assignment 7
Discussion 1
The expanding risks facing pipelines include the possibility of multiple, coordinated attacks by using explosives on the natural gas pipeline system. This could create unprecedented challenges for restoring gas flows, the CRS report found.
Another growing concern is pipeline cybersecurity because the computer systems used to operate much of the pipeline system are vulnerable to outside manipulation. A cybercriminal could exploit a pipeline control system to disrupt or damage pipelines (Jeff, 2014).
For example, in April 2018, new cyberattacks reportedly caused the shutdown of the customer communications systems at four of the United States’ largest natural gas pipeline companies. Nine months later, then U.S. Director of National Intelligence Dan Coats, while testifying at a congressional hearing, singled out gas pipelines as critical infrastructure vulnerable to cyberattacks which could cause disruption “for days to weeks.” Overall, 796 critical infrastructure cyber incidents were reported to the U.S. Department of Homeland Security from 2013 to 2015; the energy sector accounted for 35 percent of them, according to the U.S. Government Accountability Office (GAO).
Another reason cybersecurity concern is increasing is because of the rising interdependency between the pipeline and electric power sectors (Sobczak, 2017). A 2017 U.S. Department of Energy (DOE) report highlighted the electric power sector’s growing reliance upon natural gas-fired energy generation and the resulting security vulnerabilities associated with pipeline gas supplies. Commissioners on the Federal Energy Regulatory Commission (FERC) have said that because natural gas has become a major part of the fuel mix, cybersecurity threats to that supply take on a new urgency.
Discussion 2
In case of a cyberattacks, critical infrastructures are disrupted from normal working states to failures which could lead to loss of confidential information, resources or even casualties. The energy sector is not an exception and without proper countermeasures mechanisms in place, the industry can as well be sabotaged. Diversity and commonality are strategic security measures that can help in mitigating against attacks such as botnet targeting energy sector. Amoroso (2012) acknowledged that diversity creates a platform to introduce differences in the systems, which makes it difficult for perpetrators to launch attacks. The energy sector can deploy desktop diversity, which will make it difficult to launch the botnet attack. Desktop diversity introduces the concept of having different settings that makes the desktop different. Therefore, the botnet cannot easily propagate through the system since it will cease to operate if it finds different desktops.
Network technology diversity is also a response strategy that energy sector can engage to mitigate against able to attack. Network diversity can help in creating different avenues in the network connection to eliminate instances of attacking a similar network. Zhang et al. (2016) discuss the application of biodiversity-inspired network diversity metric, which relies on the available network give different sets of connection that decreases the ability of an attacker of exploiting the system. Thus, network diversity will aid in reducing the avenues that the botnet can propagate.
Similarly, the sector can engage commonality in the systems by designing a common way of setting security standards. Amoroso (2012) argued that commonality could aid in formulating a strategic approach performing securities scans in the system and identify vulnerabilities. For example, the industry can use the Practices of National Infrastructure Protection to develop the security protocols. For instance, it can formulate a comprehensive organizational culture of security protection by increasing awareness and the employees about the impending cyberattack.
1.Evaluate one pro and con above proposed above discussions
Response Requirements:
1. Be 1 paragraphs in length for each Discussion
2. Your responses to above discussions must be more than a simple "Good job" or "I agree with your post". They must also not just be "Let me add to your post..." Instead, your responses to each other should do three things:
1. Acknowledge the above discussions with some form of recognition.
2. Relate the discussions to something you have learned or are familiar with
3. Add to the conversation by asking additional questions about the discussion, or discussing the topic further.