Tech Brief on Current Alerts|Quick homework help

Posted: January 27th, 2023

Choose an Alert closely related to the weekly topic and write a concise summary using the template.

Assignment Directions: 

1.  The US Government Cybersecurity & Infrastructure Security Agency (CISA) provides timely notification to critical infrastructure owners and operators concerning threats to critical infrastructure networks. Each week, review the National Cyber Awareness System website.
2.  Choose a topic closely related to our weekly material and write a concise summary using the organizational template and example
   

   Organizational Template

   A. Identify the Vulnerability Type(s)

    

   B. List the Impact

    

   C. Analyze and Outline the Mitigation Plan

    

   D. Source

    

   Example:

    

   A. Vulnerability Type:

   Insufficient Verification of Data Authenticity

   Active Scanning: Vulnerability Scanning

   Spearphishing and Social Engineering Methods

    

   B. Impact:

   Remote Code Execution

   Directory Traversal

   Structured Query Language (SQL) Injection

   Web Shell Uploads

    

   C. Mitigation Plan:

   1. Network Segmentation: use proper network-protection devices to isolate industrial robots that need to process data coming from other networks, possibly with a physical cable, to make spoofing only possible to an attacker who is physically onsite.

   2. Secure Programming: in addition to adopting secure network architectures, system integrators should promote secure programming guidelines among their control-process engineers and programmers, to minimize the attack surface exposed by automation code.

   3. Automation Code Management: knowing and keeping track of the automation code produced by a system integrator and running in a factory is a fundamental prerequisite to find, manage, and resolve vulnerabilities and other security issues that may arise.

    

   D. Source: AA20-304A (https://us-cert.cisa.gov/ncas/alerts/aa20-304a)

SOLUTION

Yes, that is correct. The Cybersecurity and Infrastructure Security Agency (CISA) is a federal agency within the United States Department of Homeland Security (DHS) that is responsible for protecting the nation’s critical infrastructure from physical and cyber threats. CISA works closely with owners and operators of critical infrastructure, as well as other government agencies and private sector partners, to identify and mitigate threats to the nation’s critical infrastructure networks. This includes providing timely notifications and alerts to owners and operators of critical infrastructure concerning potential threats to their networks.