Toggle navigation
Home
Ask A Question
Ask
Answer Questions
Answer
Users
Support/FAQ
Login
Register
Preview 50% of the Answer Below
Due to formatting, images, tables, or paragraphs may be out of place or not shown. Rest assured that they will be included and formatted correctly in your purchased answer.
Details
Question Title:
Outline the Cybersecurity issues and vulnerabili
Go Back to the Question
Answer Preview
<span class="Apple-tab-span"> </span>1.<span class="Apple-tab-span"> </span>Outline the Cybersecurity issues and vulnerabilities of the petrochemical industry. Include in your answer specific actions required to improve the security profile of this industry.</span></p> <p>Cybersecurity issues and vulnerabilities of the petrochemical industry include vulnerabilities at the informational technology (IT), operational technology (OT), production, plant and management level.<br></p> <p><span class="s1">At the IT level, IT equipment such as email servers can be compromised through techniques such as spear phishing emails,Trojanized software and watering hole websites.<span class="Apple-converted-space"> </span>This may occur through the insufficient implementation of security protocols such as HTTPS. According to a Symantec IT report, the hacker group Dragonfly was one such case, with Dragonfly's hackers using Trojanized software for intelligence gathering and sabotage purposes. Hackers are also able to exploit vulnerabilities in the use of mobile and remote devices to enter the mainframe of a petrochemical plant. If a petrochemical company has an outdated ICS network and security architecture, or flaws such asinsecure connectivity to internal and external networks, or use of technologies with previously documented vulneXXXXXXXXXX , XXXX XXX XXXXXXXXXXXXX XXXXXXX may also be XXXXXXXXXX as vulnerable XX the IT XXXXXXXXXXXXX level.</span></p> <p><span class="s1">XX theOT XXXXX, XXXXXXX XXX access XXX petrochemical XXXXX’s operational technology (XX) XXXXXXX, XX was the case with Stuxnet, XXXXX XXXXXXXX the XXX and XXX industry’s XXXXXXXXXXXX logic controllers and XXXXX systems. Legacy systems XXX outdated control XXXXXXX also pose a threat, as hackers XXX exploit these XXXXX XXXXXXX more XXXXXX.</span></p> <p><span class="XX">XX XXX XXXXXXXXXX XXXXX, hackers can access XXXXXXXXXXXXXXX in the XXXXXXXXXX chain XX disrupt utilities, XXXXXXXX petrochemical equipment XX damage or debilitate it, XXXX XXXXXXXXXXXX XXXXXXX XX product XXXXXXX, overload chambers to create chemical spills, XXX override XXXXXXXXX XX XXXXXX XXXXXX violations.XXXXXXXXXXX, XXXXXXX can XXXXXXX XXX connections between onshore XXX XXXXXXXX XXX XXX gas XXXXXXXXXX in order to gain unauthorized XXXXXX at the production XXXXX.</span></p> <p><span class="s1">XX XXX plant XXXXX, hackers XXX XXXXXXX plant XXXXXXXX XX XXXX access. XX a petrochemical XXXXXXX XXXX not have XXX necessary XXXXXXXX XX XXXXXX that a XXXXX, XXXX closed, XX secured from XXXXXXXX XXXXXX, plant closures XXX XXXXXXX valuable XXXXXXXXXXXXX XXX XXXXX XXXXXXX to XXXX access.</span></p> <p><span class="XX">Finally, at XXX XXXXXXXXXX level, XXXXXXXX may fail to XXXXXXX greater regulation XXX corporate XXXXXXXXX in XXXXXXXXXXXXX. XXXXXXXXXX XXX XXXX fallen short in XXXXXXXXX in XXXXXXX cybersecurity XXXXXXX by XXXXXXXXXXXXX XXXXXXXXX such as XXXXXXXX, XXX may XXX have implemented appropriate risk XXXXXXXXXX, threat vulnerability assessment XXX XXXXXXXXX XXXXXXXX systems.</span></p> <p><span class="XX">XXXXXXXX XXXXXXX required XX XXXXXXX the XXXXXXXX profile of XXXX XXXXXXXX XXXXXXX generic XXX industry-specific XXXXXXXX. For XXXXXXX XXXXXXXX, XXXXXXXXX XX XXX XXXXXX for Internet Security,XXXXXXX actions XX improve XXX XXXXXXXX of XXX XXXXXXXXXXXXX industry XXXXXXX an inventory of authorised XXXXXXX XXX XXXXXXXX, XXXXX-of-the-art secure XXXXXXXXXXXXXX for hardware XXX software, protections XXX email XXX XXX browsers, anti-XXXXXXX XXXXXXXX XXXXXXXX, data XXXXXXXX services, XXXX protection, XXXXXXXX access XXXXXXX, XXXXXXXXXXX XXXXX, limitation XXX control of network ports, maintenance XXX XXXXXXXXXX of audit XXXX, XXXXXXXXXX XXX controlled access to administrator privileges. <span XXXXX="Apple-converted-XXXXX"></span></span></p> <p><span XXXXX="XX">XXX specific measures, XXXXX include XXXXXX XXXXXXXXXX XX XXXXXXXX the use of XXXXXX XXXX XXXXXXX XXXX XX mobile phones, a XXXXXXX XXXXXXXX XXXXXX XX XXXXXX the connections XXXXXXX onshore and offshore facilities XXXXXXXX, XXX an XXXXXXXXX XXXXXXXX XXX XXXXXX assessment XXXXXX for petrochemical XXXXX XXXXXXXX.</span></p> <p><span XXXXX="s1">X. XXXXX XXXXXX’s XXXXXXXXXX from chaptersix XXXXXXX XXX: XXX Next XXXXXXX to XXXXXXXX XXXXXXXX XXX What to Do About It, describe XXXXXXX’s potential XXXX XXXXXXXX use of “Offensive XXXXXXXX” XX attack XXXXX nation’s infrastructure. XXXX XXXX to provide ‘theoretical’ XXXXXXXXX XXX war-XXXXXXXXXXXXX XXXX wouldbest XXXXX our XXXXXX's efforts XXX debilitating a XXX’s national infrastructure.</span></p> <p><span class="s1">XXXXXX’s XXXXXXXXXX XXXX chaptersix XX‘XXXXX XXX: XXX XXXX Threats XX XXXXXXXX Security and XXXX XX Do About It’ outlines XXXXXXXX XXXXXXXXX XXXX a U.S. XXXXXXXXXX XXX-XXXXXX exercise on XXXXXXXX XXXXXXXXXXXX XXXXXXX the U.S. and XXXXX over XXX XXXXX China XXXX XXXXXXXX. Clarke XXXXX that XXXX XX happening XXXXX, with XXX XXXXXXXXXX XX XXXXXXX’s annual ‘XXXXX XXXXX’ war XXXXXX exercises as a XXXXXXX example, XXX he emphasizes XXX XXX principles XX deterrence, XXXXX first, prewar XXXXXXXXXXX XX XXXXXXXXXXX, XXXXXXXXXX of collateral damage, attribution, XXXXXX XXXXXXXXXXX,<span XXXXX="Apple-converted-space"> </span>XXX XXXXXXXXX XXXXXXXXX, which will be instrumental in constructing XXXXXXX’s XXXXXXXXX XXXX XXXXXXXX XXX of ‘Offensive Cyberwar’ XX attack XXXXXXX XXXXXX’s XXXXXXXXXXXXXX. XXXX response XXXX imagine America’s best XXXXXXXX use of ‘XXXXXXXXX XXXXXXXX’ XX attack XXXX’s nuclear infrastructure.<span XXXXX="Apple-XXXXXXXXX-space"></span></span></p> <p><span class="s1">XXXXXXXX that Iran has XXXXXXXXXX XXXXXXX weapons XXXX XXXXXXX needs to disrupt XXX destroy, America’s XXXX XXXX XXXXXXXX XXXXX be to XXXXXXX XXXXXX a preemptive XXXXXX XXXXXXX Iran’s XXXXXXX facilities XXXXX pre-XXXX logic XXXXX XXXX XXXXXXXX XXXXXXX inspections conducted under XXX XXXXX XXXXXXXXXXXXXX, XXX then shore up its own XXXXXXXX cybersecurity defenses in order XX XXXXX XXXXXXXXXX XXXXXX and XXXXXX instability. It XX also XXXXXXXXX for XXXXXXX to anonymise XXX role in the attack XXX limit attribution, XXXXX also complementing its disruption of key XXXXXXX XXXXXXX infrastructure XXXX XXX hijacking of XXXXXXX media to broadcast pro-XXXXXXXX XXXXXXXXXX XX Iranian XXXXX XXXXXXXX. This best case XXXXXXXX would XXXXXX that XXXXXXX is able XX quickly and effective destroy Iranian nuclear XXXXXXXXXXXXXX, while remaining anonymous XXX XXXX defended against potential Iranian XXXXXXXXX. It is XXXX XXXXXXXXX XXX XXXXXXX XX XXXXXXX backdoor tunnels XXXX XXXXXXX XXXXXXXXXX, XXX XX move XXXXXXX XX XXXXXXX XXXX XXXX reducing XXXXXX XXXXX, XXXXXXXX XXXXXXXXXXXX or XXXXXXXXXXXX XXX XXXXXXXXXX XXXXXXXXXX, all XX which XXXX reduce the efficacy of XXXX preemptive XXXXXXXX cyberwar XXXXXXXX. XXXXXXXXXXX, it is crucial XXXX XXXXXXXX XXXX ensures that its allies, XXXX as XXXXX Arabia XXX Israel, are XXXX defended against retaliatory attacks by XXX Iranians on American XXXXXX. Finally, XXXXXXX needs XX XXXXXX that XXX own domestic cybersecurity XXXXXXXXXXXXXX, particularly concerning XXXXXXXX XXXXXXXXXXXXXX XXXX as XXXXXXX XXX utilities, are XXXX XXXXXXXX from Iranian reprisals. <span class="Apple-XXXXXXXXX-space"></span></span></p> <p><span class="s1"></span> </p> <p><span XXXXX="XX">XXXXXXXXXX</span></p> <p><span class="XX">XXXXXXXXX XXXXXXXX, 'Cyber Security XXXXX XX Be Aware Of In XXX XXX XXX XXX Industries.' XXXXXX, XXXXX X, 2017.<a href="XXXXX://www.XXXXXX.com/XXXXX/XXXXXXXXXXXXXXXXX/XXXX/04/XX/cyber-security-XXXXX-XX-be-XXXXX-XX-in-XXX-oil-XXX-gas-industries/#beac5233f0a2"><span XXXXX="XX"></span></a><a XXXX="XXXXX://www.forbes.com/sites/forbestechcouncil/XXXX/04/XX/cyber-XXXXXXXX-XXXXX-XX-XX-aware-of-in-XXX-oil-and-g">XXXXX://www.forbes.XXX/sites/XXXXXXXXXXXXXXXXX/XXXX/04/03/cyber-security-risks-to-be-XXXXX-of-in-XXX-oil-XXX-g</a></span>XX-XXXXXXXXXX.</p> <p><span XXXXX="s1">XXXXX, XXXXXXXXXXX. "Hacks on XXX: Energy, XXXXXXXXXXXXX, XXX US XXXXXXX." (2014).</span></p> <p><span XXXXX="XX"></span> </p> <p><span XXXXX="XX">XXXXX Ray XXXXXXX, 'XX Cybersecurity Threats XXXXXX The Oil XXX Gas Industry.' XXXXXXXXXXXXX.XXX, January XX, XXXX.<a XXXX="https://XXX.manufacturing.net/XXXXXXX/XXXX/01/XX-cybersecurity-threats-XXXXXX-oil-XXX-XXX-industry"><span XXXXX="XX"></span></a><a href="XXXXX://XXX.XXXXXXXXXXXXX.XXX/XXXXXXX/2018/01/XX-cybersecurity-XXXXXXX-facing-oil-and-gas-industry">https://www.XXXXXXXXXXXXX.XXX/XXXXXXX/2018/01/10-cybersecurity-XXXXXXX-XXXXXX-XXX-XXX-XXX-XXXXXXXX</a></span></p> <p><span XXXXX="XX">Peng, XXXX, Changqing Jiang, XXXX XXX, XXXXXXXX XXX, XX XXXXX, XXX Yang XXX. "XXXXXXXXXX control XXXXXX cybersecurity XXXXXXXX." Journal of XXXXXXXX University XXXXXXX and Technology 52, XX. XX (2012): 1396-1408.</span></p> <p><span class="XX"></span> </p> <p><span XXXXX="s1">XXX XXX, XXXXXX. "XXX governance XX XXXXXXXXX cybersecurity: a XXXX study of the XXXXXXXXXXXXX industry in the Port XX Rotterdam." XXXXX, Law and Social Change XX, no. X-2 (2017): XX-93.</span></p>">
