Executive Summary
Today’s rapidly expanding information technology environment has given rise to many autonomous and automated systems in the energy industry otherwise known as Industrial Control Systems (ICS). These devices are being joined with user friendly, multi-purpose operating systems. The advent of this new standard of operation has exposed once former isolated networks to all the vulnerabilities of internet-connected devices (Saunders). Combined with insider threat, close proximity infiltration, and poor cyber hygiene by employees, ICS are more susceptible to exploitation now than ever before. This paper takes a fictitious hydro-electric energy company, Grizzly Power Inc., from a weak cyber posture to a strong one to meet the compulsory protocols required to operate in today’s cyber environment. The focus will be on Supervisory Control and Data Acquisition (SCADA) systems which run the day to day operations of my energy company. SCADA systems were chosen for this project due to the serious impact not only on the business, but the general population which my company serves. Executive Order (EO) 13636 and Presidential Policy Directive-21 places an emphasis on critical infrastructure like the one used in this paper to work with the government and meet cyber security goals in today’s world (DHS, 2013). The focus of the strategy will be obtaining executive buy-in by outlining a holistic and systematic approach to creating, fostering, and implementing a realistic cyber defense strategy.
Introduction
In order to gain executive buy-in for this proposal, a detailed outline of how Grizzly Power Inc. will transform from a weak cyber posture to a strong cyber posture was created. A showcase of worst case scenarios will draw and capture initial fidelity of enhancing the company’s cyber security. This strategy was formulated by an aligned vision with the company’s business goals, best practices from the Information Technology...