SECURITY ASSESSMENT & TESTING
BUSINESS CASE: The Blue Skies Airport management company purchased three more airports. New established Blue Skies Airport System consists of four airports in the USA. Each airport has its own data center.
LOCATIONS.
Airport 1: Washington DC Airport 2: Chicago, IL
Airport 3: Los Angeles, Ca Airport 4: Dallas, TX
QUESTION 1: What is SCADA Cybersecurity for Blue Skies Airport System? Explain the differences between SCADA Cybersecurity vs. Traditional Security.
Resource:
https://www.citetech.com/learn/cybersecurity-for-scada-systems#:~:text=SCADA%20cybersecurity%20is%20the%20practice,natural%20gas%2C%20electricity%20and%20transportation.
https://www.energy.gov/ceser/downloads/21-steps-improve-cyber-security-scada-networks
QUESTION 2: List the Pros and cons of the Black box, Grey box, and White box pen-testing for the data center at Airport 1 in Washington DC. And explain which one you would prefer for the given business case.
Resource: https://thecyphere.com/blog/types-penetration-testing/
QUESTION 3: List the Pillars of Security of the Data Center of the Blue Skies Airport data center
QUESTION 4: Complete the Potential Threats table based on the given Blue Skies Airport case
Black Box Testing:
Pros: The Black Box testing approach offers a more comprehensive security assessment as it provides a thorough evaluation from an external point of view with little or no prior knowledge about the system being tested. This allows for testing of all potential attack vectors, makes it easier to identify vulnerabilities, and is often less expensive than other pen-testing methods.
Cons: As there is little or no knowledge about the system being tested, this approach requires more time to be completed as testers must learn about the system before they can begin their evaluation process. Additionally, due to its lack of specialized knowledge, this approach may result in false positives or overlook critical vulnerabilities that might have otherwise been identified through a different pen-testing method.
Grey Box Testing:
Pros: Grey Box testing combines elements from both Black and White box approaches; testers are provided with some information regarding the target environment but must still conduct their own research into any uncovered weaknesses or gaps in security measures. It also helps to reduce associated costs by cutting out unnecessary steps that would otherwise be required for a full blown external penetration test (such as protocol analysis).
Cons: While Grey box testing does allow for some additional specialization in terms of what areas are evaluated compared to Black Box tests, there still remains potential for missing certain weaknesses due to an incomplete picture on behalf of the testers when assessing specific systems within the data center’s environment. Additionally, there may be difficulty finding experienced professionals who understand how best utilize this middle ground between white and black box testing methods effectively.
White Box Testing:
Pros: With White Box testing , complete access is granted by providing all necessary specifications related to internal structure which allows for highly detailed assessments focused mainly on specific systems within larger environments such as data centers . In addition ,this type of test often takes less time because testers don’t need spend resources researching details related target environment . It also helps uncover any potential problems overlooked during earlier stages development process . Cons : Since more information is given upfront regarding inner workings any given system , malicious actors could potentially exploit these details if previously unknown flaws were found during assessment ; additionally , whitebox tests tend take longer set up because multiple configurations will likely need reviewed prior conducting actual evaluations .
Given business case presented Airport 1 data center Washington DC , would recommend utilizing greybox pen -test order gain balance between cost efficiency , thoroughness evaluation , availability resources needed quickly complete project while minimizing chances overlooking critical vulnerabilities either black white box approaches provide individually .