Discussion Question: From the below Critical Infrastructure Case Study, Find at least 2 articles relating to the case study. In a minimum of 500 words, summarize the policy and process failures that allowed the breach to occur. Address the impact to an organization when this type of breach occurs, and discuss the steps that you would have taken to ensure that this type of breach wouldn’t occur in your organization.
initial post must contain a properly formatted in-text citation and scholarly reference, all work needs to be your original work, remember to also include citations
** i also need two short critical evaluations of other students’ posts after you post your response i will provide those students post to evaluate.**
Critical Infrastructure Case Study ::
Televent is a company that provides software and services to monitor and support the energy industry in the US and Canada. On September 10, 2012, the company identified a breach of its internal firewall and network. Televent said the hacker installed malicious software and stole software related to its core offering used by its customers. This is a class of software known as â€œsupervisory, control, and data acquisition,â€ commonly called SCADA. SCADA systems are vital component in managing and controlling of power grids.
These types of successful attacks highlight how vulnerable power grids, and thus the national critical infrastructure, are to hackers. SCADA networks were built originally as closed systems, but over time devices with Internet access have been added to the SCADA networks. For example, individual desktops have Internet access, and access to business servers as well as the SCADA network. This makes the SCADA system vulnerable to Internet threats.
In this case, Televent reported that it had disconnected the usual data links between clients and segmented the affected portions of its internal networks.
As with many breaches, the technical details may never be known to the public. However, it is clear that the existing infrastructure policies were not adequate. The measures taken in the breach announcement indicate a lack of adequate policy and/or enforcement in at least these two areas:
â€¢ Network segmentation
â€¢ Separation between production and test environments
Network segmentation was introduced immediately to isolate the customer support systems from those infected by malicious software. This raises the question of why such segmentation wasnâ€™t included as part of the LAN policy in the first place. Such a policy would have ensured the creation of a closed network of people, process, and technology for the systems providing direct access to the customer network.
It is unclear if the malicious software was placed on production or test systems. Separation between production and test systems is an important control. In this case, the need to segment the network immediately and the loss of software code are good indications that both test and production systems were vulnerable. This would be an indication of a potential lack of control between the test and production environments. System and application domain policies not only should be segmented but also should highly restrict access between these two environments.