Case Study 1: Stuxnet
Due Week 2 and worth 60 points
In June 2010, Stuxnet, a complex and highly sophisticated computer worm was discovered by Kaspersky Lab. Stuxnet targeted Siemens industrial Supervisory Control and Data Acquisition (SCADA) systems. It was reported that the worm appeared to target Iran’s uranium enrichment infrastructure. Most computer worms and viruses tend to target consumer systems such as desktop computers and laptop computers.
You can learn more about Stuxnet athttp://www.youtube.com/watch?v=scNkLWV7jSw.
Write a four to five (4-5) page paper in which you:
1. Analyze the level of security requirements between industrial systems and consumer devices such as desktop computers. Address if they should be the same or different.
2. Analyze the anatomy of Stuxnet and how it was able to damage Iran’s SCADA systems.
3. Evaluate the lessons that were learned from Stuxnet about the vulnerability of Iran’s SCADA systems. Suggest how the attacks could have been prevented.
4. Provide five (5) guidelines that should be used to reduce a network’s attack surface for industrial control systems.
5. Use at least three (3) quality resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
• Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
• Define authorization and access to an IT infrastructure based on an access control policy framework.
• Describe methods that mitigate risk to an IT infrastructure’s with confidentiality, integrity, availability and access controls
• Use technology and information resources to research issues in access control.
• Write clearly and concisely about topics related to Security Access & Control Strategies using proper writing mechanics and technical style conventions.