You have been asked to prepare a short background paper for Sifers-Grayson IT personnel about the importance of being prepared to respond to business disruptions arising from (a) natural disasters and (b) cyber attacks. Such disruptions can adversely impact the availability of IT services and, in turn, prevent the business from conducting operations over an extended period of time. The client has requested that you focus upon the business reasons behind the need for formal disaster recovery procedures and business continuity plans. Your deliverable should be written as a background paper containing at least 7 strong paragraphs.
You will need to do additional reading and research before you prepare your paper. The FEMA website https://www.ready.gov is a good place to start.
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.
Use attach resources Then add your research to it please
Sifers‐Grayson Site Survey & Security Posture Assessment
Prepared by: Nofsinger Consulting Services, LLC
C
S Pervasive Cybersecurity is our passion …
PRELIMINARY – NOT FOR DISTRIBUTION
Company Background
• Founded by Ira John Sifers and John Michael Cole in 1974
• Based in Pine Knob, Grayson County, Kentucky • Located in the Appalachian Economic Development Region
• Business areas: – Industrial Control Systems for Advanced Manufacturing & Utilities
– R&D for Drones and Robots
Sifers‐Grayson CEO
Chief Operating Officer
Finance & Accounting Personnel Engineering
R&D Dev Lab
Scada Support Lab
Test Range
Project Management Sales & Support
Sifers‐Grayson Organization Chart
Mary Beth Sifers
Ira John Sifers, III
Michael Coles, Jr.
Customer Base
• Advanced Manufacturing Firms • Utility Companies • U.S. Department of Defense • U.S. Department of Homeland Security
SITE SURVEY A Quick Look at the SG Enterprise Architecture
Figure 1. Overview of Sifers‐Grayson Enterprise IT Architecture
Figure 2. Combined Networks and Systems Views: Sifers‐Grayson Headquarters, R&D Center, and Data Center
Figure 3. Combined Networks and Systems Views: Sifers‐Grayson Engineering Center
Figure 4. Combined Communications, Networks and Systems Views: Sifers‐Grayson Test Range and R&D Center
Figure 5. Combined Networks and Systems Views: Sifers‐Grayson SCADA Support Lab
Figure 6. Combined Networks and Systems View: Sifers‐Grayson R&D DevOps Lab
Threat Landscape
Sifers‐Grayson Security Posture Assessment
C
S Pervasive Cybersecurity is our passion …
PRELIMINARY – NOT FOR DISTRIBUTION
Threat Landscape for Sifers‐Grayson SCADA Lab
SCADA Support Lab
Supply Cage
Inventory Control System
PROM Burner
Programing Workstations
Modems
Diagnostics Workstations
Testing Workstation
SCADA Test Jig
External Threat Sources
External Threat Sources
Internal Threat Sources
Supply Chain Threats Windows 8.1
Windows 8.1
Malware ThreatsMalware
Threats
“Sneaker‐Net” Threats
Threat Landscape for Sifers‐Grayson R&D DevOps Lab
Telemetry Links • Command & Control • Sensor Data • Housekeeping Data • Debugging Data
R&D DevOps Lab
Supply Cage
Inventory Control System
PROM Burner
Programing Workstations
DevOps Workstations
Test & Simulation Workstation
PLC / PROM Test Jig
Connection to Corporate Campus Area
Network
R&D Servers
Internet
Test Vehicles
Modems
Internal Threat Sources
Windows 8.1Supply Chain Threats
“Sneaker‐Net” Threats
“RF‐Net” Threats
External Threats
Internal & External Threats
Windows 10
Windows 10Windows 10 Malware
Malware
U til iti es
Internet
Data Center
Email, Web, and Database Servers
Campus Area Network (Wired)
Wireless Access Point
Wireless Devices
Threat Landscape for Enterprise IT Systems
R&D Center
Corporate Offices
High Speed Fiber Optic
Cable (Buried)
Copper Cable from
Telco (buried)
SV‐1
Firewall
Backdoor into Enterprise Network
Vulnerable System
Missing IDS / IDPS
Internal Threat Sources
Missing IDS / IDPS
Email, Web Traffic
“Quick Look” Recommendations & Next Steps
Sifers‐Grayson Security Posture Assessment
C
S Pervasive Cybersecurity is our passion …
PRELIMINARY – NOT FOR DISTRIBUTION
Issues Summary 1. Newly won government contracts now require compliance
with DFARS §252.204‐7008, 7009, and 7012 – http://www.acq.osd.mil/dpap/dars/dfars/html/current/25 2204.htm
– http://www.acq.osd.mil/se/docs/DFARS‐guide.pdf 2. Derivative requirements include:
– Implementation of and compliance with NIST SP 800‐171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST. SP.800‐171.pdf
– Compliance with DFARS 252.239‐7009 Representation of Use of Cloud Computing and 7010 Cloud Computing Services (see http://www.acq.osd.mil/dpap/dars/dfars/html/current/25 2239.htm)
Additional Derivative Requirements
• Use NIST Guidance Documents for – Incident Response, e.g. NIST SP‐800‐61 (Computer Security Incident Handling Guide)
– SCADA Security, e.g. NIST SP 800‐82 (Guide to Industrial Control Systems Security)
– Software / Systems Development Lifecycle (SDLC) Security, e.g. NIST SP 800‐64 (Security Considerations in the System Development Life Cycle)
– Configuration Management, e.g. NIST sp 800‐128 (Guide for Security‐Focused Configuration Management of Information Systems)
Recommendations • Immediate (Phase I)
– Remove direct network connection between Corporate Campus Area Network (CCAN) and R&D Center’s LAN
– Install a VPN solution to allow R&D Center to access CCAN and internal resources from the Internet
– Install backup network connections from TELCO to CCAN and TELCO to R&D LAN
• Rationale – Segment network to reduce internal & external risks from CCAN to Test Range, SCADA Lab, and R&D DevOps Lab
– Limit the “reach” of the customer’s requirements (per DFARS & NIST guidance) to the smallest allowable footprint
– Provide backup connectivity to WAN for business continuity
C
S Pervasive Cybersecurity is our passion …
• Recommendations (Phase II) – Evaluate & Recommend Acquisitions for Security Solutions to strengthen the company’s IT security posture 1. End Point Protection Platforms 2. Application Lifecycle Management 3. Identity Governance & Administration 4. Security Information & Event Management
– Develop Incident Response Handbook & Guidance
C
S Pervasive Cybersecurity is our passion …
• Recommendations (Phases III, IV, V, etc.) – Build security operations team led by dedicated CISO – Identify, evaluate and improve Internal Processes for IT security
– Implement IT Security Governance & Enterprise Risk Management
– Establish Security Operations Center – Upgrade security appliances to include advanced network monitoring and intrusion detection and prevention systems
– Join information sharing and analysis center – … additional recommendations to be made after further investigation and assessment
C
S Pervasive Cybersecurity is our passion …
“After Action” Review: Sifers‐Grayson
Sifers‐Grayson Security Posture Assessment
C
S Pervasive Cybersecurity is our passion …
PRELIMINARY – NOT FOR DISTRIBUTION
The customer’s feedback
• Surprised at the extent of the problems • Dismayed at the potential liabilities and contractual issues
• Concerned about the costs • Determined not to let technology stand in the way of progress
• Agreed to implement Phase I and II recommendations
Additional Negotiated Work
• NCS “Red Team” will conduct pentration test within next 60 days
• NCS will establish & train Sifers‐Grayson Incident Response Team
• NCS will provide a contract CISO to Sifers‐ Grayson for 180 days (renewable on a yearly basis thereafter)
• NCS will provide additional staff & services at negotiated rates