Reference no: EM131663777

Assignment: PureLand Wastewater Treatment

This assignment requires you to analyze the network diagram for PureLand Wastewater and make specific recommendations to improve network security. Specifically, you must design zones and conduits as described in Chapter-9 of your text, establishing zones and conduits. Use the Network Security Improvement template for this assignment. The network security improvements you develop will be a part of your cyber security improvement plan. Your assignment will be graded according to the rubric which can be viewed when clicking on the assignment link.

Assignment Resources:

• Textbook:

o Industrial Network Security, 2nd Edition by: Joel Thomas Langill and Eric D. Knapp- Chapter 9

Cyber Security Case Study

Company Summary

PureLand Wastewater Treatment Inc. (est. 2001) is a company providing years of experience in all aspects of Wastewater Treatment with special emphasis on the Chemical Manufacturing and Biological Fermentation industries. We are a flexible, responsive organization with a network of resources to handle any size project. Each project is approached by utilizing our strong sterilization and engineering skills while drawing on our background in Operations, Service, Validation, and Quality to provide solutions for all of your Wastewater Treatment needs. We provide personal attention to ensure customer satisfaction in all services and equipment we supply.

Security Concerns

PureLand has special security concerns due to the highly toxic nature of some of the chemicals they use to sterilize and treat wastewater streams for their customers. Although Physical Security has always been on their radar and relatively strong, Cyber Security has not been something that they were particularly concerned about. After all, the chemicals they use to do their work were not proprietary so they had little concern about theft of intellectual property or trade secrets being compromised.

All this changed recently when PureLand executives and operations folks were contacted by the Department of Homeland Security (DHS) in regard to a particularly toxic chemical they use to sanitize Wastewater in biologically hazardous processes-Chlorine Dioxide. DHS officials were aware of their use of the chemical because of publicly available waste treatment permits provided to PureLand by the EPA. As it turns out, Chlorine Dioxide is on the DHS Chemical Facility Anti-Terrorism Standards (CFATS) list of chemicals of interest because of the risks associated with chemical release or sabotage using this chemical. PureLand was aware Chlorine Dioxide was a very dangerous chemical, but they had never considered Cyber Terrorism or theft of the chemical for sabotage when completing prior risk assessments. The implications of this were quite serious for PureLand, as they now are required by Federal law to comply with both Physical and Cyber Security regulations related to their use of this chemical of interest. DHS officials made PureLand aware of their obligations and informed them that they would be subject to an audit by DHS within eighteen months that would assess their compliance with CFATS regulations. If compliance was not achieved within 12 months of the initial audit, PureLand would be subject to huge fines and penalties that could include closure of their facility.

PureLand Reaction

The PureLand Executives were quite alarmed by the news and immediately formed an internal team to create a Cyber Security improvement and compliance plan. The team researched the issue and reviewed the information provided by DHS around security standards. The first objective was to use a tool provided by DHS to perform a Cyber Security Self Evaluation on their computing systems. The hope was that by using this free tool, they could get some insight on the most critical Cyber Security gaps that existed and potentially provide a road map on where to focus their security improvement plan. A team of system administrators, security professionals, and management representatives worked on the Cyber Security Self Evaluation over a period of two days.

Cyber Security Self Evaluation Results

The results of the Self Evaluation were very disturbing for the entire team. The evaluation reported varying levels of compliance from 0% to 100%, but it was very clear that they had their work cut out for them. The leadership team met with the IT staff and their IT Security Analyst, and it was decided that they didn't have the internal staffing or appropriate skillset to implement the needed security improvements within one year. The decision was made to hire an outside consultant to help devise and implement a Cyber Security improvement plan that would achieve these critical objectives:

1. Reduce their risk from Cyber Security incidents to an acceptable level
2. Achieve compliance with CFATS regulations
3. Minimize negative impacts to production and safety

Path Forward

As the outside consultant, it's your job to lead the effort to create the Cyber Security improvement plan per the objectives laid out in the accompanying document: Developing Cyber Security Improvement Plan for Industrial Control System - Case Study.

You'll focus your efforts by studying the PureLand Cyber Security Assessment which includes various tables and charts indicating the areas of most concern. PureLand has contracted you to provide two major deliverables for this contract:

1. Industrial Control System Cyber Security Improvement Plan (Detailed requirements included in document - ICS security improvement case description)

2. Presentation to key stakeholders one week prior to formal plan presentation.