Question

Four Full pages double spaced on What are ICS and SCADA systems? Historical instances of attacks on industrial control systems.
Recent attacks on ICS: What vulnerabilities were exploited? What types of IT systems were compromised? What technical controls can be implemented to prevent attacks? Protecting ICS systems: What controls can be implemented to prevent attacks? Are there any published standards for protecting ICS? All the work should be cited.

Answer 1

What is ICS and SCADA system:

• ICS and SCADA frameworks are all over the place. These gadgets give the capacity to robotize authority over things like the temperature of a place of business, or the time that lights should turn on consequently.

• ICS and SCADA gadgets additionally assume a significant part in the computerization and control of basic foundations like force, water, and gas. These frameworks frequently have restricted capacities in refreshing the product because of the potential effect it could have on framework work.

• This presents a particular test from the network protection viewpoint. Huge numbers of the operational innovation (OT) frameworks interface with a control PC that might be running an out of date working framework.

Vulnerabilities which are exploited are:

STUXNET Vulnerability:(One of the example )

What made Stuxnet so perilous was that it self-recreated and spread all through numerous frameworks using different methods, for example,

• Removable drives misusing a weakness permitting auto-execution.

• Local zone organizations (LANs) abusing a weakness in the Windows Print Spooler.

• Server Message Block (SMB) utilized for giving shared admittance to records, printers, and different gadgets by misusing a weakness in the Microsoft Windows Server Service.

• Network record sharing by duplicating and executing itself.

•Siemens WinCC HMI information base worker by replicating and executing itself.

• Siemens Step 7 by replicating itself into Step 7 activities in such a way that it is consequently executed when Step 7 undertaking is stacked.

Platform Hardware Vulnerabilities

• Inadequate testing of security changes lacks redundancy for critical components.
• Unsecure remote access to ICS components.
• Lack of backup power from generators or Uninterruptible Power Supply (UPS).
• Dual network interface cards to connect networks.
• Inadequate physical protection of critical systems.
• Undocumented assets are connected to the ICS network. Unauthorized personnel has physical access to equipment.
• Loss of environmental control could lead to overheating of a hardwareRadiofrequency and electromagnetic pulses (EMP) caused disruptions and damage to circuitry

IT systems were compromised of :

• Passwords treat and program history by infusing their modules into various programs to capture client meetings.

• Computer network associations.

• Processes and organizers.

• BIOS and CMOS RAM subtleties.

• Local, organization, and removable drive data.

Controls that can be implemented to protect from attack:

• ICS keeps on modernizing, an expanding number of Internet of Things (IoT) gadgets are acquainted with improve profitability and upgrade framework control. With the utilization of related IoT gadgets; measure controls, information checking, and correspondence with different frameworks are made less difficult. Be that as it may, there are chances included when shrewd gadgets are utilized for such assignments.

• IoT fuses AI and large information investigation. It likewise bridles sensor information, machine-to-machine (M2M) correspondence, and mechanization innovations that have recently existed in the modern setting.

• IoT can perform assignments, for example, information conglomeration, prescient investigation, prescriptive examination, information esteem expansion, and even the production of new business models.

• Like how the presentation of PDAs was trailed by the ascent of weaknesses and malware identified with the stage, coordinating Human Internet of Things (IoT) and IoT gadgets may make comparative issues. Truth be told, overseeing IoT gadgets in the ICS climate can make significant difficulties in security, as every gadget should be appropriately safeguarded and made sure about. Not having any significant bearing sufficient security leaves the whole ICS biological system profoundly helpless against assaults.

Yes, there are proper standards for protecting ICS Security Related Standards, Guidelines, and Policy Documents. Addition III of the report "Securing Industrial Control Systems".