Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Task 2 CPS Vulnerability Instances Cyber - physical systems link sensing devices attached to a physical process with control elements that transfer data and commands

Task 2 CPS Vulnerability Instances
Cyber-physical systems link sensing devices attached to a physical process with control elements that transfer data and commands to and from computational devices. RTU, PLC and MTU combine sensing and control operations in a closed-loop cycle, whereas HMI provides the computational interface to moni- toring personnel. Your task is to retrieve the vulnerability instances to cyber- attacks for one of the above cyber-physical system assets.
You will shift your vulnerability analysis focus on reported instances relevant to one of the above cyber-physical system assets. Besides CVE5 and supporting CVE-Search6 you used earlier, you may also use NVD7(referring to National Vulnerability Database). NVD is a vulnerability database that is built upon and fully synchronized with CVE so that any updates to CVE appear immediately in NVD. Thus, CVE feeds NVD, which then builds upon the information included in CVE entries to provide enhanced information for each entry such as severity scores (calculated based on CVSS8 standard), and impact ratings. As part of its enhanced information, NVD also provides advanced searching features such as by OS; by vendor name, product name, and/or version number; and by vulnerability type and severity.
Task 2.1 In your CPS vulnerability report, you must provide a brief summary of retrieved vulnerabilities for one of the above CPS assets. This summary is expected to include the number of vulnerability instances in CVE and in NVD for your chosen CPS asset or product. Are the numbers consistent? If not, attempt an explanation.
Task 2.2 Choose three different but CPS-related vulnerability reports in CVE, and try to find relevant descriptive sections, followed by a short summary of the report. An illustration of extracted descriptors from a vulnerability report is shown in Figure 1.
You should thus report on the following descriptors, along with a short sum- mary:
1. ID
2. Component and version (if any))
3. Asset (or product) and version (if any))
4. Vendor 5. Vulnerability
6. Threat
For some additional reference, you can check the reports in ICS-CERT9 for the vulnerability instance CVE-2019-1353310 to evaluate the additional set of analysis information provided by ICS-CERT based on a CVE ID report, as an illustration example. Task 2.3 Discuss the CVSS base score for the above vulnerability reports. An illustration of extracted descriptors is shown in Figure 2. This CVSS version2 base score can be found in NVD using CVE-ID of the vulnerability instance. In doing so, explain the associated values for any of the reported CVSS base metrics, namely:
1. Access Vector
2. Access Complexity
3. Authentication
4. Confidentiality
5. Integrity
6. Availability

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Professional Microsoft SQL Server 2012 Administration

Authors: Adam Jorgensen, Steven Wort

1st Edition

1118106881, 9781118106884

More Books

Students also viewed these Databases questions

Question

What does an ANOV table summarize?

Answered: 1 week ago

Question

Identify who may be responsible for performance appraisal.

Answered: 1 week ago

Question

Explain the performance appraisal period.

Answered: 1 week ago