IT Essay Example: Recommended Safeguards

The Western Interconnection power grid requires safeguards to protect the delivery of their critical infrastructure services in every state they deliver. This means that the company will require using the right strategies in ensuring that the APT attacks that may have been planned; directed to their power grid will be asserted as to bare null and void impacts on the power grid system of the organization. Technical safeguards are among the priority safeguards for any given ICS. Hence, the Western Interconnection power grid should make it a priority to initiate technical controls such that they have a well-established and controlled security for any information and information passing channels are secure.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

For that matter, the Supervisory Control and Data Acquisition (SCADA) system should be the top priority for the power grid since this system is responsible for the congregation and processing data and also initiate operational controls for the organization over extensive distances. The logic behind safeguarding technical aspects such as the SCADA system is that the system enables the organization to surpass common communication challenges such as data integrity compromise or even communication delays and thus ensuring data integrity. The fact that these systems (such as the SCADA) are mostly shared and not dedicated for a specific user or use, there need arises for the organization to safeguard the systems i.e. the technical controls at all times. The safeguarding activities for technical controls incorporate all the activities that are aimed at placing authentication and identification procedures and policies, the installing of firewall and antiviruses discussed which are discussed below.

The process of ensuring that identification and authentication are part of the ICS system and framework are all aimed at establishing one thing in specific; authorization of access to information, data and facilities within the organization (FITSU & FIS, 2013). In this case, the organization employs a set of identification credentials for classifying and identifying the potential network hosts, users, applications, resources and services so that only the eligible subjects are allowed access to the specific systems. Otherwise, if one is not eligible, he/she is denied access to that particular system. To maintain and enforce authorization, the organization should conduct an access control mechanism which helps safeguard the resources accessibility by limiting and authorization to the specific resources and amenities within the organization.

Specifically, identification, authentication and authorization achieve safeguarding of information through the use of something known only to specific people, something only specific people have (FITSU & FIS, 2013). For example, the Western Interconnection power grid could establish, novel passwords and give them to specific trustworthy people so as to safeguard the access to specific information in the system. The passwords and or PINs should be changed routinely and randomly. Only these people should know the passwords and PINs used (Chapple & Seidl, 2015). Also, the organization could consider the use of unique biological characteristics such as the retinal signature or the fingerprint for safeguarding the information and resources in question. Even better, the organization can employ Role-Based Access Control (RBAC) so as to ensure that the organization can maintain a secure access to information. The uniqueness of the RBAC paradigm is that the organization will incur fewer costs in the maintenance of access to specific devices.

The other major way to safeguard the Western Interconnection power grid is by ensuring that the ICS network (control) is separated from the Corporate network. In other words, use of emails, remote access and even internet access should not be allowed in the control network as it makes it vulnerable and easy to violate or attack. This best protects the ICS network as it makes it immune to those traffics and problems that the corporate network is subject to on a day to day basis. For one, if the two networks ought to be connected for cost reduction or efficiency reasons, then there should be thorough segregation and segmentation of the two networks so as to safeguard the ICS network for the organization optimally. Segmentation means the splitting of a given network into smaller security domains segregation also enforces the goals of segmentation. The major goal that the two strategies will serve is reduced the traffic passable through any partitioned network depending on how much the network encompasses sensitive information. This will make it difficult for the attackers to access the network without being detected. As an example, the power grid organization should employ VLANS, encrypted VPNs and unidirectional gateways so as to segment and segregate the ICS networks (Chapple & Seidl, 2015).

Another major safeguard the subject organization should enact is the use of firewalls, so as to enable proper segregation and segmentation and at the same time enable technical controls safeguarding. From the definition, Firewallscontrol the flow of traffic in between networks using different security postures. The advantage with the firewalls is that they can be used both in networks that use the Internet or in those that do not require the internet. For Western Interconnection case, they should use the Stateful Inspection Firewalls which, though costly, provide enhanced awareness for the transport of data in an OSI model. The firewalls surpass the Application-Proxy Gateway and the Packet Filtering Firewalls in that they offer good performance and are not susceptible to overhead and delay impacts as the latter two. The Stateful Inspection Firewalls help filter any form of malware at the network layer and at the transport layer thus forwarding only the authentic information and fully blocking the unwanted or suspected information (Stouffer, Pillitteri, Lightman, Abrams, & Hahn, 2015).

Finally, the organization should increase the physical safeguarding of important infrastructure through physical segregation (where the biological characteristics may apply) and physical guards. A combination of physical and software/hardware systems as already discussed will enable full and maximal protection of the power grid and thus the system may be regarded to as being full proof against external cyber-attacks and cyber espionages.

Evolution of Safeguards

Even as the Western Interconnection power grid seeks to safeguard its ICS and SCADA systems, it should acknowledge the evolution of the safeguards it employs as time goes by. The technical controls, the segregation and segmentation resources, the Stateful Inspection Firewalls and every other antivirus or software used are all changing with time. For this reason, the organization has to incorporate the right perspective of updating and adapting to the changing times; the evolution of the cyber-related capabilities and threats and the emerging technologies.In other words, the cyber defense and safeguarding systems should be able to change with changing times. In a world that is highly interconnected especially via the internet, it is very easy for the attackers to infiltrate the power grids system. However, the proposed safeguards are well integrated for combating the attacks even with the changing times.

For instance, the technical controls will establish an immunity of the systems software, information and infrastructure now and in the future. Reason being, safeguards such as the passwords and pins are only entrusted to one person, and they are changed as often and as randomly as possible. In other words, the access to an initial password may be rendered as not helpful to the attacker, since they passwords are changed as soon as frequently and randomly (not after a specific period) of time. Furthermore, based on the fact that there are sophisticated firewalls and access control measures, the attackers will never have the sufficient opportunity and or time to attack the system. For instance, the attacker may use their means to access the passwords and PINs relevant to enter a particular system, but the fact remains that they will have to surpass the Stateful Inspection Firewalls, physical security services and personnel etc. By the time they attempt to surpass all these safeguards, they will certainly have been detected and their efforts and malware will be blocked and deleted from the system.

In other words, the system will be hinged on more than one safeguard which will be changed and updated as often as possible and as randomly as possible according to the management's decisions. Further, newest and most defensive technologies shall be incorporated into the system and at the same time the initial systems updates as often as possible. Therefore, the system and its infrastructure will be kept up to date even as time goes by and will always be resilient to the changing and evolving nature of the threats and attacks of the APT.

Moreover, the fact that the system will be using RBAC which means that highly trusted personnel will be used to hold the authentication and authorization information. In this case, there will be very minimal chances of the attackers getting access to such authorization without being detected by the system. That is to say that even though there may be an internal assistor of the attackers, his/her efforts will be detected way before they bare any fruits for the attackers and the system will remain safeguarded now and in the future.

Recommended Functions or Systems

As much as the Western Interconnection employs the outlined safeguards, it will require systems that will perform the functions of detecting and identify possible infiltrated attacks within the organization's system. The detecting systems should do so on a timely basis such that at any one time, the cybersecurity threats are neutralized way before they incur any losses or infiltration of the system. The systems and functions incorporated should be able to protect the host layer, the network layer and the operational layer of the power grids system.

To begin with, in the network layer of the organization incorporate the IDS or IPS and the SIEM detection systems in addition to which it should incorporate effective firewall techniques (already suggested in the safeguard section) and routine firmware updates as already discussed (ZOHO Corp., 2007). The first suggested systems therefore are the Intrusion Detection Systems (IDSs) and also the Intrusion Prevention Systems (IPSs). These two systems will enable the hosts and organizations systems to detect the threats and malware based on the signature or the behavior of the attacks. In this case, the systems rely on the anomaly in behavior and signature of a given sets of codes and or software and easily links them to a potential attack on the system (Stouffer, Pillitteri, Lightman, Abrams, & Hahn, 2015). As a result, the anomalies are detected and a security alert triggered. Following this, the organization can take necessary steps against the detected anomaly.

The second systems that the power grid can apply can incorporate into their functionality are the Security Information and Event Management (SIEM) systems. These two systems are effective in detecting and enacting on the detected threats appropriately (ZOHO Corp., 2007). They affect their functionalities through combining a networks event logs, traffic data and other log and security information concerning a given sector of the system. After the combination, the systems can tell the authentic and the inauthentic logs and information...