IHR Module 2 Lecture 6-8
IHR Module 2 Lecture 6-8
(HC-08)
• Lack of coverage also leads to a blind spot in your network. One of the
most effective ways to determine whether or not you have 100% of devices
covered is to look at network traffic at your network's perimeter (where it
connects to the Internet or other networks) and evaluate traffic behavior.
Network Monitoring
• Forensic applications can identify the deleted files that still exist
or display the artifact that proves they once did exist.
• Like a system with multiple VMs, each host has the ability to see
network packets destined for other VMs on that system.
Snooping
From a health and safety context, cyberattacks can be grouped into three distinct areas, as
follows.
Attacks on IACS
• In early 2017, the HSE published Cyber Security for Industrial Automation
and Control Systems. Aimed at major hazard workplaces, the publication
recognises that threats can originate not only from system networks but also
software upgrades, maintenance activities and unauthorised access.
Health and Safety Issues
• Resources may have to be invested to ensure that lost documentation and information is replaced
(eg risk assessments having to be undertaken again).
• Defence against prosecution or civil litigation may be weakened due to an inability to provide
evidence of previous good health and safety management where documentation is permanently
lost.
• Lost historical data that could assist in identifying and developing future risk control measures
would leave a knowledge gap
Health and Safety Issues
Attacks on BMS
• The third area that can have health and safety implications can be described as operational.
Building Management Systems (BMS), either standalone or integrated, can form part of many
health and safety risk control systems. These systems control several environmental factors (eg
ventilation, lighting, power, fire and security systems, etc).
• As an example, many organisations now use automated access control systems as a security
measure to protect employees and prevent unauthorised access to certain premises. A cyberattack
has the potential to override such systems, putting employees at risk from those gaining
unauthorised access.
Health and Safety Issues
• Oldsmar Sheriff Bob Gualtieri, in the press statement, mentioned that the
hacker tried to manipulate the sodium hydroxide concentration in the water.
• “Sodium hydroxide, also known as lye, is the main ingredient in liquid drain
cleaners. It’s also used to control water acidity and remove metals from
drinking water in the water treatment plant.“
• “The hacker changed the sodium hydroxide from about 100 parts per million
to 11,100 parts per million. This is a significant and potentially dangerous
increase.”
Securing crime scene