Professional Documents
Culture Documents
Coursework report
By
Vrushang Bawne
Term 1
Page | 1
Table of Contents
ABSTRACT……………………………………………………………………………………………….3
INTRODUCTION………………………………………………………………………………….…….4
1.1 Details of the designated scenario
1.2 Flow of the report
LITERATURE REVIEW………………………………………………………………………………...6
2.1 Cybersecurity in SCADA Systems within Triton Aerospace Components
2.2 SCADA Systems and Cybersecurity Challenges
2.3 Vulnerabilities and Threats in SCADA
2.4 Risk Assessment Methods
2.5 Data Management in SCADA Systems
2.6 Recommendations for Improving SCADA Security
2.7 Incident Response and Disaster Recovery
2.8 Conclusion
DATA MANAGEMENT PLAN…………………………………………………………………………8
3.1 Necessary information for the plan
3.2 Data Management Plan specific to locations and production units
SECURITY RISK ASSESSMENT AND ANALYSIS…………………………………………………11
4.1 Risk Assessment Method
4.2 Risk Assessment Steps
4.3 Risk Management and Control Implementation for Each Site
4.4 Risk Communication and Policy Formulation
4.5 Risk Register
RECOMMENDATIONS FOR IMPROVMENTS…………………………………………………...….16
CONCLUSIONS……………………………………………………………………………………...….18
REFERENCES……………………………………………………………………………………....…...19
Page | 2
ABSTRACT:
This report presents a comprehensive analysis of cybersecurity in the SCADA systems of the designated
situation that has been modified specifically to generate a tailored technical report. Hence the report brings
a detailed study on an aerospace manufacturing organization titled Triton Aerospace Components. SCADA
systems, pivotal in critical infrastructure and manufacturing, are vulnerable to cyber threats that can lead to
significant operational disruptions and data breaches. The focus is on mitigating these threats within
Triton’s complex, distributed SCADA systems and establishing an effective data governance plan. Triton
Aerospace Components operates across three primary locations: Bristol, Glasgow, and Swansea, each
utilizing sophisticated SCADA systems for varied manufacturing processes. This report encompasses a
detailed literature review, drawing insights from various existing literatures, highlighting the urgency of
addressing cybersecurity in SCADA systems. It also features a thorough security risk assessment, including
a detailed risk register, and a strategic data management plan, addressing the unique challenges at each of
Triton’s sites to provide recommendations for improvements. The report culminates in emphasizing the
dynamic nature of cybersecurity, advocating for ongoing vigilance and adaptation, integrating emerging
technologies, and fostering a culture of cybersecurity awareness. The study’s findings and
recommendations aim to bolster the cybersecurity posture of Triton Aerospace Components, and in any
manufacturing industry in general, ensuring the integrity and resilience of its operations against evolving
cyber threats. This comprehensive exploration provides actionable insights and a strategic roadmap for
enhancing security and data governance in the industrial domain.
Page | 3
1. INTRODUCTION:
SCADA, standing for Supervisory Control and Data Acquisition, revolutionized industrial control by
enabling centralized, real-time monitoring and management of processes. Introduced to replace manual
controls, it significantly improved efficiency, safety, and decision-making in sectors like energy,
manufacturing, and transportation. SCADA systems collect and analyze data from remote sensors, driving
advancements in automation and integrating with technologies.
SCADA systems are crucial in critical infrastructure and manufacturing (Alanazi et al., 2023) controlling
essential processes. Addressing their cybersecurity is imperative as vulnerabilities (Upadhyay and
Sampalli, 2020) can lead to severe operational disruptions, data breaches, and threaten overall industrial
integrity and safety. In this report, we conduct a formal assessment of cybersecurity within Triton Aerospace
Components, focusing on mitigating cyber threats in their complex and distributed SCADA systems and
establishing an effective data governance plan. The principal aim is to critically identify, assess, and
implement essential security controls to address and mitigate cyber threats, while concurrently crafting a
realistic and effective data governance plan.
Each site utilizes sophisticated SCADA systems for real-time monitoring and control over
extensive manufacturing processes.
Page | 4
1.2 Flow of the report:
Hence, the report offers a thorough security risk assessment with a detailed risk register, a data management
plan ensuring data integrity and compliance, and strategic proposals to enhance PLC (Wang et al., 2020)
security, network defenses, and resilience against various cyber threats. The report unfolds through a
structured approach, starting with a literature review to establish a foundational understanding of the current
cybersecurity landscape, particularly relevant to SCADA systems. This is followed by a detailed data
management plan, emphasizing the protection of critical data. A central aspect of the report is the
comprehensive security risk assessment and analysis, leading to the development of a strategic risk register.
Based on this analysis, targeted recommendations for improving the company’s cybersecurity measures are
presented. The report concludes by summarizing the findings and aligning them with the goal of enhancing
cybersecurity resilience and data governance within the complex industrial setting of Triton Aerospace
Components. This technical report will serve as a blueprint for Triton Aerospace Components to
significantly strengthen its cybersecurity posture against the multifaceted threats outlined in the detailed
overview. In essence, this report is a comprehensive exploration of the cybersecurity challenges and
solutions within a specific industrial context, aiming to provide actionable insights and a strategic roadmap
for enhanced security and data governance.
Page | 5
2. LITERATURE REVIEW:
SCADA (Supervisory Control and Data Acquisition) systems are integral to critical infrastructure and man-
ufacturing sectors. As Alanazi et al. (2023) and Upadhyay and Sampalli (2020) highlight, cybersecurity
within these systems is paramount due to the risk of operational disruptions and data breaches. This litera-
ture review delves into various aspects of SCADA cybersecurity, particularly focusing on the context of
Triton Aerospace Components.
The importance of SCADA systems in industrial control cannot be overstated. Alanazi et al. (2023) empha-
sizes their critical role and vulnerability to cyber-attacks. Similarly, Upadhyay and Sampalli (2020) address
the potential severe consequences of these vulnerabilities. This vulnerability is further explored by Wang
et al. (2020), who discuss the security implications in Programmable Logic Controllers (PLCs) within
SCADA systems.
The work by Dawn Silverman and colleagues (2020) offers a comprehensive overview of the various vul-
nerabilities in SCADA systems. These include hardware, software, and communication vulnerabilities,
along with procedural shortcomings. They point out that legacy systems, often part of SCADA networks,
are particularly prone to attacks due to outdated security measures.
In the context of risk assessment, Taherdoost (2022) provides a robust framework that integrates the NIST
Cybersecurity Framework with ISO/IEC 27005 standard. This approach is critical for Triton Aerospace
Components, considering their diverse operational environments.
Kaufman (2009) and Sandhu (1998) provide insights into the data management aspects within SCADA
systems. They emphasize the importance of secure data storage and access control mechanisms. This is
particularly relevant for Triton Aerospace, where sensitive data management is crucial across different lo-
cations and production units.
Page | 6
2.6 Recommendations for Improving SCADA Security:
The studies by Baray and Ojha (2021) and Al-Asiri and El-Alfy (2020) suggest implementing robust en-
cryption standards and Intrusion Detection Systems (IDS) to enhance SCADA network security. This aligns
with Triton Aerospace's need for secure communication channels and vigilant monitoring of their SCADA
networks.
Eden et al. (2015) and Yadav and Paul (2021) discuss the importance of having effective incident response
plans and disaster recovery strategies for SCADA systems. This is crucial for Triton Aerospace Components
to ensure minimal downtime and swift recovery in the event of cyber incidents.
This literature review underscores the complex cybersecurity landscape surrounding SCADA systems
within the industrial domain, especially for companies like Triton Aerospace Components. The discussed
studies collectively emphasize the need for a comprehensive approach encompassing enhanced authentica-
tion mechanisms, secure data management practices, and robust incident response strategies to safeguard
against the spectrum of cybersecurity threats.
Page | 7
3. DATA MANAGEMENT PLAN:
The data management plan emphasizes safeguarding sensitive operational and administrative data
within SCADA systems for the scenario, focusing on regulatory compliance, data integrity, and protec-
tion against cybersecurity threats. The plan emphasizes the importance of location-specific risk assess-
ments, security controls, and training to maintain the integrity of manufacturing processes and sensitive
data.
3.1 Necessary information for the plan:
Aspect Description
Utilizes encrypted databases for secure storage, with redundancy across multiple
physical and cloud-based (Kaufman, 2009) locations. Regular backups are
Data Storage
scheduled, coupled with off-site storage solutions to ensure data recovery in the
event of system failure or cyber incidents.
3.2.1 Headquarters, Bristol- Central Administrative Hub and Propulsion Systems Production
• Implement MFA (Garrett, 2016) for SCADA systems controlling propulsion system production,
ensuring secure access controls.
Page | 8
• Conduct regular firmware updates (Alanazi et al., 2023) and patch management for SCADA
software to mitigate vulnerabilities associated with propulsion system control units.
• Install surveillance and alarm systems for the physical security of SCADA servers to prevent
unauthorized on-site access.
• Segment SCADA networks from the general corporate intranet, creating a secure enclave for the
avionics and cockpit instrumentation SCADA systems.
• Encrypt wireless signals within the avionics production unit using WPA3 (Wang et al., 2020; Baray
and Ojha, 2021) and other industry-standard encryption protocols to safeguard sensor data
transmission.
• Implement an IDS (Al-Asiri and El-Alfy, 2020) to monitor the SCADA network for signs of
intrusion, with a special focus on external communication points that could impact navigation
system integrity.
3.2.3 Swansea, Wales- Landing Gear Production and Advanced Materials Research
• Prioritize security updates for SCADA systems that manage landing gear production, where
precision and reliability are particularly critical.
• Introduce robust data integrity protocols to verify the accuracy and reliability of sensor data used
in materials research, utilizing cryptographic checksums (Denning, 1984) and anomaly detection
systems (Mokhtari et al., 2021).
• Develop a comprehensive risk register for the SCADA systems at Swansea, detailing potential
threats to both landing gear production and materials research data.
• Deployment of firewalls and intrusion prevention systems at critical network points (Peuhkuri,
2008; Huseyin et al., 2009).
• Establishment of a centralized Security Operations Center (SOC) for ongoing monitoring of
SCADA network traffic (Vielberth et al., 2020).
• Regular execution of penetration tests to identify and mitigate new security vulnerabilities.
Page | 9
• Creation of encrypted backups for SCADA system configurations and operational data,
securely stored off-site for disaster recovery.
• Implementation of strict access controls, particularly for remote maintenance activities,
ensuring secure VPN connections.
This plan outlines a comprehensive data management strategy for Triton Aerospace Components,
addressing various facets of data handling and security within their SCADA systems. The plan is designed
to protect against cybersecurity threats while ensuring operational efficiency and regulatory compliance.
Page | 10
4. SECURITY RISK ASSESSMENT AND ANALYSIS:
The risk assessment for Triton Aerospace Components’ SCADA systems adopts a hybrid approach, merging
the NIST Cybersecurity Framework with the ISO/IEC 27005 standard. This methodology provides a
comprehensive process for identifying, analyzing, and prioritizing risks as detailed by Taherdoost (2022),
followed by implementing tailored controls for each operational context. It outlines a detailed seven-step
information risk management process, suitable for diverse organizations, encompassing risk assessment,
treatment, acceptance, communication, consultation, and continuous monitoring and review (Azmi et al.,
2018; Putri and Hakim, 2021).
• Cataloging of all SCADA assets at each site, including hardware, software, data, and
network resources.
• Assignment of value and criticality levels to each asset, based on its operational importance
and potential impact upon compromise.
3. Risk Analysis:
• Risk level determination for each scenario by combining likelihood and impact
assessments (Cherdentseva et al., 2016).
4. Risk Characterization:
Page | 11
• Creation of risk profiles for Bristol, Glasgow, and Swansea sites, detailing each site's
unique threat landscape.
• Development of threat matrices to map potential attackers, attack vectors, and target assets.
• Prioritization of risks based on their levels and determination of appropriate controls for
effective management.
• Implementation of technical controls like firewalls, intrusion detection systems, and access
control mechanisms.
• Continuous monitoring of SCADA systems to detect and respond to security events in real-
time.
• Regular review and reassessment of the risk environment, adjusting controls to address
new threats or vulnerabilities.
• Advanced network monitoring tools and a security operations center are established for
comprehensive network oversight.
• Strict access control measures, including biometric authentication, are implemented for both
physical and digital SCADA system access.
• Employees undergo regular training to stay informed about security best practices and the
company's risk posture.
Page | 12
• Data encryption is enforced for both data-in-transit and data-at-rest within the avionics and
cockpit instrumentation SCADA networks.
• SCADA networks are segmented from the broader business IT environment to mitigate cross-
contamination risks.
• Security drills and simulations are regularly conducted, ensuring the workforce is prepared for
potential cyber incidents.
• Data integrity checks and stringent change management procedures protect against
unauthorized system modifications.
• Robust encryption and intellectual property rights management systems are utilized to secure
sensitive research data.
• Policy Development: Creation and dissemination of clear cybersecurity policies, aligned with
international standards and best practices.
• Stakeholder Engagement: Ensuring a cohesive understanding of the risk landscape among all
stakeholders, including executive leadership and operational teams.
Executing this detailed risk assessment and analysis equips Triton Aerospace Components with a deep
understanding of its SCADA system vulnerabilities, facilitating the development of a strategic plan to
mitigate and manage cybersecurity risks effectively. Continual refinement of this process ensures
adaptability and resilience against evolving cyber threats.
Page | 13
4.5 Risk Register:
This risk register provides Triton Aerospace Components with a clear overview of the key risks to their
SCADA systems, allowing for targeted risk management and mitigation efforts. Each risk is assessed for
its likelihood and potential impact, with strategies outlined to handle or mitigate these risks effectively.
R006 Insider Threats Medium High Least privilege access, user behavior
analytics, staff vetting
R007 PLC Hardware Tampering Low High Secure boot processes, hardware
authentication, physical checks
Page | 14
R010 Data Exfiltration Medium High DLP systems (Cangea and Popa,
2021), network traffic analysis,
endpoint security
R011 Phishing Attacks Leading High High Email filtering, security awareness
to Breaches training, incident response
R014 Compliance Violations Low Medium Regular audits, policy reviews, staff
training on regulations
Page | 15
5. RECOMMENDATION FOR IMPROVMENTS:
Based on the security risk assessment and analysis for Triton Aerospace Components, the following are
strategic recommendations for improvements:
1. Implement Robust Authentication: Enforce multi-factor authentication across all SCADA systems
to mitigate unauthorized access.
2. Update and Patch Management: Establish an ongoing patch management protocol for updating
SCADA software and firmware to close security gaps.
4. Physical Security Enhancement: Increase physical security measures around critical infrastructure
with controlled access and surveillance systems.
5. Wireless Network Security: Secure wireless networks with the latest encryption standards and
monitor for anomalies or unauthorized access.
6. Insider Threat Programs: Develop comprehensive insider threat programs, including regular
security training and access monitoring.
7. Network Segmentation: Segment SCADA networks from the corporate intranet to reduce the attack
surface and contain potential breaches.
8. Disaster Recovery Planning: Create robust disaster recovery plans that include SCADA systems,
ensuring minimal downtime and quick recovery.
9. Supply Chain Security: Conduct security assessments of third-party vendors and implement strict
controls on third-party network access.
10. Data Loss Prevention (DLP): Install DLP systems to monitor and protect against the unauthorized
transfer of sensitive information.
Page | 16
11. Phishing Defense Mechanisms (Pliatsios et al., 2020): Strengthen email defenses with advanced
filtering and conduct regular phishing awareness training for employees.
12. Ransomware Preparedness: Implement proactive defenses against ransomware with anti-malware
tools and establish regular data backup routines.
13. Cross-Site Cybersecurity Protocols: Ensure consistency in cybersecurity practices across all sites
and establish protocols for rapid cross-site incident response.
14. Regulatory Compliance: Regularly review and update policies to maintain compliance with
national and international cybersecurity regulations.
These recommendations aim to fortify Triton Aerospace Components' cybersecurity defenses, focusing on
risk reduction, data protection, and swift recovery from incidents. They should be integrated into a
comprehensive cybersecurity strategy that is regularly reviewed and updated to adapt to the evolving threat
landscape.
Page | 17
6. CONCLUSION:
In concluding this comprehensive analysis for Triton Aerospace Components, the importance of robust
cybersecurity in today’s interconnected industrial landscape becomes strikingly evident. The study’s
findings, derived from a detailed literature review and a focused security risk assessment, reveal key
vulnerabilities within Triton’s SCADA systems, particularly regarding outdated software and wireless
network security. The proposed recommendations, including enhanced authentication, regular software
updates, and encrypted communications, are designed to address these vulnerabilities effectively.
My perspective as the author emphasizes that cybersecurity is a dynamic field, requiring ongoing vigilance
and adaptation. Future strategies should incorporate emerging technologies like AI and blockchain for
advanced threat defense and secure data transactions. Equally crucial is establishing a pervasive culture of
cybersecurity awareness throughout the organization, ensuring that employees are active participants in
safeguarding the company’s digital assets.
This report’s recommendations, while offering immediate security enhancements, also serve as a foundation
for future-proofing Triton Aerospace Components against evolving cyber threats. This aligns with the
report's primary goal of fortifying operational integrity and data security in a complex, globally
interconnected environment, ensuring Triton’s resilience in the face of persistent and emerging
cybersecurity challenges.
Page | 18
REFERENCES:
Addobea et al., (2023), “Secure multi-factor access control mechanism for pairing blockchains”. Journal-
of-information-security-and-applications.74(103477). Doi: https://doi.org/10.1016/j.jisa.2023.103477.
Al-Asiri and El-Alfy, (2020), “On Using Physical Based Intrusion Detection in SCADA Systems”. Procedia
Computer Science 170, Pages (34-42). Doi: https://doi.org/10.1016/j.procs.2020.03.007.
Alanazi, M. et al., (2023), “SCADA vulnerabilities and attacks: A review of the state‐of‐the‐art and open
issues”. Computer and Securities.125(103028). Doi: https://doi.org/10.1016/j.cose.2022.103028 (access
date: 23.12.23).
Azmi, R.; Tibben, W.; Win, K. Review of cybersecurity frameworks: Context and shared concepts. J. Cyber
Policy 2018, 3, 258–283.
Baray and N. Kumar Ojha, "‘WLAN Security Protocols and WPA3 Security Approach Measurement
Through Aircrack-ng Technique’," 2021 5th International Conference on Computing Methodologies and
Communication (ICCMC), Erode, India, 2021, pp. 23-30, doi: 10.1109/ICCMC51019.2021.9418230.
Cangea and Popa, (2021), “Adaptive Security for Automatic Protection of Data”. Smart Innovation,
Systems and Technologies book series SIST, (226). Doi: Adaptive Security for Automatic Protection of
Data | SpringerLink.
Cavusoglu, Huseyin, et al. “Configuration of and Interaction Between Information Security Technologies:
The Case of Firewalls and Intrusion Detection Systems.” Information Systems Research, vol. 20, no. 2,
2009, pp. 198–217. JSTOR, http://www.jstor.org/stable/23015480. Accessed 19 Jan. 2024
Cherdentseva et al., (2016), “A review of cyber security risk assessment methods for SCADA systems”.
Computers & Security 56, Pages (1-27). Doi: https://doi.org/10.1016/j.cose.2015.09.009.
D. E. Denning, "Cryptographic Checksums for Multilevel Database Security," 1984 IEEE Symposium on
Security and Privacy, Oakland, CA, USA, 1984, pp. 52-52, doi: 10.1109/SP.1984.10011.
D. Pliatsios, P. Sarigiannidis, T. Lagkas and A. G. Sarigiannidis, "A Survey on SCADA Systems: Secure
Protocols, Incidents, Threats and Tactics," in IEEE Communications Surveys & Tutorials, vol. 22, no. 3,
pp. 1942-1976, thirdquarter 2020, doi: 10.1109/COMST.2020.2987688.
D. Upadhyay, M. Zaman, R. Joshi and S. Sampalli, "An Efficient Key Management and Multi-Layered
Security Framework for SCADA Systems," in IEEE Transactions on Network and Service Management,
vol. 19, no. 1, pp. 642-660, March 2022, Doi: 10.1109/TNSM.2021.3104531
Page | 19
Garrett, k, (2016). “Vulnerability Analysis of Multi-F ability Analysis of Multi-Factor Authentication Pr
Authentication Protocols”. Doi: Vulnerability Analysis of Multi-Factor Authentication Protocols (unf.edu).
Ghosh, Sagarika & Sampalli, Srinivas. (2019). A Survey of Security in SCADA Networks: Current Issues
and Future Challenges. IEEE Access. PP. 1-1. 10.1109/ACCESS.2019.2926441.
Hentea, (2008), “Improving Security for SCADA Control Systems”. Interdisciplinary Journal of
Information, Knowledge, and Management 3. Doi: IJIKMv3p073-086Hentea361.pdf.
Kaufman, Lori. (2009). Data Security in the World of Cloud Computing. Security & Privacy, IEEE. 7. 61-
64. 10.1109/MSP.2009.87.
Mokhtari S, Abbaspour A, Yen KK, Sargolzaei A. A Machine Learning Approach for Anomaly Detection
in Industrial Control Systems Based on Measurement Data. Electronics. 2021; 10(4):407.
https://doi.org/10.3390/electronics10040407.
M. Vielberth, F. Böhm, I. Fichtinger and G. Pernul, "Security Operations Center: A Systematic Study and
Open Challenges," in IEEE Access, vol. 8, pp. 227756-227779, 2020, doi:
10.1109/ACCESS.2020.3045514.
Pan, Xiaojun; Wang, Zhuoran; Sun, Yanbin. Journal of Cybersecurity; Henderson Vol. 2, Iss. 2, (2020): 69-
83. DOI:10.32604/jcs.2020.010045.
Peter Eden, Andrew Blyth and Pete Burnap et al. A Forensic Taxonomy of SCADA Systems and Approach
to Incident Response. 2015. DOI: 10.14236/ewic/ICS2015.5.
Putri, M.K.; Hakim, A.R. Perancangan Manajemen Risiko Keamanan Informasi Layanan Jaringan MKP
Berdasarkan Kerangka Kerja ISO/IEC 27005: 2018 dan NIST SP 800-30 Revisi 1. Info Kripto 2021, 15,
134–141.
Sahu, Amiya & Sharma, Suraj & Tripathi, Shankar & Singh, Kamakhya. (2019). A Study of Authentication
Protocols in Internet of Things. 217-221. 10.1109/ICIT48102.2019.00045.
Page | 20
Upadhyay, D et al., (2019), “SCADA (Supervisory Control and Data Acquisition) systems: Vulnerability
assessment and security recommendations”. Computers & Security.98(101666). Doi:
https://doi.org/10.1016/j.cose.2019.101666 (access date: 23.12.23).
Ummer Iqbal, Aditya Tandon, Sonali Gupta, Arvind R. Yadav, Rahul Neware, Fraol Waldamichael Gelana,
"A Novel Secure Authentication Protocol for IoT and Cloud Servers", Wireless Communications and
Mobile Computing, vol. 2022, Article ID 7707543, 17 pages, 2022. https://doi.org/10.1155/2022/7707543.
Wang et al., 2020) Pan, Xiaojun; Wang, Zhuoran; Sun, Yanbin. Journal of Cybersecurity; Henderson Vol. 2,
Iss. 2, (2020): 69-83. DOI:10.32604/jcs.2020.010045.
Yadav and Paul, (2021), “Architecture and security of SCADA systems: A review”. International Journal
of Critical Infrastructure Protection 34, (100433). Doi: https://doi.org/10.1016/j.ijcip.2021.100433.
Page | 21