The main goals of DTL Power are to maximize uptime, maintain a strong security, and remain profitable. Additionally, DTL Power also believes that it benefits our organization to ensure that we collaborate with other organizations like Avisitel and the Federal government to help safeguard DTL Power’s systems. For example, Avisitel makes up a portion of the internet’s backbone and any downtime that affects Avisitel may also affect DTL Power. Also, the Federal government provides technical advice and services, as well as provides research money for the development of cybersecurity technologies that DTL may utilize. Finally, various decisions were made and controls adapted that not only benefitted DTL Power but its employees as well. By implementing effective policies and controls and maintaining a dynamic defense strategy ensures that DTL Power can safeguard its information systems.
Team Results
Unfortunately, hacktivists that were threatening DTL Power managed to penetrate our defenses and take over part of our system. This threat actor was not in our system for a long period of time but was still able to affect the uptime of our system.
However, even though DTL Power was breached, the controls that were in place prevented the threat from becoming critical. As the summary report in Figure 1 displays, our Global National Security Index was > 100 and our Security Index was 100. Additionally, our Profitability Index was 94 with a profit of $923,660 for this round. As is stated in the application model reference, any score that is 100 and greater is what is desired. However, the exception to this rule is Downtime and Disaster Damage, which requires the score to be under 100 to be acceptable.
After analyzing the summary re...
... middle of paper ...
...ional standards. Our Security index remained steady as our control measures met the goal of being proactive enough to prevent, sustain, and repudiate a good amount of cyberattacks. The downtime, unfortunately, was more than we planned. But unlike other sectors, the electrical grid is a more complex system when one area is affected. It often requires isolation of systems to get the components back on line and at full operations range before restoration commences. Isolation can also translate to the significant amount of time to properly re-cycle the systems before it is ready to be integrated into the grid. Lastly, the profit margin is hit when the downtime increases. The profits evaporate in fines paid to the state, and federal entities regulating the energy sector. Also, profits are not being generated when power producing systems are isolated from the grid.
Evaluate annually and per incident/event that falls to the accountability of the DLADLIS IT and Security departments.
Business was also dependent upon information technology. If systems were down for some reason due to viruses or major electricity failure, the company would not be able to fill orders. The company should consider external power supply.
At this juncture, it may be somewhat difficult to accept the proposition that a threat to the telecommunications grid, both wired and wireless, in the United States could potentially be subject to a catastrophic cyber attack. After careful research on the subject, it appears the potentiality of an event of such magnitude, which either disrupts one or the other grids for a long period or destroys either, is both theoretically and realistically impossible. It may be that proponents—those who advance such theories—equate such “doomsday” scenarios as if a cyber attack would or could be of the same magnitude as a conventional or nuclear military strike. Terms such as “cyber Pearl Harbor,” “cyber 9/11” and “cyber Vietnam” have been used to describes potential catastrophic cyber attacks and yet, “Though many have posited notions on what a ‘real’ cyber war would be like, we lack the understanding of how such conflicts will be conducted and evolve.” (Rattray & Healey, 2010, p. 77). Yet, the U.S. government continues to focus on such events, as if the plausibility of small-scale cyber attacks were not as pressing.
On August 14th, 2003, a major blackout swept across portions of the northeastern United States and Canada. It was reported that a series of equipment outages in the Midwest led to uncontrolled cascading outages of power transmission lines and generators serving parts of the Northeast, Midwest and Canada. Automatic protective systems operated to open circuits and shut down power plants to prevent further spread of the outages. This is very similar to what happened in The Great Northeast Blackout of 1965. In both situations, the “grid system” shut down one generator in line at a time to protect a surge from the station before it.
However, some sources say that the DHS lead National Infrastructure Protection Plan (NIPP) falls well short because of not listening and not sharing information with critical infrastructure owner/operators. The NIPP document created by the DHS is for the government and is not a plan to improve resilience. The document is said to lack private sector information and most feel that the meetings with the government about the document were not heard. As for the information sharing part of the document there are shortcomings that do not enhance national level situational awareness. However, there are seven topics raised in the new document after its original creation four years ago. The first is to elevate security and resilience as the primary aim of CIP efforts. Second, expanding and updating critical infrastructure risk management. Third, focus on national priorities jointly determined by public and private sector. Fourth, integrate cyber and physical security. Fifth, affirm the reality that critical infrastructure security and resilience require international collaboration. Sixth, show continued progress to support execution of the plan at both national and community levels. Lastly, present a detailed Call to Action that includes steps the federal government will undertake to work with partners to make progress toward security and
Second, the reliability of electricity was compromised throughout many parts of our state, affecting both residential and business sectors. On June 14, 2000, about 100,000 customers were blacked out in San Francisco Bay Area (Kahn and Lynch 9-10). According to Lorenco Goncalves, the CEO of California steel industries, “We were interrupted 14 times this month [January] compared to not once from 1987 to 1998. So many other industries depend on what we send them…If they can’t depend on my products, they will [buy them] elsewhere” (Wood and Sherer). These uncertain interruptions are causing a lot of damage in our economy.
It is unrealistic to imagine that the copious amount of departments responsible for cybersecurity are able to adequately protect the country; therefore, the government needs to form one department that can be responsible for all cybersecurity problems and cyberattacks. When forming this new department, resources from other groups that currently share responsibility can be moved in order to decrease the amount of resources needed for the new group. But, it is also unfathomable for the government to be responsible for all cybersecurity as “... the reality is that while the lion’s share of the cybersecurity expertise lies in the federal government, more than 90 percent of the physical infrastructure of the Web is owned by private industry” (McConnell 4). Therefore the government must collaborate with the private sector. This cooperation can be utilized to help form the new government group as “there is also an opportunity for the new agency to be formed in a more deliberate way, drawing on leadership from the private economy to promote efficiency and cost-effectiveness” (Cohen 2). By working with the private sector, the new agency can reduce costs of personnel and equipment, increase performance, and maintain diverse cybersecurity plans. Once a
For one, the most important issue that I saw was that 3 of the 7 variables which could produce operand errors were unprotected. In the report, the groups found that it produced a high margin of safety. However, this shouldn’t be assumed like this. A high margin of safety still has a certain marginal chance of fault. This needs to be compensated for in the event that it does fail (as it did).
As a small nonprofit social IT company established in 2001, Digital Divide Data (DDD) has various human resources (HR) challenges. One of such human resources challenges includes lack of financial resources which has prevented the company from attracting unskilled labor. The second human resources challenge facing the Digital Divide Data is the inability to retain its internally-trained managers and high-performing operators. This difficulty comes as a result of the insufficient finance to maintain the internally-trained managers who are highly sought for in both Cambodia and Laos. So overall, the current human resources challenge facing DDD is the difficulty in attracting unskilled
...mpany up and running through any kind of interruptions such as power failures, IT system crashes, natural or man-made disasters, supply chain/vendor problems and more.
National and International Security is a sum of the actions taken by countries and other organizations that can guarantee the safety and well being of their population. It is vital for a nation to pre-emptively discover what issues could affect their security, and take action to prevent any detrimental or harmful events from happening. With the development of technology and the transition into a more technologically savvy society, cyber security has become one of the most prevalent and important economic and national security issues that the United States will come to face.
The nation has become dependent on technology, furthermore, cyberspace. It’s encompassed in everything we deliver in our daily lives, our phones, internet, communication, purchases, entertainment, flying airplane, launching missiles, operating nuclear plants, and implicitly, our protection. The more ever-growing technology empower Americans, the more they become prey to cyber threats. The United States Executive Office of the President stated, “The President identified cybersecurity as one of the top priorities of his administration in doing so, directed a 60-day review to assess polices.” (United States Executive Office of the President, 2009, p.2). Furthermore, critical infrastructure, our network, and internet alike are identified as national assets upon which the administration will orchestrate integrated cybersecurity policies without infringing upon and protecting privacy. While protecting our infrastructure, personal privacy, and civil liberties, we have to keep in mind the private sector owns and operates the majority of our critical and digital infrastructure.
The world is in another cold war, except this time countries are battling for cyber supremacy. Cyberspace is a massive land of ever-changing technology and personal interaction (McGuffin and Mitchell 1). Cyberspace is not only a place where people post pictures and update their profile, but it also plays an enormous role in running a country. Advanced countries use computers to guide their military, keep track of citizens, run their power grids, and hold plans for nuclear devices and nuclear power. Risks to commercial and government concerns are now being noticed and many countries are taking actions to prevent such threats (McGuffin and Mitchell 1).
The threats to security from the United States Department of Defense, the national power grid and the Chamber of Commerce are very real and omnipresent. The Defense Department made an admission of the first major cyber attack upon its systems in August 2010. It was revealed that the attack actually took place in 2008 and was accomplished by placing a malicious code into the flash drive of a U.S. military laptop. “The code spread undetected on both classified and unclassified systems, establishing what amounted to a digital breachhead.” (2) This quote, attributed to then Deputy Defense Secretary William J. Lynn III, is just part of the shocking revelations that were disclosed in his speech made on July 14, 2011.