as port scanners were found in our system. These tools were not detected prior to the investigation.
The 2003 northeast blackout that saw about 50 million people from the northeast US and southeast Canada lose power for about 2 days at the cost of $6 billion dollars according to JR Minkel (Minkle) and was the biggest blackout in North American history (Minkle). The disaster lead to a report that showed the blackout was caused by a combination of human error and equipment failure. To prevent issues like this in the future a “smart grid” needs to be developed that would monitor and repair itself in the event of problems. Essentially computers and applications would be the first responder when there is an equipment failure on the grid. The problem with this solution is that by placing more of the control of the power grid into the hands of computers and applications, it opens up the grid to cyber-attacks. The economic impact of a total or even partial failure of the power grid is astronomical and makes a very appealing target to those who wish to cause
Electricity is one of the most productive forces known but it can also be dangerous and detrimental to infrastructure and security of assets across the Nation if it is lost or compromised. Physical and cybersecurity could be described under the steps to ensure the homeland security role is met, however the AEP’s dependence on technology in order to succeed cannot be understated. Every year the cybersecurity realm grows and the support for securing and managing cyber seems to fall further behind. Several high profile attacks affecting financial, healthcare, retail and entertainment industries demonstrate the potential impact of the threats” (AEP 2015, 2). These events do prepare the AEP in assessing our own cybersecurity procedures and resources to determine where we may need to strengthen the defense of our company but also increases our awareness of how real the threat is (AEP 2015, 2).
Discussion point 2: SCADA networks consists of many computers and software’s which performs many tasks and services in the organization or infrastructure which are considered to be backbone of the country which requires major protection from many cyber threats. In industrialized countries, precise census of SCADA systems is absent which is a big concern. Recently Incident Illinois on alleged water facility incident and Stuxnet virus proves that
In the previous five years, cybersecurity has turned into the most looked for after calling around the world. More than 90 percent of respondents to an overview directed by the Ponemon Institute (2011) detailed being a casualty to cyberattacks amid the most recent year, costing all things considered more than $2 million for each association. This number keeps on ascending as the two programmers and security devices progress. As indicated by PwC, roughly 33% of all U.S. organizations are as of now utilizing digital protection (Lindros and Tittel, 2016).
In today’s world technology has evolved to the point where a large amount of information is stored in cyberspace. It is because of this type of storage people around the world have an easier time at accessing information than ever before. The time before the late 20th century gathering information was long and tedious to get a book that the library did not own would take at least a couple of weeks depending on the time period or it may not have been possible to obtain that book. But now people can access a vast amount of information in a matter of minutes. Example, in modern times if someone wanted to know about a different culture they could simple look up the information on a computer or any device that had access to
The damage of a full-fledged cyber attack would be devastating, the destruction would be unparalleled to any other tragedy that has occurred America. Since technology is responsible for providing America with vital entities and resources, an unadulterated cyber attack would nearly fail the American economy; this is what is known as critical systems failure. Weapons of mass destruction and cyber attacks present imminent threats of critical systems failure. Although currently Americas’ critical infrastructures are coordinated by controlled systems, majority of these systems are indeed connected to the American cyberspace. This exposes one of America’s most vulnerable spot amidst cyber security. Another major vulnerable spot within the nations IT security would be the geographical physical location for each of Americas primary infrastructures, as well as their productivity. Due to the proximal locations, the major infrastructures could very well be infiltrated by one efficient CNA.