UFCF7P-15-M Demonstrate a deep and systematic understanding of conventional and contemporary ICS implementations and their comparison to IT systems in the context of cyber security;

Section 1: Overview of Assessment

This assignment evaluates the following module learning outcomes:

  • Demonstrate a comprehensive and structured understanding of both traditional and modern implementations of Industrial Control Systems (ICS) and their comparison to IT systems within the realm of cyber security.Conduct an analysis of the cyber threat landscape specific to ICS and assess existing cyber protection strategies within this domain. 
  • Design and appraise enhancements to current cyber protection strategies aimed at addressing cyber security challenges encountered in ICS. 
  • Exhibit an understanding of industry-specific regulations and standards governing the protection of ICS.

In essence, this assignment entails producing a 2500 (+/-10%) word report analyzing the prevailing cyber threat landscape and cyber protection strategies in Critical Infrastructure, while proposing improvements. The report will be research-based and formatted to industry standards; you are expected to draw insights from one or more case studies such as "Stuxnet" (and/or its variants), the "Analysis of the Cyber Attack on the Ukrainian Power Grid" in 2015, and Wannacry, albeit without relying solely on these examples.

This task will aid in identifying and assessing the challenges inherent in protecting cyber-physical control systems employed in Critical Infrastructure, presented within a report adhering to industrial standards. Through research, you will evaluate the current threat landscape, existing cyber protection approaches, and recommend avenues for enhancement. For any questions related to this assignment, please engage in discussions on the Blackboard platform.

Section 2: Task Specification

Produce a 2500 (+/-10%) word report analyzing selected case studies on cyber security incidents within Critical Infrastructure, focusing on an industry of your choice (e.g., Water, Energy, Telecommunications).

Imagine yourself as an independent consultant for a Cyber Security firm with a Research and Development department focused on Industrial Control Systems Cyber Security. The firm seeks intelligence on cyber security in Critical Systems to develop new products and solutions. Your task is to conduct research in this domain and generate a report addressing the firm`s requirements. Specifically, your research should concentrate on:

  1. Analyzing the current cyber threat landscape in cyber-physical control systems utilized in Critical Infrastructure within a chosen industry.

  2. Evaluating current cyber security approaches prevalent in the field.

  3. Proposing enhancements to current cyber security strategies, analyzing their impact on the system.

  4. Creating a topological map illustrating proposed interventions (Sections 2 and 3). [A topological map template is available in the assignments folder on Blackboard, but you are free to create your own.]

Your research should draw from real-world case studies (some discussed in lectures/tutorials like Stuxnet, Flame, Ukrainian Power Grid, Wannacry, etc.) and high-quality research papers; however, these should not serve as the sole basis of your report.

Your report must clearly delineate the following elements:

  • The distinctions between traditional IT systems and Critical Systems and their implications for cyber security.
  • The key stakeholders involved in cyber security incidents within Critical Infrastructure (e.g., attackers, ICS vendors, environment, etc.).
  • Cyber security risks and associated threat vectors.
  • Existing cyber security methodologies and their limitations, addressing technical and operational challenges.
  • Strategies for enhancing cyber security in this domain, discussing their impact on the system.

The report should adhere to professional standards, written in an appropriate style and format. Attention to accuracy, completeness, and consistency in citation and source listing is imperative.

Section 3: Deliverables

Your report should encompass the findings from Section 2. The first page of your report should clearly display the title, your name, student ID, and the date.