The vulnerabilities of industrial control systems and possible Essay

The vulnerabilities of industrial control systems and possible solutions - Essay Example Industrial control systems (ICS) are imperative to the quality of life that most of society shares and depends on every day. These systems regulate the electricity, food supply, medical and chemical manufacturing, as well as many other processes and utilities that are used daily.After September 11, 2001, the threat of terrorist attacks became a high priority on the home front (Marsh 2006). Most people worried about airplanes, metro or subway systems, or bombs, but a few realized that with the computerization of control systems in a variety of industries becoming normal operating procedures, the risk of attack was just as possible as any other probable target. In fact, some of the systems, such as nuclear plants or chemical manufacturing companies, were more apt to be targeted than others. This concern led to the National Institute of Standards and Technology (NIST) to lead a 500 member forum to discuss cyber-security of the ICS regulating our lives and our country.At the conclusion o f this 2004 forum, NIST produced the System Protection Profile-Industrial Control Systems (SPP-ICS) to use as guidelines and strategies to find the vulnerabilities in each facility and possible solutions. Some of the main concerns include terrorists and unfriendly governments, human error, disgruntled employees, bored teenagers, and natural disasters to name a few. However, most facilities looked only on the outside, without considering errors on the inside that could do as much damage as those external forces. (Barr, 2004; D'Amico, 2004; Marsh, 2006; NIST, 2004; NIST's process control, 2004; Wagman, 2008). NISTS findings were based on the System Target of Evaluation and all risks and vulnerabilities are determined by this standard. The corporate leaders should look at and consider the vulnerabilities and their solutions to help identify the areas that are in need of immediate attention in their own facilities and to make the cyber-connection of the location secure. Unfortunately some do not believe there is a real threat. For example, Tom Donahue from the CIA stated that "attacks on critical infrastructure lack the necessary dramatic display that seems to be preferred by this constituency" (Marsh, 2006, p. 12). This concept may have been true five years ago, but as the world becomes more connected the disruption of electricity, water, or gas would be a fairly dramatic event for those experiencing it, and for those watching it. Previously most facilities were separated by using their privately owned machines, hardware and methods of communication. However, with the onset of more facilities and corporations using "commercial, off-the-shelf" products the vulnerability increases (D'Amico, 2004). The SPP-ICS provides three main areas to watch; the type of agent, method of attack, and the asset that will be affected by the attack. The agent is the insider or outsider that either maliciously or accidently causes an attack on the ICS. The vulnerabilities of attack can include, but are not limited to, protocols, unnecessary systems attached to the ICS, outside remote access to the ICS, incorrect IT architecture, lack of security controls, and lack of risk assessment upon or prior to installation of the system. The assets consist of all the systems used to control the system software and hardware and the infrastructure of the company (Barr, 2004; NIST, 2004) When working to correct or strengthen the security of these systems, the company should look at physical items, the connectivity and if it is secure, authentication, backup and remote access as well as many other attributes of security. Understanding the

RFP's are sick, not dead Essay Example | Topics and Well Written Essays - 1250 words

RFP's are sick, not dead - Essay Example In simple word RFP is a document used by buyer to solicit proposal from various potential suppliers. Proposal is prepared by suppliers by answering specific queries of buyer in the form of document. For example if a company wants to purchase computer system then they will write and issue Request for Proposal to suppliers. After the RFP is issued by the company then suppliers start responding to it. In the second step company receives and analyzes potential proposals from suppliers and after analyzing proposal they select most specific supplier. Industry report says that suppliers proposing low cost but quality solution to buyer have high probability to crack the deal in comparison to others (Schwalbe, 2010, p. 475). There is no fixed way for companies to select proposals from suppliers and entirely depends on business requirement of buyer. Research scholars suggested that companies should use expectancy value model to select right proposal. In expectancy value model buyers emphasizes on attributes of proposals. According to this model, buyers assign value point on various attributes of a proposal and then summarize total points assigned on potential proposals. ... Generally RFI and RFP include following points. Introduction Background of buyer Information regarding the project Purpose and Scope of RFI Specific Request Qualification of Vendor (Stein, 2006, p. 430) Due date of submitting proposal Confidentiality norms (Whitney, 2011, P. 246) Detailed information of supplier (Langer, 2012, pp. 49-50). Theoretically any company can use RFP for particular project but in low cost project issuing RFP ultimately harts objective of the organization. RFP for project costing below $10,000 can be classified as costly in terms of both staffing and investment (Click, and Duening, 2004, p. 78). Specific situations where buyer needs to issue RFP can be summarized in the following manner. Project cost is more than $10,000. Numerous suppliers are available to provide solution Requirement is complex and needs technical supervision High customization is required for the requested system (Wisner, and Stanley, 2007, p. 324) Substantial cost is associated with maint enance of requested system Multiple agency involvement is required during purchase process (Institute for Law and Justice, 1999). Cost of preparing RFP document is negligible in comparison to overall cost of the process. Problem areas for RFP process can be explained in the following manner. Potential Problems and Issues of RFP Reason Potential Effect Potential Threat No mention of Coordinator in RFP Creates confusion among suppliers and agencies Suppliers may protest against the company and solicitation might get cancelled No clear mention of needs or requirement by the buyer in RFP Suppliers do not respond sufficiently to RFP Buyers might need to reissue RFP with clarified requirement statement Ambiguous proposal requirement Confused vendors send incomplete