Energy Industry - Cyber-Attacks And Regulations
For many industries relying solely on NIST framework is not enough. The framework is not meant to replace their existing processes of handling cyber threats, however, by using the framework as a base, they can find the gaps in the most important infrastructure and figure out a way to harden and improve its security. For example, the energy industry is one of the most important industries and it has critical role in keeping the country safe. Therefore, most of the cyber-attacks are targeting it. In order to keep it safe, many agencies are involved in improving the best practices and standards for the industry, and hardening its critical infrastructure.
According to the Department of Homeland Security - Industrial Control Systems
Cyber Emergency Response Team (ICS-CERT) the energy sector has been a focal point for cyber-attacks.
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is taking the effort to reduce the risks related to all critical infrastructure for different industries. It coordinates control systems-related security incidents and information sharing between the critical infrastructure stake holders such as federal, state, local, and tribal governments and control systems owners, operators, and vendors.
In the first half of fiscal year 2013, (October 1, 2012–May 2013), ICS-CERT has responded to over 200 incidents across all critical infrastructure sectors. The highest percentage of incidents reported to ICS-CERT occurred in the energy sector at 53%.
The 53% of the attacks that hit the energy sector were done for either, competitive advantage, information warfare, extortion, protest, financial gain, and revenge. And usually they are done through...
... middle of paper ...
...nd Technology Directorate Cyber Security Division
The Cyber Security Division’s objectives are to:
• Develop and transition new technologies, tools, and techniques to protect and secure systems, networks, infrastructure, and users, improving the foundational elements of our nation’s critical infrastructure and the world’s information infrastructure.
• Provide coordination and research and development (R&D) leadership across federal, state, and municipal government; international partners; the private sector; and academia to improve cybersecurity research infrastructure.
The National Science Foundation (NSF)
The NSF is an independent federal agency that promotes the progress of science; to advance the national health, prosperity, and welfare; and to secure the national defense. It has funded many researchers to help in improving the cyber security industry practices.
...ial approaches which are Normal Accident and HROs, although it seems certain that both of them tends to limit the progression that can contribute toward achieving to highly protective systems. This is because the scope of the problems is too narrow and the potential of the solutions is too limited as well. Hence, Laporte and Consolini et.al., (1991) as cited in Marais, et.al., (2004) conclude that the most interesting feature of the high reliability organization is to prioritize both performance and security by the managerial oversight. In addition, the goal agreement must be an official announcement. In essence, it is recommended that there is a continuing need in the high risk organizations for more awareness of developing security system and high reliability environment in order to gain highly successful method to lower risk in an advance technology system.
Wilshusen, Gregory. "Cyber Security: A Better Defined and Implemented National Strategy Is Needed to Address Persistent Challenges." United States Government Accountability Office. http://www.gao.gov/assets/660/652817.pdf (accessed April 27, 2014.
Previous centuries did not have to contend with or plan for the failure of electronic components, or the threats poses to the modern age as a result of the introduction of the nuclear/chemical age. These technologies and the introduction of terrorism into the risk management equation results in a complicated management problem of identifying, assessing, and preparing for the effects of the failures of modern technology. Emerging technological advances continue to change the planning cause the emergency management community to adapt to and identify new tools to manage technological risk (Haddow, Bullock, Coppola,
Critical infrastructure protection (CIP) is a concept that relates to the preparedness and response to serious incidents that involve the critical infrastructure of a region or nation. Eliminating threats is impossible, so protecting against them without disrupting business innovation and growth is a
When it comes to protecting an infrastructure, careful planning and coordination needs to take place. Protecting an infrastructure takes an important security initiative called Critical Infrastructure Protection (CIP). The United States critical infrastructure is protected by the Department of Homeland Security.
For this assignment, I will discuss the evaluation process in assessing and calculating vulnerabilities for one of our nation’s Critical Infrastructures identified, as Defense Industrial Base. A vulnerability assessment is a tool used to evaluate weaknesses of a facility against threats and hazards. Norman describes vulnerability as (Norman, 2010, p.32),” Any condition or factor associated with the selected target that can be exploited to carry out an attack – vulnerabilities may be individuals or systems.” The more vulnerable an asset is, the more it’s deemed attractive, or susceptible to threats. In general, a vulnerability assessment identifies an organizations most critical assets needed to continue its function. They help determine, if functions can be repeated under threat scenarios, or need to be
Although this support is mainly conducted at the strategic and operational levels, it can be conducted in all operational environments (FM 3-05.132). Although specific situations may require the teams to operate in higher levels of protection, they are designed and trained to function without interruption. While conducting CBRN reconnaissance the elements must also be aware of the security aspect. If they don’t have the capability to provide their own, they must ensure that they coordinate with their supporting force, if available. The CRD will then be asked to conduct CBRN Survey operations. They will be required to conduct missions that will determine the nature, scope, and the extent of the hazard (Redesign Concept). The CRDs primary use of this task is to acquire more information during sensitive site exploitation
The Incident Command System (ICS) is a systematized approach to deal with the order, control, and coordination of crisis reaction giving a typical chain of importance inside which responders from various organizations can be viable (Incident command system (ICS), 2007).
It is unrealistic to imagine that the copious amount of departments responsible for cybersecurity are able to adequately protect the country; therefore, the government needs to form one department that can be responsible for all cybersecurity problems and cyberattacks. When forming this new department, resources from other groups that currently share responsibility can be moved in order to decrease the amount of resources needed for the new group. But, it is also unfathomable for the government to be responsible for all cybersecurity as “... the reality is that while the lion’s share of the cybersecurity expertise lies in the federal government, more than 90 percent of the physical infrastructure of the Web is owned by private industry” (McConnell 4). Therefore the government must collaborate with the private sector. This cooperation can be utilized to help form the new government group as “there is also an opportunity for the new agency to be formed in a more deliberate way, drawing on leadership from the private economy to promote efficiency and cost-effectiveness” (Cohen 2). By working with the private sector, the new agency can reduce costs of personnel and equipment, increase performance, and maintain diverse cybersecurity plans. Once a
For example, the state of Michigan will host one of the first three-cyber protection teams established by the National Guard. Cyber protection team members will begin their assignment with intensive specialized cyber training in order to qualify as Army Cyber Soldiers. These academically challenging cyber courses are planed for a four to twelve months in duration and are held in multiple locations, including beginning to intermediate levels of challenging instruction in the program. When fully trained, captain members will be responsible for conducting defensive cyberspace operations, readiness inspections, and vulnerability assessments, as well as a variety of other cyber roles and
Cybersecurity is a government institution implemented by Homeland Security. According to the website for Homeland Security, cybersecurity is operated by a team of skilled professionals who will recognize cyber vulnerability and respond as quickly as possible. The security was mainly built for United States defense reasons, but lately has also dealt with issues within the country. Of course its main purpose is to protect the United States and it will continue to do that. It just recently has taken steps to advance to national security as well as personal security. In 2010 the cybersecurity act that was passed was intended to integrate the private and public sector of cybersecurity for optimal use. Hacking int...
My strong curiosity towards the field of Cybersecurity dates back to my pre-university days when I started reading sci-fi novels. Digital Fortress, a techno-thriller novel written by Dan Brown, explored the theme of government surveillance, security and civil liberties. This theme is brought out in the book by portraying cryptographic techniques, security policies and implications of these policies. This gravitated me towards the field of security. With little programming experience, I was eager to begin my nascent adventure in the field of Cybersecurity. Although I’ve gained exposure in the field of security during the course of my Bachelor’s degree, I believe pursuing a master’s degree in Cybersecurity will allow me to explore the field of security in greater depth and utilize it effectively to address more real-world challenges.
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.
Unequivocally speaking, the threat of a cyber-attack has become one of the most critical domestic and national security challenges we face as a nation today. Infrastructures supporting government operations are ...
The threats to security from the United States Department of Defense, the national power grid and the Chamber of Commerce are very real and omnipresent. The Defense Department made an admission of the first major cyber attack upon its systems in August 2010. It was revealed that the attack actually took place in 2008 and was accomplished by placing a malicious code into the flash drive of a U.S. military laptop. “The code spread undetected on both classified and unclassified systems, establishing what amounted to a digital breachhead.” (2) This quote, attributed to then Deputy Defense Secretary William J. Lynn III, is just part of the shocking revelations that were disclosed in his speech made on July 14, 2011.