TOPIC- Advantech - WebAccess (SCADA) : Term Paper
TOPIC- Advantech - WebAccess (SCADA)
Term Paper Requirements
A key objective of any academic program is the refinement and reinforcement of strong communication skills. The same ability of a cyber security professional to compile information and present findings, observations, and recommendations in a clear, concise, and understandable manner is equally important. It is for these reasons that a requirement exists for the successful completion of this course to perform research centering on a specific automation vendor and their industrial solution offering and compile a paper summarizing the findings in a form of security assessment.
The paper will focus on selecting a company and one of their industrial control system offerings. Solutions are often aligned to specific industry sectors and customer bases. These solutions should be understood to then look at vulnerabilities that have been disclosed targeting these systems. Equally important is the impact to the business operations of the end-user or asset owner should any of these vulnerabilities be exploiting – either intentionally or accidentally.
It is essential to evaluate the unmitigated risks associated with these vulnerabilities and develop a recommended list of actions that would help the asset owner in mitigating some of these risk in order to improve the operational integrity of their cyber-physical systems.
REQUIREMENTS AND GRADING
Each student will be required to write their own research paper – no teaming, partnering, or study group papers are permitted. This is an individual assignment and copying or plagiarizing will not be tolerated and will be subject to University disciplinary action up to and including a failing grade for this course.
The paper shall be at least five (5) and no more than ten (10) pages in length excluding figures, tables, and references.
The paper shall be formatted using an 11-point font of either Arial, Helvetica, or Times Roman type using 1" margins on the sides and double-spacing between
lines with 0.5" indentation on first line of paragraphs.
The paper shall be written using the APA style guide seventh edition published in October 2019. Online guidance can be viewed at https://apastyle.apa.org.
All tables and figures shall be captioned and specifically referenced in the body of the document.
All references shall be stated and included as endnotes in this paper. Citations must meet the following requirements:
· No more than two (2) citations shall be from Wikipedia
· At least two (2) references shall be from United States government sites (e.g. CISA, NIST)
· At least two (2) references from vendor web (html) or printed (pdf) material
· At least two (2) references shall be from independent sources including but not limited to
· News Media Outlets (e.g. Reuters, Washington Post, Wired, CSOOnline)
· Industry Publications (e.g. Automation, ISSSource, Control)
· Trade Sources (e.g. Oil and Gas Journal, ChemWeek, PharmaTimes)
· Security Solution Providers (e.g. McAfee, Trend Micro, Dragos, Claroty) to name several.
Grading for term research paper and associated presentation will be based on the following metrics:
20% = Ideas and Analysis
20% = Organization
20% = Development and Support
10% = Style
20% = Mechanics
10% = miselaneous
CONTENTS AND STRUCTURE
The term research paper and associated presentation should be logically divided into sections that follow sound research paper style and address each of the following areas.
You are free to organization the paper and presentation as appropriate,
however, a template has been provided for both the paper and presentation to help start the initial paper structure.
The section titles (paper) and slide titles (presentation) in the templates are for reference only.
Your paper and presentation shall address and develop each of the following items:
1. System overview (textual) and architecture (graphical) covering devices and network topology explaining the function of each of the key assets
2. Communication protocols used by the system
3. Industry sectors that use the system
4. Vulnerabilities publicly disclosed for the system and the publication of any exploitation packages
5. Potential or actual impact of the vulnerabilities discovered to the industry sectors served
6. Cyber security measures taken by the vendor to secure the system
7. Additional cyber security measures that could be taken by the end-user user if the vendor recommendations are not feasible (e.g. an upgrade could not be performed in a timely manner)