A. Scope of an Attack’s Effect The Council on Foreign Relations discusses a hypothetical attack on the United States, and how it affected the country as a whole. This theoretical incident could expand to approximately fifteen states within the country, experiencing a complete lack of electricity, (“A Cyberattack on the U.S. Power Grid”, CFR).While this is only an educated conjecture, there is evidence of an infrastructure attack targeting the entire city of Kiev in a complete blackout. B. Ability to Respond to/Minimize Threat In addition to the Scope of the effects, the ability to minimize and/ or block the attack, if done by knowledgeably bad actors, would be significantly unlikely (CFR, “A Cyber Attack on the US Power Grid). Yet …show more content…
Power Grid”). • Increase awareness of current risks and exploits that can be used against the network/s or other technology components (INL, 25). • Increase knowledge where to find trusted sources of information that states how to configure hardware and software to inhibit/block attacks and minimize current exploits (CFR, “A Cyberattack on the U.S. Power Grid”). B. Best Practices • Updated technology requires updating best practices to lessen possible exploits (INL, 25). • Use the trusted information from resources instructing security configurations for new threats, (INL, 25). • Implement security in layers rather than simply one form of protection (INL, 25). C. Standards • Operate within Federal and State standards (INL, 23-24). • Operate within industry adopted standards (INL 24). • Implement security in layers rather than simply one form of protection (INL, 25). III. Additional Research Though there are many ways to make the power grid more secure, the improvements suggested: resources, best practices, and standards, will improve the current problem of cyber attacks. A. The Application of Increased Resources Due to the fact that resources come in many different forms and are absolutely vital in technology, there is immense value that it brings. However, with increased capabilities, there is an increased responsibility
* Recommend other IT security policies that can help mitigate all known risks, threats, and
As such, our company’s people resources pose the greatest risk for security breach. Our way to help mitigate risk in this area is to keep communication lines open in this area and to continually mandate security knowledge training, with mandatory updates on a regular basis. When the employees are informed of company policy when facing a security matter, they are better equipped to act in the best or right way. In this way knowledge is power – or at least empowerment to act in the best interest of the company’s information security.
The Initial phase in cyberattack is reconnaissance. In reconnaissance phase, attackers gather information about target’s vulnerabilities which can be exploited further.
Based on the previous design and development of the security awareness program for Advanced Topologies Inc, ATI it is needful to include in a matrix the security topics with the associated awareness materials by target audience in describing how when and with what frequency it will be delivered. The following matrix displays the above details.
Managing these risks involves developing approaches that result in sound, scenario-based consequence and vulnerability estimates as well as assessments of the likelihood that the suggested threat will occur (“Executing A Critical”, n.d.). Risk is influenced by the nature and magnitude of a hazard or threat, the vulnerabilities to the threat or hazard, and possible consequences (“Executing A Critical”, n.d.). The threat landscape of the electric utility subsector includes physical attacks/theft, cyber-attack, natural disaster, and nuclear attacks (“Addressing Dynamic”, 2014). In addition to these threats and vulnerabilities, the subsector has identified other key issues and risks such as workforce capability and human errors, equipment failure and aging infrastructure, and evolving environmental, economic, and reliability regulatory requirements (“Energy Sector”, 2015). Electricity assets are numerous including residential homes, commercial offices, utility companies, transmission lines, etc. and their locations vary across the
The Presidential Policy Directive (PPD) on Critical Infrastructure Security and Resilience advances a national unity of effort to strengthen and maintain secure, functioning, and resilient critical infrastructure (The White House Office of the Press Secretary, February 2013). It is imperative for every nation to develop a critical infrastructure protection plan that will provide the essential services to its society. To archive this, a government must be proactive and coordinate its efforts that will reinforce and maintain secure, functioning, and
Cyber security is a major concern for every department, business, and citizen of the United States because technology impacts every aspect of our daily lives. The more we use technology the more complacent, we get with the information that is stored within our cyber networks. The more complacent, we get, the more vulnerable we become to cyber-attacks because we fail to update the mechanisms that safeguard our information. Breaches to security networks are detrimental to personal, economic, and national security information. Many countries, like Russia, China, Israel, France, and the United Kingdom, now have the abilities and technology to launch cyber-attacks on the United States. In the last five years there have been several attacks on cyber systems to gain access to information maintained by major businesses and the United States Government. Cyber-attacks cause serious harm to the United States’ economy, community, and the safety, so we need to build stronger cyber security mechanisms. Based on my theoretical analysis, I recommend the following:
To detect a cyberattack on the power grid, Western Interconnection should implement a system that will allow public and private authorities to receive Indications and Warning (I&W) when a cyberattack is in its early phase. Koester and Cohen (2012) discuss their Electric Power Grid Indications & Warning Tool in their paper. The purpose of this tool is “to provide near real-time I&W to alert private and public sector authorities when the likely causes of outage events are malicious activity.” (Koester & Cohen, 2012, p. 1). The tool minimizes false alarms due to severe weather and high temperatures. Implementing this solution will allow administrators at the Western Interconnection power grid to take precautionary measures as necessary. For example, the substations can be manually shutdown in case of a cyberattack, to prevent potential damage and spread of malware.
The 2003 northeast blackout that saw about 50 million people from the northeast US and southeast Canada lose power for about 2 days at the cost of $6 billion dollars according to JR Minkel (Minkle) and was the biggest blackout in North American history (Minkle). The disaster lead to a report that showed the blackout was caused by a combination of human error and equipment failure. To prevent issues like this in the future a “smart grid” needs to be developed that would monitor and repair itself in the event of problems. Essentially computers and applications would be the first responder when there is an equipment failure on the grid. The problem with this solution is that by placing more of the control of the power grid into the hands of computers and applications, it opens up the grid to cyber-attacks. The economic impact of a total or even partial failure of the power grid is astronomical and makes a very appealing target to those who wish to cause
This sector is an integral component to your nation’s economy, operations of all businesses, as well as public and government organizations. In addition, this sector is mainly operated by the private sector (Critical Infrastructure Sectors, 2016). These reasons are why I feel this sector is most vulnerable for attack. With the majority of the sector ran by private companies and the critical nature of this sector makes it a prime area for attack. The chaos which would ensue due an attack on this sector could be devastating. With the loss of communication our nation could not function.
Introduction: - for my research project, I would like to explore about the cyber security measures. Cybersecurity covers the fundamental concepts underlying the construction of secure systems from the hardware to the software to the human computer interface, with the use of cryptography to secure interactions. These concepts are easily augmented with hands-on exercises involving relevant tools and techniques. We have different types of computer related crimes, cybercrimes, computer related offenses, federal approaches defenses. The information resources management has the technical matters for which IT are widely known. Cyber resources and cyber power as well as cyber security. We have spent a lot of time talking about many different high level critical infrastructure protection concepts we have general rule stayed away from cyber security explaining the ins and out of how the NIPP and NRF work together to ensure that we can live our daily live in relative comfort.
Most nations today fear terror attacks that include bombing use of reinforcements like machines guns and other firearms. This is because terror attacks most of the times leave many people dead and others disabled while others are left without families. However, there is another attack today in many nations that can be destructive like a terror attack and this is the cyber-attack and threats. Cyber-attacks can be responsible for large mass destructions by making all systems connected to cyber networks fail to work (Rhodes 20). An example is the Morris worm that affected the world cyber infrastructures and caused them to slow down to a position of being impractical. Therefore, as a result of these cyber-attacks resources are being established and designed to help counter the attacks.
3. How is infrastructure protection (assuring the security of utility services) related to information security?
The damage of a full-fledged cyber attack would be devastating, the destruction would be unparalleled to any other tragedy that has occurred America. Since technology is responsible for providing America with vital entities and resources, an unadulterated cyber attack would nearly fail the American economy; this is what is known as critical systems failure. Weapons of mass destruction and cyber attacks present imminent threats of critical systems failure. Although currently Americas’ critical infrastructures are coordinated by controlled systems, majority of these systems are indeed connected to the American cyberspace. This exposes one of America’s most vulnerable spot amidst cyber security. Another major vulnerable spot within the nations IT security would be the geographical physical location for each of Americas primary infrastructures, as well as their productivity. Due to the proximal locations, the major infrastructures could very well be infiltrated by one efficient CNA.
The connection between our company’s network security and end users is clear with data that has been reported. We should not only provide antivirus software, but create an education program emphasizing prevention, detection and adopting a “security” way of life. Everyone, at all levels, is responsible for our security.