Site icon Eminence Papers

DTL Power Cyber Sector Risk Profile

DTL Power Cyber Sector Risk Profile

In the risk profile report, the primary targets for cybercriminals are Australia’s DTL power and the United States federal government. DTL specializes in electricity generation and making various industrial dampers whose application in the power generation companies is vast. In contrast, the U.S. federal government is an essential entity that ensures the proper running of socioeconomic and political aspects of the United States. Collapsing DTL Power services has severe implications for businesses and critical systems that rely on electricity to run while targeting the federal government, which risks the release of valuable and highly sensitive information to the US’s enemies or the encryption of important data for ransom. Therefore, cybersecurity personnel must create stringent policies and implement them to protect against illegal access and tampering with user information. Various governments have created such policies globally to prevent specific cyber events such as hacking and fraud, the collapse of business service provision contributing to massive financial losses, and the creation of mitigation policies that aim at business continuity. Cybersecurity policies advocate for the appropriate and professional behavior of information technologists, a critical component of cybersecurity. Assessment of DTL power’s vulnerabilities gives insight into the design of holistic profiles for computing systems and protects them from cyber threats. This report will, in the subsequent sections, detail possible cyber risks and discuss appropriate defense strategies.

Cyber Security Profile

The establishment of a cybersecurity profile is a procedure that requires keen consideration of certain industry information, systems, and their sensitivity. Typical factors assessed when creating a cybersecurity profile include security controls, incident handling measures, and reputational, technical, and legal restrictions that may build toward an information security breach. Notably, DTL Power has implemented mandatory security policies proposed by the North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection (CIP). The scope of CIP regulations includes recovery plans for bulk electric systems (BES), vulnerability assessment, configuration change management, BES–System Categorization, security management controls, recovery plans, incident response and reporting, BES cyber system’s physical security, electronic security perimeter, information protection, and personnel and training (“Energy.gov,” 2016). There also exist voluntary cybersecurity policies considered by DTL power. These include strategies documented in the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework. This focused framework identifies standards, guidelines, and practices designed for organizations of any size to implement cybersecurity practices (Stine et al., 2020). The NIST Framework’s process encourages organizations to inventory their cybersecurity posture, after actions then allow them to make necessary adjustments based on these risk-based findings. However, there are some utilities that operate under different jurisdictions, which require the use of cybersecurity policies that are not regulated by NERC. In such a case, there are provisions that mandate DTL Power to adopt proper cyber-incident response plans, secure meter technology, and Federal NERC CIP policies.

Risks and Defense Strategies

There were three top cybersecurity risks identified: insider threats, state-sponsored actors, and cybercriminals, while the main threat vectors identified include viruses, malware, malicious insiders, threats and damage to critical systems, phishing, and ransomware attacks. An insider threat is defined as an employee, former employee, contractor, or business associate (Skelton, 2017). Specifically, these people usually have inside information about an organization’s computer systems, data, and security practices. These malicious acts can be astronomical if conducted by authorized users with elevated permissions, such as Executives, Senior Managers, and System Administrators. Contrarily, state actors act on behalf of a country’s government to obtain sensitive information from non-allies (Skelton, 2017). Cybercriminals operate in a non-sanctioned environment and range from amateurs to professionals; most notably, the ones that cause the most harm are hacktivists, criminal hackers, and black hat hackers. A foreign nation does not employ cybercriminals.

Insider threats risk exposure of classified material, power plants, SCADA systems, and intellectual property. The most effective defense strategy is monitoring corporate and other organizational networks, identifying privileged access used to facilitate the attack, restricting the accounts from accessing the system, and quarantining affected servers/computers (Chen et al., 2016). In the case of state-sponsored attacks, the attacks focus on Segmented networks with robust firewalls, Remote login credentials into the SCADA network, The Supervisory Control and Data Acquisition network that controls the grid, Elevated user credentials, and access to systems that control the power breakers and the Uninterruptable Power Supplies (Chen et al., 2016). Additionally, state-sponsored attacks expose systems to steal intellectual property and collect information for defense, intelligence, and political gain. On the other hand, cybercriminals penetrate systems for personal achievements or financial gain (Moore, 2010). Such attacks risk disruption of power supply by interrupting highly classified information or power grids and encrypting system information using ransomware.

In addition to the risks and defense strategies highlighted above, the following computer security policies play a significant role in enhancing organizational cybersecurity. De Bruijn & Janssen (2017) assert that communication over the internet and browsing non-corporate sites should be restricted, limiting login attempts to three, setting password expiry periods (forty-five days), minimum password length of eight characters that must contain a mixture of numbers, uppercase, and lowercase, and special characters, limiting re-use of expired credentials, staff signing of non-disclosure agreements concerning cyberattacks, rotation and vacation of employees, hiring competent cybersecurity personnel, implementation of a need to know information sharing policy to external agencies, enforcement of data privacy policies, insurance of cybersecurity policies, investment in public relations, and training of personnel concerning penetration testing, encryption, control focus, and network vulnerability assessment.

Cyber Security Analysis

DTL power and the United States Federal government must be adequately protected from cyber threats, the federal government and DTL Power systems provide critical services that have severe impacts ranging from national, subnational, region, and industry-specific categories. Cyberattacks on energy companies have majorly focused on industrial control systems. This kind of approach is designed to implement complex, large-scale cyberattacks that physically damage the grid. Typically, hackers penetrate industrial control systems, observe how controls work, and take over the company’s infrastructure. The attackers aim at destroying or disrupting energy companies, distribution networks, transmission controls, and substations’ services. In the past decade, cybercriminals have used Metasploit and Shodan to discover devices and components with internet access. These devices are then used to penetrate ICS and SCADA systems.

Cybersystems for the Federal government and DTL Power must adopt the latest intrusion detection systems, firewalls, use of authentic software, regular updating of systems to fix security vulnerabilities and use virtual private networks sharing sensitive data. Users need to frequently reset passwords that are strong and complex and conform to organizational cybersecurity policies (Moore, 2010). To attain reliable cybersecurity, users and support personnel must be competent regarding the policies (Cichonski et al., 2012). This calls for periodic teaching of users about cybersecurity policies, such as channeling information in the event of an attack (Kosseff, 2018). Everyone in the organization must know the cybersecurity team and their roles. For instance, an organization appoints a public relations person who facilitates communication with the media and law enforcement agencies about a cyber incident in liaison with the cybersecurity-law competent organization’s lawyer (Stine et al., 2020). Overall, for the cybersecurity measures to work, there is an urgent need for collaboration between organizations that have sensitive information/critical systems, state agencies, and global cybersecurity communities to share notes on how attacks have occurred on various continents and the measures taken to combat them (Cichonski et al., 2012). That way, cyber threats can be mitigated more efficiently.

Conclusion

Critical service or infrastructure organizations and state-owned agencies must identify and mitigate cyber threats and attacks to ensure business continuity. Cyberattacks have detrimental effects on the public, vendors, and utility companies, as witnessed in the 21st century across the globe. Unfortunately, there is no specific tool or framework that defines an ever-lasting technique for combating cyberattacks. Over time, the attacks evolve and adopt newer and more aggressive attack vectors. All organizations that use computing equipment have a mandate to consistently keep up to date with the latest cybersecurity industry practices in mitigating vulnerabilities. Additionally, affected organizations need to team up with their nation’s federal governments to upgrade their preparedness, mitigation policies, and cyber threat databases. Given the implication of a cyber-attack disrupting Australia’s DTL power plant, cyber professionals need to prevent, track and respond to cyberattacks as a measure to maintain cybersecurity and correctly to apply risk management policies to the established threat matrix.

References

Barrett, M. P. (2018). Framework for improving critical infrastructure cybersecurity. National Institute of Standards and Technology, Gaithersburg, MD, USA, Tech. Rep.

Chen, Y., Hong, J., & Liu, C. C. (2016). Modeling of intrusion and defense for assessment of cybersecurity at power substations. IEEE Transactions on Smart Grid9(4), 2541-2552.

Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer Security Incident Handling Guide: Recommendations of the National Institute of Standards and Technology. doi: 10.6028/nist.sp.800-61r2

de Bruijn, H., & Janssen, M. (2017). Building cybersecurity awareness: The need for evidence-based framing strategies. Government Information Quarterly34(1), 1-7.

Energy.gov. (2016). Cyber Threat and Vulnerability Analysis of the U.S. Electric Sector. Retrieved from https://www.energy.gov/sites/prod/files/2017/01/f34/Cyber%20Threat%20and%20Vulnerability%20Analysis%20of%20the%20U.S.%20Electric%20Sector.pdf

Kosseff, J. (2018, May). Developing collaborative and cohesive cybersecurity legal principles. In 2018 10th International Conference on Cyber Conflict (CyCon) (pp. 283-298). IEEE.

Moore, T. (2010). The economics of cybersecurity: Principles and policy options. International Journal of Critical Infrastructure Protection3(3-4), 103-117.

Skelton, A. (2017). Analyzing Cyber Threats Affecting the Financial Industry.

Stine, K., Quinn, S., Witte, G., & Gardner, R. (2020). Integrating Cybersecurity and Enterprise Risk Management (ERM) (No. NIST Internal or Interagency Report (NISTIR) 8286 (Draft)). National Institute of Standards and Technology.

ORDER A PLAGIARISM-FREE PAPER HERE

We’ll write everything from scratch

Question 


Cyber Sector Risk Profile

Based on the risk profile, risk threat matrix, and ELITE results from previous steps, your team should have a solid understanding of the risks to your industry. The team should now develop the Cyber Sector Risk Profile, a culmination of your research of risks and defense strategies in your sector. In this profile, provide a cybersecurity analysis of your industry sector.
Combine this information with the risk profile and risk threat matrix from prior steps to create this comprehensive profile.

Exit mobile version