Describe the Industry
The
water treatment company is the company dedicated to the supply of clean water,
in industries, urban areas, hospitals, and the county council sanitary and
drainage systems. The water treatment system and the water catchment areas
experience a high level of fluctuating pressure and in the constant bursting of
pipes. The main reason as to why the water treatment company has continuously
experienced losses is due to the poor monitoring of turbulence and the flow
rates. The company has opted to
implement the Industrial Control system to control, manage and monitor the
industrial flow of water (Jiang, et al… 2015).
The Importance of Water
Treatment Industry in the Society
The
water treatment industry provides water for drinking in the rural and the urban
center (Jiang, et al… 2015). The water treatment industry provides water for
the manufacturing and the processing industries. The water treatment industry, supply water to
the county council government for sanitary cleaning and the drainage systems in
the urban centers. The water treatment industries provide complex and dynamic
water catchment intakes to collect sufficient water required for agricultural
activities and the irrigation purposes.
The Industrial Control
System Process Employed
1. The SCADA system is the primary control
system implemented in the industry.
2. The Remote Terminal Units (RTU), the
function of the RTU, is to send and receive the control information (Baggini,
& Sumper, 2012).
3. The ICP and the programmable logic
controller (PLC) used to manage and control the discrete flow of fluids and to
monitor the turbulence flows (Cosman, 2014).
4. The programmable automation controller
(PAC) used to monitor the water catchment areas
|
Device
|
Port number
|
protocol
|
Physical connection
|
Default account
|
Services
|
authentication
|
encryption
|
logging
|
|
DCS
|
930 L, 80
|
Ethernet
|
serial
|
user
|
I/O
|
passwords
|
ciphers
|
enable
|
|
PLC
|
8080, RS232/422/485
|
SMTP, TCP/IP
|
Serial bus, RJ - 45
|
Admin
|
I/O , CPU
|
none
|
Crossed crypto scheme
|
enabled on local server
|
|
SCADA
|
502, 80
|
OPC, TCP/IP
|
RJ - 45
|
none
|
HMI
|
Dial Up Modem
|
ciphers
|
enabled on local server
|
|
RTU
|
RS 23
|
Modbus
|
Ethernet
|
admin
|
Ethernet
|
DNP3
|
Closed
|
enabled on local server
|
Identified Security
Controls
The
major security controls enforced includes data and information confidentiality,
integrity, and availability (CIA) (Bailey & Wright, 2003). The data and
information confidentiality approach ensure that the input and the output data
have high security against unauthorized individuals. The parameters applied to
enforce security include the verification and the authentication protocols. The
data and information integrity approach ensure that the data and information
have security against breaches. The system has settings and configurations that
prohibit any modification of data by unauthorized individuals. The parameters
applied include the use of the user accounts and personal identification
number. The data and information availability strategy ensure that data and
information have easy access at any point through the network enabled
connections.
Application of ICS
Security Best Practices
The
water treatment company network should have an installation of the hardware and
the software firewalls. The firewalls control and manage unauthorized packets
entering or leaving the network through filtering (Baggini, & Sumper,
2012). The water treatment company should install the Intrusion Detection
System (IDS) to protect the network from possible attacks by the intruders. The
water treatment company should install the Intrusion Prevention Systems (IPS)
within the company network to fix and update the network system logs with the
recent techniques for used by hackers to gain access to the company databases.
The industries should take the concern of installing the monitoring devices
like the Radio Frequency Identification (RFID) to make sure that the entire
operations within the industry have secure monitoring to empower the security
in the systems.
Unpremeditated Risks
and Risk Strategy
The
risks of the water treatment company that have classification as the unmediated
risks include the natural disasters and artificial risks. The natural disasters
refer to the risks that attack the industries unpredictable and have no human
control. The causes of the natural disasters include the catastrophic disasters
like the earthquake, thunderstorms, hail storms, Whirlwind and floods (Piggin,
2014). The strike by the lightening has classification as the natural disaster.
The artificial refers to the risks and the loss caused by people. The
artificial disasters have a direct human intervention. The examples of the
artificial disaster disasters include the fire strike, theft cases, and planned
burglaries, as well as the public, misuse of resources and vandalizing (Bailey
& Wright, 2003).
The
water treatment company should deal with the unpredictable attacks through the
formulation of the disaster recovery plan under the contingency plan (Jiang, et
al… 2015). The water treatment company should take the initiative of analyzing
the risk and make sure that the major and the minor risks have identification.
The water treatment company should then form a team that should formulate the
disaster recovery plan as well as the business recovery planning. The disaster
recovery plan helps in recovering the data and information lost as a result of
the disaster strike. The recovery planning refers to the formulation of the
strategies that enhance recovery of goods and assets belonging to the water
treatment company. The methodologies applied in ensuring that the natural
disasters and artificial disasters have come under control include the implementation
of the data and information backup. The other plans involve practicing the
application of the data and information security through the ethical issues
like installation of the antivirus software on the machines (Ginter, 2013). The
issues involving consulting the third parties to secure the industrial assets
against attacks is one of the best practices that guarantee recovery of the
industry after encountering a catastrophic disaster.
Vulnerability
Continuous Planning Strategy
The
Industrial Control Systems in should implement the application of the Bandolier
modules to secure the industrial systems from vulnerabilities. The Bandolier
modules have usage in the analysis of the Industrial control systems to
determine the areas with flaws. The Bandolier modules tool identifies and
reports the weakness of the Industrial control system. The tool helps the
organization to know the sections causing the problem though the mapping
applications (Bailey & Wright, 2003). The Bandolier modules have artificial
intelligence capability that informs the system analyzes the possible loops
holes within the system that the intruders can easily attack the system. The
Bandolier modules tool is an IA-certified tool since professionals developed
the tool through the application of the system development lifecycle. The
programming team and the IT professionals develop the tool to assist in
activities like the troubleshooting, repairing and diagnosing of the Industrial
Control Systems. The Bandolier modules tool offer effective and efficient
services operation that guarantees the industrial systems are having compatible
attributes of compliance with SCAP quality metrics. The complaint of the
Bandolier modules has a guarantee and ability to support other tools like
Nessus and Snort. The tools like the Nessus and Snort have a high level of
compatibility.
Script Rules for Each
Industrial Control Systems System
The
organization must implement the formulation of the rules and the regulations
that govern the major activities and the processes within the organization. The
major activities and functions involving the tendering and the purchasing of
the hardware and the software components must follow certain procedures defined
by the organization policies. The policies should guarantee that the sources of
the hardware and software devices have verifications and certificates from the
international organizations like the International standards of the
organization (ISO) (Baggini, & Sumper, 2012). The company IT policy
document should define the criteria applied in the process of ensuring that the
correct procedures have proper adherence hence ensuring that the process
requiring document approval have no omissions by the involved team. The team
involved in the processes requiring the installation and the maintenance of the
IT systems must take the correct formulations that adhere to the entire system
of rules that govern particular activity. The industries should engage in
constant training of the employees as well as taking the employees in the
workshop platforms to gain knowledge and skills based on the ethical issues and
the good practices.
References
Baggini, A. B., & Sumper,
A. (2012). Electrical energy
efficiency: Technologies and
applications.
Chichester [England: Wiley.
Bailey, D., & Wright, E.
(2003). Practical SCADA for
industry. Amsterdam: Elsevier
Cosman, E. C. (2014).
INDUSTRIAL CONTROL SYSTEMS SECURITY: The Owner-
Operator's
Challenge. (Cover story). Chemical Engineering, 121(6),
30-35
Ginter, A. (2013).
Securing Industrial Control Systems. (Cover story). Chemical
Engineering, 120(7),
30-35.
Jiang, W., Ma, Y.,
Sang, N., & Zhong, Z. (2015). Dynamic security management for real-time
Qembedded
applications in industrial networks. Computers & Electrical
Engineering, 4186-101.
doi:10.1016/j.compeleceng.2014.10.002
Piggin, R. (2014).
Industrial systems: cyber-security's new battlefront. Engineering &
Technology
(17509637), 9(8), 70-74
Sherry Roberts is the author of this paper. A senior editor at MeldaResearch.Com in cheap term papers if you need a similar paper you can place your order from top research paper writing companies.
No comments:
Post a Comment