From our review of Water Systems in week three, outline the activities taken by the EPA to monitor our water supply through its implementation of an anomaly detection system, the cybersecurity vulnerabilities within this CI, the policies, politics, and other elements that either support or hinder successfully securing our national water systems, and your overall perspective of the technical and operational challenges going forward.
The cyber-insecurity poses threats to various critical infrastructures such as water systems which can be used by cybercriminals to attack users of such infrastructures. The U.S. government just like some other countries across the globe is concerned about the quality of water consumed by the citizens (Hakim, Blackstone & Clark, 2017). The government has taken various initiatives to promote the safety of water and prevent health hazards. A large number of remote access points in the water management systems poses challenges to the establishment of prevention of accidental or deliberate contamination. The United States’ Environmental Protection Agency (EPA) is one of the lead agencies in protecting the critical infrastructures from threats of cyber-insecurity. The agency offers tools and strategies necessary to improve the resiliency of drinking water and wastewater resiliency to disasters and ensure quick recovery from contamination caused by chemical, biological, radiological (CBR) agents. The EPA also supports water utilities to promote cyber-security of the water system.
We can do it today.
Water systems are prone to planned or accidental contamination and attacks including explosives which if it occurs can have devastating effects on the people served by the affected water utilities. The EPA uses various approaches to achieve its mandate including identifying and prioritizing threats to water infrastructures including clean water and wastewater. It also assesses and estimates the magnitudes of threat (Hakim et al., 2017). Developing modelling tools for vulnerability, assessment of consequences and augmenting risk management. Finally, the agency designs countermeasures to mitigate the intentional risks of contamination.
EPA also uses various tools to mitigate the threat of explosives attacks on the water systems. EPA uses a desktop computer and Blast Vulnerability Assessment (BVA) tools to estimate the possible risks and potential damage in case of an attack (Environmental Protection Agency, 2016). The EPA makes these tools available through Water Information Sharing and Analysis Center (WaterISAC). The water utilities also use various tools to assess the consequences of potential contamination using various tools including Threat Ensemble Vulnerability Assessment (TEVA) tool.
As part of EPA’s initiative to enhance the safety of the water systems, the agency has launched Water Quality Event Detection System contest to ascertain the best tools appropriate for detecting the water quality. The main EPA’s focus is to establish Contaminant Warning Systems (CWS) to provide real-time detection of the presence of contaminants in the water systems (Environmental Protection Agency, 2016). This strategy will lead to cut or discontinuation of the supply of contaminated water to the users as a countermeasure for attacks on the water systems. EPA has in collaboration with the American Water Works Association (AWWA) created a contingency plan on how to deal with the large-scale disaster. There is a recommendation to use an alternative source of drinking water treatment of wastewater in case of an attack on the water utilities.
There are various policy and political issues surrounding the cyber-attacks. For instance, the Bioterrorism Act of 2002 requires the government to conduct an assessment of the vulnerability of drinking water utilities being used by more than 3,300 people and establish response plans. Following the North Korea attack against Sony, the attack triggered various political reactions which led to a conclusion that there is a need for strengthening cyber-security to protect crucial infrastructures and individual’s privacy (DOD, 2015). Therefore, various government agencies and private partners should work together against the increasing cyber insecurity.
Outline the Department of Defense’s (DOD) and the Department of Homeland Security (DHS) responsibilities for Cybersecurity, their respective roles and relationships to fight (defense and offense) in the Cyber realm, the challenges each faces in successfully achieving their responsibilities; and, provide your perspective of what actions you believe should be taken to improve the capabilities of these two departments to enable them to meet their mission objectives.
Cyber insecurity is an issue of concern among the government and businesses in the U.S. and elsewhere in the around the globe. In the U.S., the Department of Defense (DOD) and the Department of Homeland Security (DHS) among others have responsibility for dealing with issues of cyber attackers (Hakim et al., 2017). The DOD has the responsibility for protecting the US against cyber-attacks of all forms including the cyberspace. They are responsible for preventing the country against any cyber threats through cyber operations regardless of the status of the nation. The DOD uses various tools such as diplomatic, financial, economic, enforcement and information sharing tools to protect the country against cyber threats. The various strategies by DOD include response to attacks, denial of attack and creating resilient systems which can withstand attack to promote cybersecurity (DOD, 2015).
However, DOD faces various challenges including the threat of attack against its systems. Also, the sophisticated technology used by attackers can surpass the cybersecurity structures established by the DOD (The Aspen Institute Homeland Security Group, 2012). Finally, the successful operations of the DOD cybersecurity operations are dependent on the level of collaboration with other departments and private companies. Sometimes the coordination of DOD with private partners can expose the DOD to cybersecurity threats and vulnerabilities. Therefore, DOD must focus on securing its systems and take caution when dealing with other departments and other private partners to minimize its exposure.
Also, the DHS has a great role to play in promoting cybersecurity in the country as stipulated in the federal statute, department of policies and guidance as well as presidential directives. The DHS undertakes various issues focused on promoting cybersecurity and also engage owners and operators of critical infrastructures and key resources (CIKR). The DHS engages in collecting and disseminating information involving threats or potential risk involving critical infrastructures and provide appropriate technical support to the owners and operators of CIKR. Also, under the stipulations of the HSPD-7, the DHS mission includes “analysis, warning, information sharing, vulnerability reduction, mitigation, and aiding national recovery efforts for critical infrastructure information systems” (The Aspen Institute Homeland Security Group, 2012, P.2). Furthermore, it is responsible for developing National Infrastructure Protection Plan outlining the necessary approach for establishing physical and critical infrastructure protection. DHS also coordinates the protection efforts of all critical infrastructures to promote their security.
The DHS works in collaboration with various agencies such as EPA to investigate cyber-crimes and issue a comprehensive report of their findings for further action by other government agencies and departments involving in providing security. For instance, in 2014 the water sector forwarded 14 incidences of cybersecurity to the DHS for a response (Lee, 2015).
The DHS should strategies its operations to enhance the real-time availability of data regarding status if Cyber Insecurity to ensure effective decision making. Furthermore, the success of DHS operations depends on the level of collaboration with other departments, owners and operators of critical infrastructures.
Provide a description of what SCADA systems are, how they are integrated into IT systems, the importance of SCADA to cybersecurity, the three main generations of SCADA, and the cybersecurity vulnerabilities and challenges facing CI sectors; finish with your perspective of actions and recommendations to be taken to ensure this aspect of our CII is secure.
Supervisory control and data acquisition (SCADA), also known as Industrial Control Systems (ICS) systems, is a monitoring and control system comprising of various hardware and software components for industrial use. SCADA offers natural chance to enhance protection against water infection. This system is essential for effective security operations of medium-to-large drinking water and wastewater utilities in the US (EEP, 2013, p.33). It helps the human monitoring of industrial processes at single or multiple locations by providing real-time data from the source, allowing the processing and interpretation of data for the response. The system enables computerized monitoring and control of industrial processes covering large distances and multiple sites. SCADA system consists of various components such as; (i) human-machine interface (HMI) that enables the user of the system to interact with the system to initiate monitoring and control processes. (ii) The supervisory system for gathering and sending a command to the process. (iii) Remote terminal units (RTUs) for connecting sensors and relaying digital data to the supervisory system. (iv) Programmable logic controls (PLCs). (v) Communicating infrastructures linking supervisory system to RTUs (EEP, 2013). The system also contains several other processes and analytical tools used in the control and monitoring of security of water systems. The water management system involves protecting SCADA against ICT related security threats.
The operations of SCADA begin with PLCs or RTUs which gathers data and information from the water utilities and disseminate the data to other components of the system such as HMI and sensors which direct the data to the computer containing the SCADA software (EEP, 2013). After receiving information the SCADA software processes, relay and display data to the system operator and other parties involved with decision-making process. For instance, if the SCADA system notifies the operator or other employees of the water company that there is an attack or contamination of the water system the operator may react by switching off the flow of water using HMI and examine the cause of an attack of contamination. The operator can then recommend the alternative such as the use of water from other sources (Hakim et al., 2017). Also, the operator can decide on the best action to be taken to prevent massive damage or loss that may be caused to the users of contaminated water.
The SCADA system has evolved into a very sophisticated system used in the modern society. The evolution of SCADA can be identified as first generation (monolithic), second generation (distributed) and third generation (Networked) (EEP, 2013). The monolithic SCADA were the early systems established using large minicomputers and lacked network services. The system had no connection with other systems and relied on proprietary communication protocols. The remote Terminal Units were connected with mainframe system for back-up for use in case of failure of the primary mainframe system.
The “distributed” generation used local area network (LAN) to connect the information and command processing unit (EEP, 2013). However, the still used unstandardized network protocols which made them uncommon among various users.
The “networked” SCADA system is the third generation involves a high integration processes comprising of process control units (PCN) linking a wide number of networked designs spread across wide geographical system using several LAN networks (EEP, 2013).
SCADA system is exposed to various cyber threats and vulnerabilities. For instance, it is vulnerable to slow updates because of growing complexity which exposes them to the threat of attack (Lee, 2015). The authentication holes cause by unsafe practices including weak authentication and sharing of passwords. Also, lack of constant monitoring of the SCADA system increases threats of attack by cyber-criminals. Furthermore, lack of understanding of the traffic flowing into the system by the managers exposes the system to threat of attack since managers are unaware of when to take appropriate action.
I would recommend the management to focus on reducing vulnerability and potential threats on SCADA by providing various security measures such as strong password, restricting the sharing of passwords, regular upgrade of the system and offering adequate training to the users of the SCADA system to minimize exposure and vulnerabilities.
- DOD, (2015). The Department Of Defense Cyber Strategy.
- Lee, N. (2015). Counterterrorism and Cybersecurity: Total Information Awareness, 2nd Ed. Springer. New York.
- EEP, (2013). 3 generations of SCADA system architectures you should know about.
- Environmental Protection Agency, 2016, Water System Security and Resilience in Homeland Security Research.
- Hakim, S., Blackstone, E.A. & Clark R. M. (Eds) (2017). CyberPhysical Security Protecting Critical Infrastructure at the State and Local Level. Springer International Publishing Switzerland.
- The Aspen Institute Homeland Security Group, (2012). Cybersecurity & the Department of Homeland Security Cyber Working Group.