Answer 1
The role of the US-CERT is to respond to cyber threats on the US industrial sectors through prevention, detection of the attacks, and responding to them before damage is done. US-CERT has some efforts towards preparedness and incident and recovery management (Reiter & Rohatgi, 2004). US-CERT have invested in analysis systems that enable them to review, research, vet, and document computers defense attributes to enable them to respond to threats that they consider to be credible. Actually, there are many threats that have been detected by the US-CERT, but only a few of them have forced rapid report because they were considered to be a huge threat (Ferran, 2012). They have also invested in digital analytics to aid them in conducting forensic investigations with leads to the determination of whether or not the systems are under threat.
Answer 2
There are a number of initiatives that were taken by the ICS-CERT with the response to the Stuxnet threat. One of the initiatives that were taken included conducting an on-site incident response to the attack at the manufacturing facility that has reportedly been attacked by the malware. They proved to be helpful in the identification of all the systems that were infected and ensuring that the malware was eventually eradicated from the company’s control system network (Stouffer, Falco & Scarfone, 2011). The ICS-CERT has done more in protecting the U.S. industrial systems from the possible cyber attack. There are many malware targeting the U.S. industrial systems. However, not all of them were considered to be big threats as only 19 of them proved to need rapid response. Of the 19 cases, the ICS-CERT was able to make sure that the situations had been put under control, proving their effectiveness in the fight against cyber terrorism.
Answer 3
The use of or alternative sites for organizations that utilize ICS technologies is a worthy idea. This is because the alternative sites give such organizations the ability to remain operational even after attacks by malware such as Stuxnet. It is clearly evident that whoever created Stuxnet had the intention of creation a cyber-weapon. The fact that there are some similarities between the codes used for Stuxnet and those used for Flame and Duqu is just a sign that perhaps the creator is not done (Hansen & Nissenbaum, 2009). The organizations that are likely to be targeted are those which the livelihood of the people of US depends on. For example, if the water supply system is targeted, an alternative site will be useful in making sure that the organizations in charge are capable of handling the situation if the malware gets into their system without detection.
Answer 4
There is a high-level planning required for an industrial systems organization that uses ICS technologies to prepare for malware threats such as Stuxnet. One of the things that can be done is ensuring the implementation of Software Restriction Policies (SRP) to prevent the remote execution of codes (Farwell & Rohozinski, 2011). The use of default usernames and passwords should also be avoided for the sake of ensuring that there are limited opportunities for the malware to access the systems. Specific security policies that are aimed at addressing zone-to-zone and host-to-host communication requirements should be created. This would be an easier way of detecting such malware in the future before it is too late. The fact that the malware has not done the feared damage yet does not imply that it is not capable.
References
Farwell, J. P., & Rohozinski, R. (2011). Stuxnet and the future of cyber war. Survival, 53(1), 23-40.
Ferran, L. (2012, January 29). When Stuxnet Hit the Homeland: Government Response to the Rescue - ABC News. Retrieved from http://abcnews.go.com/blogs/headlines/2012/06/when-stuxnet-hit-the-homeland-government-response-to-the-rescue/
Hansen, L., & Nissenbaum, H. (2009). Digital disaster, cyber security, and the Copenhagen School. International Studies Quarterly, 53(4), 1155-1175.
Reiter, M., & Rohatgi, P. (2004). Homeland security. IEEE Internet Computing, 8(6), 16-17.
Stouffer, K., Falco, J., & Scarfone, K. (2011). Guide to industrial control systems (ICS) security. NIST special publication, 800(82), 16-16.
