Industrial Control Systems

Questions: 1. Define what an Advanced Persistent Threat(APT) is.2. How might an APT be used in a Cyber War to inflict damage on Industrial Control Systems?3. Provide an example of an APT being used to cause damage to an Industrial Control System. Answers: 1. The type of network threat which is characterized by the unauthorized entry of a person with an intention to steal crucial data about the organization is known as Advanced Persistent Threat (APT). The intruder stays there in the network for a long period and remains undetected. The target organizations for this type of threats include defense sector, financial sector or manufacturing sector which deals with high-value information (Kreutz et al., 2013). The main intention of the intruder is to stay in the network for longer time frame by bluffing the Intrusion Detection System (IDS) (Liao et al., 2013). For this purpose, the intruders constantly rephrase the code and use advanced evasion techniques. APTs usually targets political as well as business entities and is a part of Cyber Crime category. At first, the intruder gains illegitimate access to the network. After that, they try to collect the confidential user credentials and then tend to move in a lateral direction with the help of backdoors. The back doors are the means of gaining access to a computer network by removing security tools. The backdoors give access to the intruder t install several malware in the system that remains hidden. The terms in the name Advanced Persistent Threat (APT) has significant meanings. The word Advanced signifies complicated attack tools used which are far above the ordinary methodologies. The term Persistent means the intruder attacks take place after constant monitoring of the network. The term Threat signifies that the attack has been done by human and not by any automated and careless piece of code. 2. The conglomerate of several control systems which are deployed in industrial production is known as Industrial Control Systems (ICS). They consist of Distributed Control Systems (DCS), Supervisory Control and Data Acquisition (SCADA), Programmable Logic Controllers (PLC) and others. ICS can be found in typical industries like water, electrical, gas, oil and others (Knapp Langill 2014). APT is a major source of attacks on the Industrial Control Systems. The practice of cyber attacks is getting strengthened by APT or Advanced Persistent Threat. The various APT used are Stuxnet, for example, Flame, Duqu, Shamoon, Sandworm, Bear or Dragonfly. APT use advanced techniques, sophisticated social engineering, protocol exploits and others. Almost all the attacks on advanced level employ social engineering. Attackers use tricks to lure the user in opening the infected attachment in emails, loading as well as opening the malicious file or clicking on a malicious website which otherwise seems innocent and harmless (Amin et al., 2013). Prevention of APT is a great concern to organizations. Some organizations feel that no matter what precautions they take, their security would be breached. Hence, they isolate the ICS network to stop possible threats. While other organizations feel that, they are capable of stopping the APT attacks. They believe that they have deployed a strong platform which would make hacking or intrude the network almost impossible. Few firms have developed next generation firewall, intelligent cloud system which detects any probable threats, advanced security measures so that there is an increased automation of security. The safety and security of ICS are an entirely different approach from the usual cyber security measures (Hoffstadt et al., 2014). 3. The APT is not fictitious as there have been innumerable incidents when security measures have been breached by APT or Advanced Persistent Threats. APT is known to cause an impact on national security, loss of production, damage to physical equipment, regulatory requirements violation and others. One such example is described below- Worcester Air Traffic Communications This incident took place in Worcester area in Massachusetts and was done by a teenager in March 1997. He disabled a portion of the public telephone network taking the aid of dial up modem which was connected to the computer network. This impacted the telephone operations at the control tower, the fire department in the airport, airport security framework, weather service and the medium that use the airport. The towers primary radio transmitter was hampered as well the transmitter that activates lights in the runaway was severely affected. As a result, the runaway lights were shut down which caused a major chaos for the airport officials. It also increased the risk of accidents. Also, the printer which was used for monitoring the progress of the flights within the control room was severely affected. This posed a serious risk for the airport staff to carry out their day to day operations which resulted in a delay in the flight operations. The telephone connection to 600 businesses as w ell as homes in the nearby city of Rutland was disrupted, as a result of the attack. Such attacks cause loss of data as well as property and also physical damage to the environment (Kim, 2012). References Amin, S., Litrico, X., Sastry, S., Bayen, A. M. (2013). Cyber security of water SCADA systemspart I: analysis and experimentation of stealthy deception attacks.Control Systems Technology, IEEE Transactions on,21(5), 1963-1970. Hoffstadt, D., Rathgeb, E., Liebig, M., Meister, R., Rebahi, Y., Thanh, T. Q. (2014, February). A comprehensive framework for detecting and preventing VoIP fraud and misuse. InComputing, Networking and Communications (ICNC), 2014 International Conference on(pp. 807-813). IEEE. Kim, T. H. (2012). Hiding solution for internet-based supervisory control and data acquisition (SCADA) system threats management.African Journal of Business Management,6(44), 10974. Knapp, E. D., Langill, J. T. (2014).Industrial Network Security: Securing critical infrastructure networks for smart grid, SCADA, and other Industrial Control Systems. Syngress. Kreutz, D., Ramos, F., Verissimo, P. (2013, August). Towards secure and dependable software-defined networks. InProceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking(pp. 55-60). ACM. Liao, H. J., Lin, C. H. R., Lin, Y. C., Tung, K. Y. (2013). Intrusion detection system: A comprehensive review.Journal of Network and Computer Applications,36(1), 16-24.