TOPIC- Advantech – WebAccess (SCADA)
OVERVIEW
A key objective of any academic program is the refinement and reinforcement of strong communication skills.
The same ability of a cyber security professional to compile information and present findings, observations, and recommendations in a clear,
concise, and understandable manner is equally important.
It is for these reasons that a requirement exists for the successful completion of this course to perform research centering on a
specific automation vendor and their industrial solution offering and compile a paper summarizing the findings in a form of security assessment.
The paper will focus on selecting a company and one of their industrial control system offerings.
Solutions are often aligned to specific industry sectors and customer bases. These solutions should be understood to then look at vulnerabilities
that have been disclosed targeting these systems. Equally important is the impact to the business operations of the end-user or asset owner should
any of these vulnerabilities be exploiting – either intentionally or accidentally.
It is essential to evaluate the unmitigated risks associated with these vulnerabilities and develop a recommended list of actions that would help the asset
owner in mitigating some of these risk in order to improve the operational integrity of their cyber-physical systems.
1-The paper shall be at least five (6) and no more than ten (10) pages in length excluding figures, tables, and references.
2-The paper shall be formatted using an 11-point font of either Arial, Helvetica, or Times Roman type using 1″ margins on the sides and double-spacing between
3-lines with 0.5″ indentation on first line of paragraphs.
4-The paper shall be written using the APA style guide seventh edition published in October 2019. Online guidance can be viewed at https://apastyle.apa.org.
5-All tables and figures shall be captioned and specifically referenced in the body of the document.
6-All references shall be stated and included as endnotes in this paper. Citations must meet the following requirements:
7-No more than two (2) citations shall be from Wikipedia
8-At least two (2) references shall be from United States government sites (e.g. CISA, NIST)
9-At least two (2) references from vendor web (html) or printed (pdf) material
10-At least two (2) references shall be from independent sources including but not limited to
News Media Outlets (e.g. Reuters, Washington Post, Wired, CSOOnline)
Industry Publications (e.g. Automation, ISSSource, Control)
Trade Sources (e.g. Oil and Gas Journal, ChemWeek, PharmaTimes)
Security Solution Providers (e.g. McAfee, Trend Micro, Dragos, Claroty) to name several.
Grading for term research paper and associated presentation will be based on the following metrics:
20% = Ideas and Analysis
20% = Organization
20% = Development and Support
10% = Style
20% = Mechanics
10% = miselaneous
The term research paper should be logically divided into sections that follow sound research paper style and address each of the following areas.
You are free to organization the paper and presentation as appropriate,
however a template has been provided for both the paper and presentation to help start the initial paper structure.
The section titles (paper) and slide titles (presentation) in the templates are for reference only.
Your paper shall address and develop each of the following items:
1-System overview (textual) and architecture (graphical) covering devices and network topology explaining the function of each of the key assets
2-Communication protocols used by the system
3-Industry sectors that use the system
4-Vulnerabilities publicly disclosed for the system and the publication of any exploitation packages
5-Potential or actual impact of the vulnerabilities discovered to the industry sectors served
5-Cyber security measures taken by the vendor to secure the system
7-Additional cyber security measures that could be taken by the end-user user if the vendor recommendations are not feasible (e.g. an upgrade could not be performed in a timely manner)
Reference links
https://icscsi.org/library/#osint
https://us-cert.cisa.gov/ncas
https://icscsi.org/library/#news
https://training.icscsi.org/mod/resource/view.php?id=2568