Critical Systems Security (CSS) | My Assignment Tutor

1Coursework SepcificationModule details Module CodeUFCF7P-15-MModule TitleCritical Systems Security (CSS)Module LeaderJonathon StadonModule TutorsPhil Legg, Ian, thomas, Gwyn, JonathanWhiteYear2020-21Component/Element numberCompB/E1Total number of assessments for thismodule2Weighting50%Element description2000 work Written report Dates Submission Date5 August 2021Submission placeBlackbaord, AssignmentsSubmission time14:00 (2pm)Submission notesPlease ensure that you work is submittedin an accessable format. (Ideally a Docx orPDF) Feedback Feedback provision will beFeedback will be published throughBlackbaord. If you would like additionalfeedback, then please contacts yourleader/tutor to arrange a meeting. 2ContentsSection 1: Overview of AssessmentSection 2: Task SpecificationSection 3: DeliverablesSection 4: Marking CriteriaSection 1: Overview of AssessmentThis assignment assesses the following module learning outcomes:• Demonstrate a deep and systematic understanding of conventional and contemporaryICS implementations and their comparison to IT systems in the context of cyber security;(A, B)• Undertake the analysis of the cyber threat landscape in ICS and evaluate current cyberprotection approaches in the field; (B)• Design and evaluate improvements in current cyber protection approaches to tackle thecyber security challenges that arise in ICS. (B)The assignment is worth 50% of the overall mark for the module.Broadly speaking, the assignment requires you to write a 2,000 words report on the analysisof the current cyber threat landscape and cyber protection approaches in the CriticalInfrastructure, proposing ways for improvement. The report will be research-based, writtenin an industrial standards format; you are expected to draw information from one or morecase studies including but not limited to “Stuxnet” (and/or variations of Stuxnet), the“Analysis of the Cyber Attack on the Ukrainian Power Grid” in 2015 and Wannacry.The assignment is described in more detail in section 2.This is an individual assignment.Working on this assignment will help you to identify and analyse the challenges that arise inthe cyber protection of cyber physical control systems used in the Critical Infrastructure, andpresent them in a report that follows industrial standards. Through your research you willanalyse and evaluate the current threat landscape and the cyber protection approaches inthe field, and propose ways for improvement. If you have questions about this assignment,please post them to the discussion board on Blackboard.3Section 2: Task SpecificationProduce a 2,000 words report analysing selected case study/-ies on cyber securityincidents in the Critical Infrastructure.You are working as an independent consultant for a Cyber Security firm that operates aResearch and Development department on Cyber Security in Industrial Control Systems. Thefirm wants to gather intelligence on cyber security in Critical Systems in order to come upwith new products and solutions. Your assignment is to do research in this area and producea report that addresses the firm’s needs. In particular, your research will focus on:• The analysis of the current threat landscape in cyber physical control systems used inthe Critical Infrastructure.• The analysis and evaluation of current cyber-security approaches in the field.• Ways to improve current cyber security approaches, analysing their impact on thesystem.Your research must draw information from one or more case studies provided in thelectures (e.g. Stuxnet, Flame, Ukrainian Power Grid, Wannacry etc.) and relevant papers ofhigh quality. In your report, you must clearly identify the following elements:– The differences between traditional IT systems and Critical Systems and how they affectcyber security;– The entities involved in cyber security incidents in the Critical Infrastructure (e.g. attackactors, ICS vendors, environment etc.);– The cyber security risks and the associated threat vectors;– Current cyber security approaches and their limitations, analysing the technical andoperational challenges that arise;– Ways to improve cyber security in this area, discussing their impact on the system.The report must follow professional standards, written in an appropriate style and format.Accuracy, completeness and consistency of citation and listing of sources must also be takeninto account.Section 3: DeliverablesA 2,000 words written report is to be submitted via Blackboard by XXX in PDF format.Your report should include the result of your research as described in Section 2. On the first page ofyour report you should clearly identify the subject/title of the report, your name and surnamefollowed by your student ID and the current date.4Section 4: Marking Criteria 0-2930-3940-4950-5960-6970-8485-100Mark &Advice forImprovementUnderstanding the natureof ICS(differenceswith ITsystems andimpact oncybersecurity inICS)(25%)Poor content;little or nodescription ofthe differencesbetween IT andICS systems.Provides somedescription ofthe differencesbetween ITsystems and ICS;content notadequate;further analysisis needed on theimpact theyhave on cybersecurity.Provides adescription ofthe differencesbetween ITsystems and ICS;impact analysiscould be clearer.Provides awell writtendescription ofthedifferencesbetween ITsystems andICS, giving animpactanalysisbased oninformationdrawn fromgood qualitysources.Very wellwrittendescription ofthedifferencesbetween ITsystems andICS based onhigh qualitysources;provides awell writtenimpactanalysisbased on highqualitysources.Excellentdescription ofthedifferencesbetween ITand ICSsystems,explaining indetail howthey affectcyber securityin ICS.Appropriatesources used.Outstandingdescription ofthedifferencesbetween ITand ICSsystems andhow theyaffect cybersecurity,providingexamplesfrom casestudies; useof additionalsources.;publishablematerial.Analysis ofthe threatlandscapeandevaluation ofcurrentcyberPoor content;little or noanalysis of thethreat landscapeand/orevaluation ofcurrent cyberProvides someanalysis ofcurrent threatlandscape andsecurityapproaches;missesProvides adescription ofthe landscapeand someevaluation ofcurrent cyberProvides awell writtendescription ofthe threatlandscapeand anevaluation ofProvides avery wellwrittendescription ofthe threatlandscapeand anExcellentanalysis ofthe threatlandscapeand currentcyber securityapproaches;Outstandinganalysis ofthe threatlandscapeand currentcyber securityapproaches, 5 securityapproaches(25%)securityapproaches.importantelements;inadequatedepth ofcontent.securityapproaches.current cybersecurityapproachesbased ondata drawnfrom goodqualitysources.evaluation ofcurrent cybersecurityapproachesbased ondata drawnfrom highqualitysources.appropriatesources used.providingexamplesfrom casestudies; useof additionalsources;publishablematerial.Ways toimprovecurrent cybersecurityapproaches(25%)Poor content;little or nodiscussion onways to improvecyber security inICS.Somesuggestions onhow to improvecyber security inICS; inadequatecontent; little orno evaluation ofthe proposedmethods.Providessuggestions toimprove cybersecurity in ICS;not clear howthey map to therest of thereport; providessome evaluationof proposedimprovements.Well writtensuggestionson how toimprovecyber securityin ICS; basedon theanalysis ofcurrentapproaches;providesevaluation ofproposedimprovements.Very wellwrittensuggestionson how toimprovecyber securityin ICS; basedon detailedanalysis ofcurrentapproaches;providesevaluation ofproposedimprovements.Excellentwork onsuggestionsto improvecyber securityin ICS; basedon detailedanalysis ofcurrentapproachesas identifiedin relevantpapers orcase studies;wellpresentedevaluation ofproposedimprovements.Outstandingwork onsuggestionsto improvecyber securityin ICS; basedon detailedanalysis ofcurrentapproachesas identifiedin relevantpapers andcase studies.Publishablematerial;wellpresentedevaluation ofproposedimprovements.Quality ofwritingNo use of theappropriateLack of orinaccurate use ofOften fails to useappropriateMostly usesappropriateA good graspof theUsesappropriateUsesappropriate 6 (25%)terminology;fails to describethe problem andthe work done;shows a lack ofstructure,comprehensibility, clarity andgrammaticalquality.the appropriateterminology;shows a lack ofstructure,comprehensibility, clarity andgrammaticalquality.terminology;may lack inlayout and/orlogical structure;may show a lackof clarity andcomprehensibility;lackinggrammaticalstructure.terminology;wellpresented;lacking inclarity andgrammaticalstructure.appropriateterminology;wellpresented inboth layouton the pageand logicalstructure;resented inanappropriatestyle; goodgrammaticalstandard.terminologyaccurately;professionallypresented inboth layouton the pageand logicalstructure;very wellpresented inanappropriatestyle;grammatically of a veryhighstandard.terminologyaccurately;professionallypresented inboth layouton the pageand logicalstructure;impressivelypresented inanappropriatestyle;grammatically of anextremelyhighstandard.


Leave a Reply

Your email address will not be published.