Toggle navigation
Home
Ask A Question
Answer Questions
Users
Support/FAQ
Login
Register
Preview 50% of the Answer Below
Due to formatting, images, tables, or paragraphs may be out of place or not shown. Rest assured that they will be included and formatted correctly in your purchased answer.
Details
Question Title:
Outline the Cybersecurity issues and vulnerabili
Go Back to the Question
Answer Preview
<span class="Apple-tab-span"> </span>1.<span class="Apple-tab-span"> </span>Outline the Cybersecurity issues and vulnerabilities of the petrochemical industry. Include in your answer specific actions required to improve the security profile of this industry.</span></p> <p>Cybersecurity issues and vulnerabilities of the petrochemical industry include vulnerabilities at the informational technology (IT), operational technology (OT), production, plant and management level.<br></p> <p><span class="s1">At the IT level, IT equipment such as email servers can be compromised through techniques such as spear phishing emails,Trojanized software and watering hole websites.<span class="Apple-converted-space"> </span>This may occur through the insufficient implementation of security protocols such as HTTPS. According to a Symantec IT report, the hacker group Dragonfly was one such case, with Dragonfly's hackers using Trojanized software for intelligence gathering and sabotage purposes. Hackers are also able to exploit vulnerabilities in the use of mobile and remote devices to enter the mainframe of a petrochemical plant. If a petrochemical company has an outdated ICS network and security architecture, or flaws such asinsecure connectivity to internal and external networks, or use of technologies with previously documented vulneXXXXXXXXXX , XXXX XXX petrochemical company may XXXX be classified XX vulnerable at XXX IT XXXXXXXXXXXXX level.</span></p> <p><span XXXXX="s1">At XXXXX level, XXXXXXX can XXXXXX the XXXXXXXXXXXXX XXXXX’s XXXXXXXXXXX technology (OT) XXXXXXX, as XXX XXX XXXX XXXX Stuxnet, which attacked XXX oil XXX XXX XXXXXXXX’s XXXXXXXXXXXX XXXXX XXXXXXXXXXX and SCADA systems. Legacy XXXXXXX XXX outdated control XXXXXXX also XXXX a XXXXXX, XX hackers XXX XXXXXXX these XXXXX systems XXXX easily.</span></p> <p><span class="XX">At the XXXXXXXXXX level, XXXXXXX can XXXXXX vulnerabilities in XXX XXXXXXXXXX XXXXX XX disrupt utilities, XXXXXXXX XXXXXXXXXXXXX XXXXXXXXX XX XXXXXX or XXXXXXXXXX it, XXXX unauthorized XXXXXXX XX XXXXXXX XXXXXXX, overload XXXXXXXX to XXXXXX XXXXXXXX spills, and XXXXXXXX protocols to create XXXXXX violations.XXXXXXXXXXX, hackers XXX exploit the connections XXXXXXX onshore XXX XXXXXXXX oil and XXX XXXXXXXXXX in order XX XXXX XXXXXXXXXXXX access XX the XXXXXXXXXX XXXXX.</span></p> <p><span class="XX">At XXX XXXXX level, XXXXXXX can XXXXXXX XXXXX closures XX XXXX access. If a petrochemical company XXXX XXX XXXX the XXXXXXXXX measures XX ensure that a plant, when XXXXXX, XX secured from XXXXXXXX XXXXXX, plant XXXXXXXX can XXXXXXX XXXXXXXX opportunities XXX XXXXX XXXXXXX XX gain access.</span></p> <p><span XXXXX="s1">XXXXXXX, at XXX XXXXXXXXXX XXXXX, managers XXX XXXX to promote greater XXXXXXXXXX XXX XXXXXXXXX XXXXXXXXX in cybersecurity. Management may have fallen short in XXXXXXXXX in XXXXXXX XXXXXXXXXXXXX XXXXXXX XX cybersecurity XXXXXXXXX XXXX as Symantec, and may not have implemented XXXXXXXXXXX XXXX management, threat vulnerability assessment and emergency XXXXXXXX XXXXXXX.</span></p> <p><span class="XX">Specific actions XXXXXXXX XX XXXXXXX the XXXXXXXX profile XX XXXX industry include XXXXXXX and XXXXXXXX-XXXXXXXX XXXXXXXX. For XXXXXXX XXXXXXXX, according to the Center XXX Internet XXXXXXXX,generic XXXXXXX XX improve the security of XXX petrochemical industry XXXXXXX an XXXXXXXXX XX XXXXXXXXXX XXXXXXX and software, XXXXX-XX-the-art XXXXXX XXXXXXXXXXXXXX XXX XXXXXXXX XXX XXXXXXXX, XXXXXXXXXXX XXX email XXX XXX browsers, XXXX-XXXXXXX software toolkits, XXXX XXXXXXXX services, data protection, wireless access XXXXXXX, XXXXXXXXXXX tests, XXXXXXXXXX XXX control XX XXXXXXX XXXXX, XXXXXXXXXXX XXX monitoring XX XXXXX XXXX, restricted XXX XXXXXXXXXX XXXXXX to administrator XXXXXXXXXX. <span class="Apple-converted-XXXXX"></span></span></p> <p><span XXXXX="s1">XXX specific measures, XXXXX XXXXXXX strict XXXXXXXXXX to regulate the use XX XXXXXX work devices such as mobile XXXXXX, a XXXXXXX XXXXXXXX system XX XXXXXX the XXXXXXXXXXX between onshore and XXXXXXXX facilities XXXXXXXX, and an emergency response XXX threat XXXXXXXXXX system XXX XXXXXXXXXXXXX XXXXX XXXXXXXX.</span></p> <p><span XXXXX="s1">2. Using Clarke’s XXXXXXXXXX from XXXXXXXXXX XXXXXXX XXX: XXX Next XXXXXXX to XXXXXXXX XXXXXXXX XXX What to Do XXXXX It, describe America’s potential XXXX XXXXXXXX use of “XXXXXXXXX Cyberwar” XX attack other XXXXXX’s infrastructure. Feel free XX XXXXXXX ‘XXXXXXXXXXX’ XXXXXXXXX XXX XXX-XXXXXXXXXXXXX XXXX XXXXXXXXX XXXXX our nation's efforts XXX debilitating a foe’s XXXXXXXX infrastructure.</span></p> <p><span class="s1">XXXXXX’s XXXXXXXXXX from chaptersix XX‘XXXXX XXX: XXX XXXX XXXXXXX to XXXXXXXX Security and XXXX to Do XXXXX It’ XXXXXXXX possible scenarios from a X.S. XXXXXXXXXX XXX-XXXXXX exercise on possible cyberwarfare XXXXXXX XXX U.S. XXX XXXXX XXXX XXX South China XXXX XXXXXXXX. Clarke XXXXX that this is happening XXXXX, XXXX the Department of Defense’s XXXXXX ‘Cyber Storm’ XXX gaming XXXXXXXXX as a classic example, and he XXXXXXXXXX the key principles XX XXXXXXXXXX, XXXXX first, XXXXXX preparation of XXXXXXXXXXX, limitation XX XXXXXXXXXX damage, XXXXXXXXXXX, crisis XXXXXXXXXXX,<span XXXXX="XXXXX-XXXXXXXXX-space"> </span>and XXXXXXXXX asymmetry, which XXXX XX instrumental in XXXXXXXXXXXX America’s potential best scenario use of ‘Offensive XXXXXXXX’ XX attack XXXXXXX nation’s infrastructure. This XXXXXXXX will imagine XXXXXXX’s best scenario XXX of ‘Offensive XXXXXXXX’ to attack Iran’s XXXXXXX infrastructure.<span class="Apple-converted-XXXXX"></span></span></p> <p><span XXXXX="XX">Assuming that Iran XXX XXXXXXXXXX nuclear XXXXXXX that America XXXXX XX XXXXXXX XXX destroy, America’s best case scenario would be XX XXXXXXX XXXXXX a XXXXXXXXXX strike against Iran’s nuclear facilities using pre-laid XXXXX XXXXX XXXX XXXXXXXX XXXXXXX inspections XXXXXXXXX XXXXX XXX XXXXX administration, and then XXXXX up its own domestic cybersecurity defenses in order XX limit collateral XXXXXX and XXXXXX XXXXXXXXXXX. It XX also important for XXXXXXX XX XXXXXXXXX its XXXX in XXX attack XXX XXXXX attribution, XXXXX also complementing XXX XXXXXXXXXX of key XXXXXXX XXXXXXX infrastructure with the hijacking of XXXXXXX XXXXX XX XXXXXXXXX pro-XXXXXXXX sentiments XX Iranian XXXXX XXXXXXXX. This best XXXX XXXXXXXX would ensure that XXXXXXX XX able to quickly XXX effective XXXXXXX XXXXXXX nuclear XXXXXXXXXXXXXX, XXXXX XXXXXXXXX anonymous XXX XXXX defended XXXXXXX XXXXXXXXX XXXXXXX XXXXXXXXX. XX XX XXXX XXXXXXXXX XXX XXXXXXX XX install XXXXXXXX tunnels into Iranian XXXXXXXXXX, XXX to move quickly XX prevent XXXX from reducing packet XXXXX, XXXXXXXX XXXXXXXXXXXX or XXXXXXXXXXXX XXX XXXXXXXXXX XXXXXXXXXX, XXX XX which XXXX reduce XXX XXXXXXXX XX this XXXXXXXXXX American cyberwar XXXXXXXX. XXXXXXXXXXX, it XX crucial that XXXXXXXX XXXX XXXXXXX XXXX XXX allies, such as Saudi Arabia and XXXXXX, XXX XXXX XXXXXXXX XXXXXXX retaliatory attacks XX XXX XXXXXXXX on American XXXXXX. XXXXXXX, XXXXXXX needs to XXXXXX that XXX own XXXXXXXX XXXXXXXXXXXXX infrastructure, particularly concerning critical XXXXXXXXXXXXXX such XX banking XXX utilities, are XXXX XXXXXXXX from Iranian XXXXXXXXX. <span class="XXXXX-converted-XXXXX"></span></span></p> <p><span XXXXX="XX"></span> </p> <p><span XXXXX="XX">XXXXXXXXXX</span></p> <p><span XXXXX="s1">Alexander Polyakov, 'Cyber XXXXXXXX XXXXX XX Be XXXXX XX In XXX Oil XXX XXX XXXXXXXXXX.' XXXXXX, XXXXX 3, XXXX.<a XXXX="XXXXX://XXX.XXXXXX.XXX/sites/XXXXXXXXXXXXXXXXX/2017/XX/XX/XXXXX-security-XXXXX-to-XX-XXXXX-of-in-XXX-XXX-XXX-gas-industries/#XXXXXXXXXXXX"><span XXXXX="s2"></span></a><a XXXX="https://XXX.XXXXXX.com/sites/forbestechcouncil/XXXX/XX/03/cyber-XXXXXXXX-risks-to-be-aware-of-in-XXX-oil-XXX-g">XXXXX://www.forbes.XXX/XXXXX/forbestechcouncil/XXXX/XX/03/cyber-security-XXXXX-to-XX-aware-XX-in-XXX-XXX-and-g</a></span>as-industries.</p> <p><span class="s1">XXXXX, XXXXXXXXXXX. "XXXXX on XXX: XXXXXX, cybersecurity, and US XXXXXXX." (2014).</span></p> <p><span class="s1"></span> </p> <p><span class="s1">XXXXX Ray XXXXXXX, 'XX XXXXXXXXXXXXX Threats XXXXXX XXX XXX XXX Gas XXXXXXXX.' Manufacturing.XXX, XXXXXXX 30, XXXX.<a XXXX="XXXXX://XXX.manufacturing.net/XXXXXXX/XXXX/01/10-XXXXXXXXXXXXX-XXXXXXX-XXXXXX-XXX-XXX-XXX-industry"><span XXXXX="XX"></span></a><a XXXX="XXXXX://XXX.manufacturing.net/article/2018/XX/XX-cybersecurity-threats-XXXXXX-XXX-and-XXX-industry">XXXXX://XXX.manufacturing.net/article/2018/01/XX-XXXXXXXXXXXXX-threats-facing-oil-and-XXX-industry</a></span></p> <p><span XXXXX="XX">XXXX, XXXX, Changqing Jiang, Feng XXX, Zhonghua XXX, XX Xiong, and Yang Gao. "Industrial XXXXXXX system cybersecurity research." XXXXXXX of XXXXXXXX University Science XXX Technology XX, no. 10 (2012): 1396-1408.</span></p> <p><span XXXXX="s1"></span> </p> <p><span XXXXX="XX">van XXX, Judith. "New XXXXXXXXXX of corporate cybersecurity: a XXXX XXXXX XX XXX XXXXXXXXXXXXX XXXXXXXX in XXX Port XX XXXXXXXXX." XXXXX, Law and Social XXXXXX 68, no. 1-2 (2017): XX-XX.</span></p>">
