Please follow the instruction.
Using the materials learned from chapters 1,5, 7, 8, 12, 24, , 72, 75, and 83, write a 750 word-paper providing your recommended actions for responding to the incident at the WaterISAC system. The composition of your paper should be as follows:
Executive Summary, introduction of your company and its function, the 7 vulnerabilities you look up, and a numbered ordered of recommendations in response to the questions you must ask, and a DREAD and STRIDE matrix listing and prioritizing the threats to the organization as you see them. In addition make final recommendations for a layered defense methodology with a budget limit of .250, 0000 for an organization of 60 people include of 10 IT personnel. Include at least 3 references, utilize either APA or MLA, paper should be double-spaced and turned in as a “Word” document. Please see the attached document for the assignment.My Watersystem Overrunneth_SC.docx
Out-of-Control System Industrial Controls
Metropolitan State University Water Information Sharing and Analysis Center [WaterISAC] jointly released a security alert regarding two vulnerabilities found in a popular remote desktop software used by the water treatment facilities who use a Yokogawa Centum CS 300. The alert states that the vulnerabilities can be exploited to remotely execute code on targeted remote desktop servers prior to authentication. The system was subject to the following vulnerabilities: CVE-2015- 7871, CVE-2015-6461, CVE-2015-7938, CVE-2015-7938, CVE-2015-5628, CVE-2015-0978, and CVE-2015-6469. 1.] Use the NIST NVD[NIST National Vulnerability Database] to look up the common vulnerabilities and exposures and construct a chart rating the possible impacts from these CVEs if not addressed
MSU and WaterISAC advised all water systems to utilize up-to-date software and promptly apply corresponding critical patches.2. [Using Sun Tzu’s principle of “know your Self” how would you ensure the remote vulnerability is addressed?
An employee notices code running within a command prompt on a control console. This workstation is responsible for controlling pumps and configuring water flow. The command prompt then quickly terminates and closes. The employee notifies the Information Technology [IT] department.3 [Describe to the forensic team what command line code in either Windows or Linux you would use to check the computer for system intrusions using terminal?
After performing the methodologies, you employed in step 3,
- Write recommendations to the CEO addressing the following questions using a defense in depth/layered defense methodology. How should the organization go about building an information security program?
- Prescribe the process for ensuring patches are up to date.
- Prescribe how the organization should monitor their network technology or system to view and flag suspicious code executions, application processes, and activities on internal machines.
- Prescribe how the organization should control who has access to specific accounts or systems?
At this point, several WaterISACemployees receive an official-looking email from the Human Resources [HR] Department with the subject “Mandatory Security Training: Complete by COB.” Employees are instructed to click an embedded link in the email. Upon clicking, they are returned to a “404 error: File not found” page. A few employees contact HR and say they’re unable to access the link. Others decide to try later.
Some employees notice that a small remote desktop program window launches on their desktop and then disappears immediately. Most employees dismiss it as a glitch, but a few employees contact their supervisors and IT security to report the problem.
- Describe to the CEO what has likely taken place with the email from HR
- Prescribe what kind of program should be put in place to educate and train employees about suspicious mail.
Several distribution valves around different areas of the WaterISACfacility open and close at unscheduled, random times. Control system operators note the occurrence and determine it to be a singular malfunction in otherwise normal operations. A water pump begins repeatedly turning itself off and on. The central computer is unable to communicate with the water pump to enact the emergency shutoff procedure. Subsequently, the water pump breaks, putting the system at risk of low pressure.All control system indicators point to a potential hazardous materials [hazmat] situation in which the chlorination of the water appears to be reaching a dangerous, unsafe level. Fail-safe protection systems for ozone generators and chlorine feeds at WaterISACfacilities are activated to shut down distribution operations.
- Using the threat model methodology of STRIDE and DREAD, make recommendations to the CEO how to identify, prioritize, and mitigate threats to the water system.