SCADA Worm

Posted by Winnie Melda on November 26th, 2018

Describe the impact and the vulnerability of the SCADA / Stuxnet Worm on the critical infrastructure of the United States.

The Stuxnet worm operates on the defined basis of search and destroys where it takes to target the Siemens related hardware. The U.S and Israel are claimed to have developed the Stuxnet worm to have the attacking of the Iranian nuclear plants. Iran reported that 30 000 computers were affected countrywide. The worm has the impact to the hardware that is Siemens related and uses the Windows applications. The Stuxnet net does jeopardize the America’s critical infrastructure by affecting the Americans online freedom and the overall economic viability of the United States businesses.

The privacy and the freedom of Americans operating online are affected in such a way that they are not safeguarded off the worm attack that takes to delete the transactions and to render the network not functioning. Upon the industrial operations, the SACDA worm has the rampant effect of delaying the reactions of chemicals that get to use the industrial control system. The action has the automatic effect of the industry production and these results to the reduction in the economic growth of the industries. The attack causes the industry operations to cease. Take to imagine of the dynamic cost solutions that are required to get applied in the eradication of the worm. SCADA worm indeed has the greatest impact and vulnerability of rendering the U.S infrastructure to the terror since the worm gets to destroy the connection of monitoring and controlling to provide the overall national security to the infrastructure of the state.

The nation states of Iran, China, and Russia want to apply the worm to destroy the digital property of United States of America. The action will get the US super power lowered and the nations furthering their power. The nonstate actors, for example, the Hezbollah and Hamas are applying the SCADA worm as the weapon to the extent the cyber espionage which has gone the U.S industries losing an estimation of more than 0 billion every year in the intellectual property.

The infiltration attack will get to affect the critical infrastructure failing to supply and provide the water, gas and other related essential utilities. Subsequently, the vulnerability of the worm have the physical consequences as well as the power blackout for a longer period which may cause death in hospitals if not quickly restored.

Describe the methods to mitigate the vulnerabilities, as they relate to the seven (7) domains.

The mitigation against the Stuxnet worm will require the strong encryption of the computer systems data in the ICS controlled utility transmission and distribution. The model should use strong algorithms to have the encryption success to ensure the information is available. The energy department to reduce the effect of power blackout the critical infrastructure of the electric grid should get modernized with latest information technology of Smart Grid that is prevalent and more accessible all over the State. There is the high need for considering the physical security being provided to the critical infrastructure that will provide some advanced protection against the attacks of the Stuxnet worm. Also, the practice will enhance the response to the natural and man- related threats to the critical infrastructure. Some proper governance that includes the policies and procedures should get implemented to ensure some preventive mitigation remains intact to secure the critical infrastructure (Decker, 2013).

Assess the levels of responsibility between government agencies and the private sector for mitigating threats and vulnerabilities to our critical infrastructure.

The privates sector takes to boost the campaign against the Stuxnet worm attacks. However, the operations may be rendered too much exposure to the attacks and the overall failure of operations within the industries. Both the public and private organizations take to overlap the nature of defined operations that gets to create a resiliency that can result in the long-term and widespread of the damage. The interconnections of the networks mean that the failure of single node admits the entire network to go low, and these will provide the loophole to the attacks. These government agencies and the private sector are working according to the defined protection of the own infrastructure but not for the entire State. The efforts are still below average until some governance provides some procedures and regulations to govern agency operations (Hersh, November 1, 2010).

Assess the elements of an effective IT Security Policy Framework, and how these elements, if properly implemented, could prevent or mitigate and attack similar to the SCADA / Stuxnet Worm

The IT security policy framework is defined with the elements of security accountability, network service policies, system policies, physical security, incident handling and response, behavior and acceptable use of policies and security training. The elements of implementation will boost the overall protection against the Stuxnet worm attack on the policy that they get implemented and get governed. The security accountability will make the concerned take the cross, and this will ensure the hard work to avoid the consequences. The network policies and system policies will define the accessibility of the network and the system setting and configurations that secure ICS against attacks. Physical security marks the reduction of the damage and the possibility of attack happening. The acceptable usage of the policies will have the great impact as the citizens will get guided within defined policies that ensure security to the infrastructure (Taylor, February 16, 2001).

References

Bucci, S., Rosenzweig, P. & Inserra, D. (2013). A Congressional Guide: Seven Steps to U.S. Security, Prosperity, and Freedom in Cyberspace. 

Decker, L. (2013). Protecting critical infrastructure against the next Stuxnet. 

Hersh, M. S. (November 1, 2010). “The Online Threat: Should we be worried about a cyber war?” The New Yorker,

Taylor, L. (February 16, 2001). Seven elements of highly effective security policies.