ICSIS SCADA Hacker Discussion

ICSIS SCADA Hacker Discussion

The paper will focus on selecting a company and one of their industrial control system offerings. Solutions are often aligned to specific industry sectors and customer bases. These solutions should be understood to then look at vulnerabilities that have been disclosed targeting these systems. Equally important is the impact to the business operations of the end-user or asset owner should any of these vulnerabilities be exploiting – either intentionally or accidentally.

It is essential to evaluate the unmitigated risks associated with these vulnerabilities and develop a recommended list of actions that would help the asset owner in mitigating some of these risk in order to improve the operational integrity of their cyber-physical systems.

Requirements:

The paper shall be written using the approved course template including layout and styles – no modification to existing layout and styles including font types and height is allowed. The submission of a document that is not the approved template may result in an immediate 20% reduction in grade.

The paper shall be at least five (5) and no more than ten (10) pages in length excluding cover page, figures, tables, and references. The paper shall be formatted using an 11-point font of Arial type using 1″ margins on the sides and double-spacing between lines with 0.5″ indentation on first line of paragraphs. Acceptable styles have already been built into the template document.

The paper shall be written using the APA style guide seventh edition published in October 2019. Online guidance can be viewed at https://apastyle.apa.org.

All tables and figures shall be captioned and specifically referenced in the body of the document. All references shall be stated and included as ENDNOTES in this paper. Citations must meet the following requirements:

· No more than two (2) citations shall be from Wikipedia

· At least two (2) references shall be from United States government sites (e.g. CISA, NIST)

· At least two (2) references from vendor web (html) or printed (pdf) material

· At least two (2) references shall be from independent sources including but not limited to

· News Media Outlets (e.g. Reuters, Washington Post, Wired, CSOOnline)

· Industry Publications (e.g. Automation, ISSSource, Control)

· Trade Sources (e.g. Oil and Gas Journal, ChemWeek, PharmaTimes)

· Security Solution Providers (e.g. McAfee, Trend Micro, Dragos, Claroty) to name several.

A MANDATORY template has been provided meeting these requirements.

A list of 11 different vendors and systems have been offered. Selection begins on October 18, 2021 (Week 8) and is expected to be completed by November 1, 2021 (Week 10). You are free to change your selection until the cut-off date. No more than four (4) students can choose the same vendor and system topic, so all selections may not be available at any given time. Failure to complete the selection process early could reduce the number of choices available and not provide sufficient time to complete the term paper and associated presentation.

The term research paper and associated presentation comprise 20% of your overall course grade and will be assigned a numerical percentage grade based on the following scale:

A = 90% – 100% B = 80% – 89% C = 70% – 79% D = 60% – 69% F = 59% or less

Grading for term research paper and associated presentation will be based on the following metrics:

20% = Ideas and Analysis 20% = Organization 20% = Development and Support 10% = Style 20% = Mechanics 10% = Presentation

Spelling and grammatical correctness will be used as marking against Mechanics. The paper will immediately loss the 20% “Mechanics” component if the first page contains more than five (5) grammatical errors that hinder the ability to read and comprehend the material. Use of current review editors such as those included with Microsoft Word are strongly encouraged.

The term research paper and associated presentation should be logically divided into sections that follow sound research paper style and address each of the following areas. You are free to organization the paper and presentation as appropriate, however a template has been provided for both the paper and presentation to help start the initial paper structure. The section titles (paper) and slide titles (presentation) in the templates are for reference only.

Your paper and presentation shall address and develop each of the following items:

1. System overview (textual) and architecture (graphical) covering devices and network topology explaining the function of each of the key assets

2. Communication protocols used by the system

3. Industry sectors that use the system

4. Vulnerabilities publicly disclosed for the system and the publication of any exploitation packages

5. Potential or actual impact of the vulnerabilities discovered to the industry sectors served

6. Cyber security measures taken by the vendor to secure the system

7. Additional cyber security measures that could be taken by the end-user user if the vendor recommendations are not feasible (e.g. an upgrade could not be performed in a timely manner)