CIS 359 Stuxnet and US Incident Response

Strayer CIS 359 Disaster Recovery Management, Case Study 1: Stuxnet and U.S. Incident Response, Graded A, 6 pages, 1002 words.
Read the article titled “When Stuxnet Hit the Homeland: Government Response to the Rescue,” from ABC News and consider this threat in terms of incident response and recovery procedures.
Write a three to four (3-4) page paper in which you:
1. Explain the role of US-CERT in protecting the nation’s industrial systems and analyze its efforts in relation to preparedness and incident and recovery management.
2. Discuss the efforts of ICS-CERT specifically to the Stuxnet threat and examine its incident response efforts to mitigate this risk against U.S. industrial systems.
3. With the sophistication of the primary sites of industrial system implementations, determine whether or not alternate sites (e.g., hot site) are feasible for organizations that utilize ICS technologies. Provide a rationale.
4. Explain the high-level planning needed for an industrial systems organization that utilizes ICS technologies to prepare for attacks from cyber threats such as Stuxnet.
5. Use at least four (4) quality resources in this assignment.

Download Now
(sent via email)

Discussion one:

Suppose you were proposing the Implementation of an IDS to your manager as a new initiative for your organization. Explain how you would make a business case for obtaining the funds in order to fully implement this initiative.
I’m going to assume this is an IDS/IPS, and not just an IDS that can only detect and not prevent. .. First, I would research and pull together valid statistics on the effectiveness of IDS/IPS. Then I would obtain an evaluation unit from a preferred manufacturer to install in monitor-only mode and collect actual data for attacks we are seeing against our own systems. I would then pull information on the average cost per incident in our industry and, off possible, gather information as to what our cost could be per-incident. Using this information, I would build a presentation taking the statistical data collected in my research, and compare it with the statistics from the data collected during the evaluation to show how at-risk we actually are. I would also compare the costs of implementation to the potential costs per-incident as part of a cost-benefit analysis. Of course the presentation would detail some recent breaches in the world that may have been prevented with proper IPS implementation, especially if they are big news stories.
Propose the top three reasons for why organizations would NOT choose to implement IDS /IPS systems, and analyze each ot these reasons to detsnnlne whether you believe they are valid concerns or improper conclusions.
Cost: Along with initial implementation costs for IDS/IPS, annual maintenance and training costs must be considered. For smaller organizations, or organizations with limited budgets, this might be an obstacle that can’t be overcome. For smaller companies that simply cannot afford it, this is what I would consider a valid concern. Lack of understanding: Management at a company may not see or understand the benefits of such a technology, believing it to be an unnecessary expense or that it may “not protect us any better than the firewall”. This is an improper conclusion. Risks involved: The fact that improper tuning or understanding of the company’s normal traffic could lead to false positives, causing valid traffic to be blocked, affecting normal business processes, is a valid concern, but also probably an improper conclusion at the same time. Especially since a well-planned and executed implementation should see little or no adverse effects.

Discussion two:

From the e-Actlvltles, explain whether or not you believe technologies such as IDS are still relevant and useful as there is a push toward SaaS and cloud-based solutions.
They absolutely are still relevant. Even if a company pushes everything to SaaS or cloudbased solutions, the provider of those solutions still must implement necessary IDS/IPS solutions to protect their infrastructure and the data and applications of their customers. In the modem world, most SaaS/cloud providers are not relying on private line implementations to deliver services to their customers .. .they are using the Internet, which means they are inherently at risk for attacks and breaches, which means they require technologies such as IDS/IPS. And, even if a company no longer maintains any servers on their premises, using only SaaS/cloud, they certainly have Internet access to gain access to those hosted services. That means they are inherently at risk for attacks and breaches and need to properly protect themselves as well. Even their workstations and laptops should have a HIPS system installed to ensure adequate protection. Discuss from your perspective how cloud-based services change incident response, for I better or worse, and detennlne what you believe to be the greatest preparedness concern with cloud-basad services.
Cloud-based services change incident response in a few ways. A company v.lho has moved most of their critical systems into the cloud will have less to wony about in a disaster scenario, as their core systems for conducting business would most likely be hosted far from the affected office(s). But, if the provider is affected by the same event, and does not have adequate redundancy or secondary data centers, it could spell disaster for the company. Another consideration is the preparedness of the cloud provider to begin with … do they have adequate infrastructure to handle an event that affects their facilities? What about security considerations for a cloud provider? Moving to the cloud puts some of the responsibility on the provider for investigating the incident and providing details, and performing certain remedial actions for containment and recovery. But, it still can leave the majority of the liability with the customer … having to report the incident to the proper authorities and their OYtll1 customers. Also, even though the incident may have been completely the fault of the cloud provider, the affected customer is still going to feel the impact of the reputation hit they will undoubtedly receive. From a BCP stance, the greatest preparedness concern with cloud services is redundancy/high-availability. If a failure is experiences at the provider for any reason, how will YJe as a company be affected? Will we even notice? Will there be a short outage v.lhile failover procedures are followed? My greatest security concern has always been how certain can a cloud customer be that a security incident was reported to them in a timely manner and within guidelines of the SL.A/contract. How will the provider be able to detect a security incident and respond to it?