Cyber Security (Case Study Sample)

Case Study: Cyber Security
Name
Academic Institution
Case Study: Cyber Security
Introduction
Cyberattacks are major events. Especially, when they have been going against organizations that are operating with Industrial Control Systems. This means they are fluctuating from producers of energy to small manufacturing corporations while continuously going up in vast numbers. Every year, cyberattacks to Industrial Control Systems outcome in millions of dollars of fatalities. In the same way, as increasingly sensitive business data and mission critical information is focused in data centers, the costs of an effective attack to web-applications can be disastrous.
Attacks to Industrial Control Systems are most of the time carried out through malware that is advanced which finds a way to proliferate through the network and can sometimes function operate under the radar for years before striking. Flame, Gauss Stuxnet, and Duqu, are clear samples that this trend is turning out to be the standard. Next to malware that is forward-thinking, ICS systems are subject to a wide-range of insider threats coming from disgruntled or uncaring personnel, vendors, and contractors plus network and systems misconfiguration or formation changes. Although the Critical Infrastructure section has conservatively been the main point of cyberattacks to Industrial Control Systems, cyberespionage is more and more knocking the manufacturing sector as well as small businesses, as reported by the Symantec Internet Security Threat Report.
The case studies in this report show how Silent Defense is able to enhance a system defenses by allowing people to notice even the classiest attacks, put a company in control of what goes on in their network. It also supports them in management operations, decreasing their operational costs and your losses because of system lost time.
Case Study: The Aurora Attack
The danger to information and computer properties comes from a wide-ranging range of threats with a far-reaching assortment of competences. The influence (and as a result the damage) on a business will depend a lot on the chances that are presented to an attacker (in terms of the weaknesses that are within a computer system), the proficiencies of the attackers to be able to exploit them, and eventually their incentive for attacking the business. For instance, an effortlessly guessed password to an online account does not need much technical competence in order to exploit. By means of a little more technical knowledge, attackers are likewise able to utilize devices that are willingly accessible on the internet CITATION Gar11 \l 1033 (Gary Waters, 2011). They are able to also bring resources (individuals or currency) to bear with the intention of discovering new weaknesses. In most cases, these attackers will go on to cultivate bespoke techniques and tools to abuse them; such weaknesses allow them to avoid the basic controls delivered by arrangements like Cyber Essentials (Bosch, 2009). In order to protect against these bespoke attacks, it will necessitate a company to invest in a more universal method to security, for example that outlined in Cyber Security booklets (Chang, 2015).
It is clear that the motivation of an attacker can vary from representing their technical ability for personal praise, financial advantage, commercial benefit, political disapproval; through to financial or political advantage for their nation. At the same time as attackers possibly will have the competence and the motivation, they still need a chance to convey a fruitful attack. It is clear that these companies have no type of control over their competences and incentives, nonetheless the company can make it trickier for attackers by decreasing their vulnerabilities.
The Problem
Attackers can use illegal sequences to terminate physical components
Most people do not like being in the dark. There are some individuals that invest in a generator when this does occur. If not they at least try and buy some candles for the random outage. But then again what if, rather than bad weather knocking out the water or power, it is a hacker? This is what took place in the Idaho National Lab. The Idaho National Lab, in 2007, staged a cyberattack alongside a power generator in order to show how cyberattacks would have serious physical penalties on the constituents of the electric system. In the experiment, a computer program was used to quickly show how the system operates. However, in the end, the circuit breakers of a diesel initiator went of phase. From that point, the rest of the grid, produced the diesel generator, which detonated (Security Matters, 2014).
A government video recorded everything. It showed the potential destruction caused by hackers taking control of a vital part of the U.S. electrical network: a manufacturing turbine spinning madly out of control until it turn out to be a smoking hulk and power closes all the way down.
The video, created for the Homeland Security Department and gotten by The Accompanying Press, had a mark on it that said, "Official Use Only." (Palfrey, 2010) The video does display commands that were quietly set off by replicated hackers having such a violent response that the vast turbine shudders flew everywhere. On the video, pieces flying apart can be seen and it even belches white-and-black smoke.
The video was created for top United States policy creators by the Idaho National Laboratory, which has reflected on the little-assumed dangers to the particular electronic equipment that activates the water, power, and also the chemical plants (Staged Attack Causes Generator to Self-Destruct, 2015). Vice President Dick Cheney is amongst those who got a glimpse of the video, and was surprised to see how the hackers were able to do as much damage as they did.
Pushing five years later to another event that involved Banks and weak security, shows how attackers were able to use illegal sequences, but it never turned into physical harm like the Aurora incident, 5 years previous. Even though the two events were different, they had some during the months of September and October of 2012, there were key banks in America were on the hit list of denial-of-service attacks (Lewis, 2012). Amid the victim banks were the JPMorgan Wells Fargo and Chase Bank of America. These banks were targeted possibly for the reason of the following:
* enormous customer bases
* high significance in the worldwide economy
As a result of the cyber-attacks, the websites of the banks were congested. Customers all over the world were incapable to get a connection to their e-banking accounts like they did before. These banks were not able to make online transactions also.
* Purchasers' replies to the incident:
* frantic at the weak security systems
* lost self-assurance in their banks
* unsatisfied at the issue
Who are Responsible for all of this?
The American banks are still looking into the character of the cyber-criminals. At the moment, Iran is supposed to be at the top of their list. They are looked at as being the prime suspect. Nevertheless, an Islamist group Izz ad-Din al-Quassam Cyber Fighters, who many believe are a part of Hamas, has obtained obligation. They appealed that the cyber-attacks were complaints contrary to an insulting YouTube video about their faith.
Nightmare not over, more Attacks to Sill Come?
Nonetheless nobody is out of the water, yet, it appears. In December, of 2012, the same group made threats to bring forth further cyber-attacks on more banks from America. A this moment, it remains to be seen the banks from the U.S. banks have been able to constrict their online security following the earlier sequence of attacks
What Happened In Aurora?
With that said, before these attacks on the banks, there was the Aurora Attack. Only five years before JPMorgan Wells Fargo and Chase Bank of America were attacked, The Idaho National Lab staged a cyberattack. This basic vulnerability, which does not exploit any software-related flaw, has been since then called the Aurora vulnerability. The Aurora vulnerability is of serious concern for the reason that most of the key gears of electric grid, like transformers and power generators, normally utilize legacy communication procedures which were aimed with minute or no security in concentration (Nojeim, 2009). An attacker that is getting admittance, either nearby by or vaguely to the control system of any power generator could as a result cause it to tragically nose dive. This could distress operations for days or even months. When this happens, it capitalizes on the price and difficulty of gaining an appropriate repairing or replacement of the device that is broken.
Up until now, the only extenuation obtainable to stop an attack, abusing out-of-phase depends on applying protective transmits or presenting time. Not until now, there has not been any system checking solution that has been proficient of alerting operators, when an exploit of this sort of weakness was in development. The new security system called the Silent Defense ICS is the single solution available today that will let operators recognize and respond quickly to it.
The Solution
Silent Defense ICS guarantees that commands are implemented in legitimate sequences and are appropriately organized
Silent Defense Industrial Control Systems features their powerful Network Intelligence Framework (NIF), which is able to seize and enforce the desire system and to be able to process the behavior CITATION Sec14 \l 1033 (Security Matters, 2014). Misuses of the Aurora-like weaknesses are observed by NIF by regularly checking the position of physical objects and tracking appropriate variables that are within the PLCs monitoring key physical mechanisms. Also with this security system, the NIF features have so much power and flexibility that it is needless to recognize the v...