The Security Vulnerabilities And Threats Computer Science Essay

Published Date: 02 Nov 2017

introduction

Until recently, computer systems used to operate as independent "islands of automation," providing very high and reliable local control. However, over the past decade, computer systems have increasingly been integrated into the overall corporate network and they are often managed by remote employees, contractors and vendors via a dialup or other connection. They make use on network operating systems to achieve this.

In this new organization, computer systems have become more vulnerable to online threats and other types of vulnerabilities. Industrial environments are especially very sensitive to cyber-security incidents. System downtime, loss of important data, and loss of control over vital areas of the facility are just some of the consequences that can have a devastating impact on customers, the environment, and public safety. Even the smallest outage or performance degradation is unacceptable.

This level of risk is that is created by today’s trend towards the use of commercial off-the-shelf (COTS) technologies. Both the control networks and corporate IT systems now depend on similar protocols and network operating systems including Active-X, the Microsoft Windows/Linux operating system, Remote Procedure Call (RPC), Distributed Component Object Model (DCOM), Ethernet and TCP/IP. This open, standards-based functionality provides many outstanding benefits, but can at the same time expose the facility to security threats that range from malicious code and attacks by hackers to operator error and technology failures.

the security vulnerabilities and threats

The primary sources of attacks against control systems originate via the wide area network (WAN), the Internet, and trusted third-party or remote connections. While internal threats are still significant and one of the top areas of concern for plant managers, increasing numbers of threats are originating from external sources. This mirrors the current threat trend in traditional IT systems.

Internal threats can come from a number of different sources, including attacks by disgruntled employees and contractors, or accidental infection from a device accessing the network without the latest protection and unknowingly spreading a virus, worm or other attack. However, user error and unintentional incidents actually represent the greatest risks, causing most cyber-related incidents in industrial environments. A local or remote user may access the wrong systems and make changes to them; IT personnel can perform a network penetration test that degrades performance or renders a system inoperable; or a user may download or send large files over the network and impact control traffic performance.

There is also a wide range of external threats to control systems. These range from accidental infection by a guest laptop to deliberate attacks launched by hackers, corporate spies and hostile nation-states. Today’s hackers are now more often motivated by profit, with groups looking for opportunities for extortion or theft that provide a quick payoff.

Such targeted intrusions are increasingly difficult to detect, which is a key reason for achieving complete visibility across the corporate network. These types of threats may include:

1. Malicious code (Malware): Malware includes the broad range of software designed to infiltrate or damage computing systems without user knowledge or consent. The most well-known forms of malware include:

• Viruses that manipulate legitimate users into bypassing authentication and access control mechanisms in order to execute malicious code. Virus attacks are often untargeted and can spread rapidly between vulnerable systems and users. They damage systems and data, or decrease availability of infected systems by consuming excessive processing power or network bandwidth.

• A worm or self-replicating program that uses the network to send copies of itself to other nodes without any involvement from a user. Worm infections are untargeted and often create availability problems for affected systems. They may also carry a malicious code to launch a distributed attack from the infected hosts.

• The trojan horse, a type of virus in which the malicious code is hidden behind a functionality desired by the end user. Trojan horse programs circumvent confidentiality or control objectives and can be used to gain remote access to systems, gather sensitive information or damage systems and data.

2. Distributed Denial of Service Attack: DDOS attacks have become notorious over the past few years when used by attackers to flood network resources, such as critical servers or routers, in several major organizations with the goal of obstructing communication and decreasing the availability of critical systems. A similar attack can easily be mounted on a targeted control system, making it unusable for a critical period of time.

3. Rogue devices: In wireless networks, an unauthorized access point may be inserted into the control system to provide false or misleading data to the controller. This can cause it to issue errant commands such as triggering a failsafe device or changing operator screens to provide erroneous information.

4. Reconnaissance attacks: Reconnaissance attacks enable the first stage of the attack lifecycle by probing. This serves to provide a more focused life cycle and improve the odds of success in the attacker’s favor.

5. Eavesdropping attacks: The goal of an eavesdropper is to violate the confidentiality of communications

by "sniffing" packets of data on the control network or by intercepting wireless transmissions. Advanced eavesdropping attacks, also known as "Man in the Middle" (MITM) or path insertion attacks, are typically leveraged by a hacker as a follow-up to a network probe or protocol violation attack.

6. Collateral damage: This type of impact is typically unplanned or materializes as an unforeseen or unplanned side effect of techniques being used for the primary attack. An example is the impact that bulk scanning or probing traffic may have on link and bandwidth availability. Or, if a network is not properly configured, unintended traffic, such as large downloads, streaming video or penetration tests, can consume excessive bandwidth and result in unacceptable levels of network "noise" and slowed performance.

7. Unauthorized access attacks: These are attempts to access assets that the attacker is not privileged or authorized to use. This implies that the attacker has some form of limited or unlimited control over the system.

8. Unauthorized use of assets, resources, or information: In this type of attack, an asset, service or data is used by someone authorized to use that particular asset, but not in the manner being attempted.

The faster a threat can be recognized, the more quickly it can be dealt with. Preventing the behavior of the attacks and intrusions once the hacker is inside is the key to network security. There are many "back doors" and potential weak links in industrial networks. Typically, these include misconfigured devices, undocumented connections, wireless networks without proper security configurations, and open unguarded ports. A primary vector of concern is the compromise of data that can alter the operation of field devices or mislead an operator into taking inappropriate action