Introduction
Nowadays, cybersecurity is discussed as one of the priorities in disaster and recovery management because of a range of cyber threats to the U.S. industrial systems. These threats need to be addressed efficiently, and the Department of Homeland Security (DHS) is responsible for protecting the nation from cyberattacks and risks similar to Stuxnet (Ferran, 2012; Radvanovsky & Brodsky, 2016). The purpose of this case study is to discuss the role of the US-CERT in disaster and recovery management, the importance of the ICS-CERT for addressing the Stuxnet problem, the role of alternate sites in overcoming the issue, and the planning required for organizations using ICS technologies to respond to cyberattacks.
The Role of the US-CERT in Incident and Recovery Management
The US-CERT (the U.S. Computer Emergency Readiness Team) was organized by the DHS to analyze and address cyber threats and attacks to improve incident and recovery management in the country (Radvanovsky & Brodsky, 2016). The role of the US-CERT is important as it works to protect U.S. industrial systems with reference to coordinating cybersecurity activities at the national level. Thus, the US-CERT provides protection for the web infrastructure in the United States, guaranteeing support for public and private organizations through controlling defense against different types of cyberattacks and providing tips and alerts for companies.
While discussing the efforts of the team in guaranteeing the preparedness for cyber threats and realizing effective incident and recovery management, it is necessary to state that the US-CERT has significantly contributed to preventing and addressing cyberattacks since its organization in 2003 because of the effective analysis of cybersecurity information (Wilhoit, 2013).
According to Ferran (2012), the number of incidents related to cyberattacks increased significantly during 2009-2011, and the US-CERT is responsible for analyzing all these cases and responding to serious ones to guarantee the cybersecurity of facilities and industrial systems. From this point, the US-CERT is crucial for controlling the security of web systems in U.S. industries and providing alerts, as well as coordinating incident and recovery management activities.
ICS-CERT and the Stuxnet Threat
The ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) is critical for defending industrial systems against cyber threats by analyzing reports on incidents, conducting vulnerability analysis, responding to attacks, providing support for organizations, and coordinating recovery activities (Radvanovsky & Brodsky, 2016). The efforts of this team directed towards overcoming the Stuxnet threat include the following steps: Stuxnet was discovered and described in 2010, the complete analysis of the worm was conducted by the ICS-CERT, the team helped organizations to identify attacked systems and proposed the developed incident response plan that included several stages (Chen, Jarvis, & Macdonald, 2014; Ferran, 2012).
It is possible to state that the incident response efforts were effective enough to address the threat because a complex process to remove Stuxnet from industrial control systems was proposed for the effective implementation in several stages. The ICS-CERT also developed a plan for detecting and addressing further Stuxnet threats. Still, the risks of developing and modifying Stuxnet and similar threats are high (Ferran, 2012). Nevertheless, the efforts of the ICS-CERT can be viewed as appropriate.
Feasibility of Alternate Sites
It is possible to state that alternate sites, including hot sites, are suitable to be used in organizations that rely on ICS technologies because hybrid systems can guarantee the most efficient cyber protection for industries. Thus, professionals of the ICS-CERT recommend developing hybrid systems based on using innovative ICS components and alternate sites in order to achieve higher results and prevent cyberattacks (Radvanovsky & Brodsky, 2016).
Alternate processing is viewed as one of the most effective strategies in disaster and recovery management, therefore, the use of alternate sites is reasonable in this case. It is important to relocate the most critical data related to systems’ operations to guarantee their protection. From this perspective, the use of hot sites, for instance, is feasible for organizations utilizing ICS technologies.
Planning Required to Prepare for Cyberattacks
To prepare for cyberattacks similar to Stuxnet, organizations that utilize ICS technologies need to focus on the efficient planning of their industrial systems. It is important to determine the following parts of the plan: the identification and development of back-up procedures, the development of recovery procedures, and the realization of testing and monitoring (Chen et al., 2014). Alternate processing is one of the components of the plan to guarantee the protection of data and the continuation of operations in spite of cyber threats.
At the first stage, operations need to be relocated to the back-up site, and emergency operations should be realized. The recovery of the critical components of the system needs to be realized at the next stage. The restoration of other components is completed at the following stages. This approach guarantees the preparation for and protection from cyber threats.
Conclusion
This case study analysis has presented the discussion of the DHS’s activities oriented to protecting the U.S. industrial systems in the context of the Stuxnet threat. The role of the US-CERT has been discussed in detail. The appropriateness of the ICS-CERT’s steps and alternate sites for U.S. organizations has been analyzed. Furthermore, the aspects of high-level planning for these organizations are described.
References
Chen, T. M., Jarvis, L., & Macdonald, S. (Eds.). (2014). Cyberterrorism: Understanding, assessment, and response. New York, NY: Springer.
Ferran, L. (2012). When Stuxnet hit the homeland: Government response to the rescue. Web.
Radvanovsky, R., & Brodsky, J. (Eds.). (2016). Handbook of SCADA/control systems security (2nd ed.). Boca Raton, FL: CRC Press.
Wilhoit, K. (2013). Who’s really attacking your ICS equipment? Web.