Professor Mohamed K. Kamara Ph.D. - Securing Critical Infrastructures

SECURING CRITICAL
INFRASTRUCTURES

P rofessor M ohamed K. K amara P h .D .

Copyright 2020 by Professor Mohamed K. Kamara Ph.D.

All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without permission in writing from the copyright owner.

Any people depicted in stock imagery provided by Getty Images are models, and such images are being used for illustrative purposes only.

Certain stock imagery Getty Images.

Rev. date: 03/13/2020

Xlibris

1-888-795-4274

www.Xlibris.com

811023

CONTENTS

Professor Mohamed K. Kamara earned his Ph.D. degree in Information Technology Security and Assurance. He did his coursework at George wMason University and dissertation research work at Walden University and earned his Ph.D. in 2013. Dr. Kamara earned his MSc. honors degree in Computer and Network Technology at Strayer University in 2004 and BSc. honors degree at Stavanger University Norway in Telecommunications Engineering in 1993. He also earned diplomas in electronics, software engineering, computer hardware technology and networking from respectable poly-technique institutions.

Dr. Kamara has over 20 years of teaching experience both on campus and online in Computer Science, Cyber Security, Information Technology and Mathematics course from notable Universities such as the University of District of Columbia, Stratford University where he helped developed the graduate telecommunications curriculum, American College of Commerce and Technology where he was the chairman of the graduate council and presided over the accreditation committee for ABET and developed the Computer and Information Sciences Undergraduate Program, University of the Potomac and Webster University.

In addition to his teaching experience, Dr. Kamara has several years of professional hands-on field work experience in the IT industry. He worked in all levels of IT from help desk, network administration, and IT security coordinator to Project Management. He has a deep knowledge and hands-on experience in researching, developing, analyzing and implementing new software modules and hardware devices.

Dr. Kamara had won two awards for community building in higher education and is an author of three books:

1) The Implications of Internet Usage- 2013

2) The impacts of Cognitive Theory on Human and Computer Science Development - 2016

3) Securing Critical Infrastructures - 2020

Research Area: Security Violations in cloud computing using Mathematical Modeling and Complex Analysis of Software Module (Java Applet and MATLAB)

Michael J. Piellusch (DBA, Argosy University, 2011) earned his bachelors degree in English

Literature from Fordham University. Believing in lifelong learning, he earned an MA degree in English Literature and an MBA in Data Systems (both from San Francisco State University), an MS degree in Software Engineering from National University, and an MS degree in Engineering Management and Leadership from Santa Clara University. He is a 2011 graduate of Argosy University with a DBA in International Business. He is currently an adjunct professor at University of the Potomac and a career technical writer. As a technical writer he has worked for various corporations and organizations including Control Data, Novell, Microsoft, Wind River, Polaris Networks, Information Gateways, and Ultra Electronics ProLogic. He is currently a technical editor with the U.S. Army War College Strategic Studies Institute.

Many thanks to Dr. Michael Piellusch for his volunteer to proof read and edit my work. The publication of this book wouldnt have been possible without his assistance.

To my wife and children for their rational support in the research process of this book .

This book explains the modern techniques required to protect a cyber security critical infrastructure. Three fundamental techniques are presented, namely: network access control , physical access control , encryption and decryption techniques.

The book is divided into eighteen chapters.

Chapter 1 addresses the concepts of access control in a cyber security infrastructure.

Chapter 2 explains the concepts of Information Security Policies.

Chapter 3 explores the concepts of the Potential Security Impact on Telecommunications Networks.

Chapter 4 examines the concepts of Database Security and Business Impact.

Chapter 5 describes the concepts of Cyber Security and the Healthcare Sector.

Chapter 6 probes the concepts of the Cyber Threat on Satellites Supporting Critical Infrastructure.

Chapter 7 covers the concepts of the Internet Vulnerabilities, Threats, and Risks that are overwhelmingly penetrating Cybersecurity Infrastructure without effective monitoring systems.

Chapter 8 deals with the concepts of Cybersecurity Critical Infrastructure of the Financial Services Sector.

Chapter 9 considers the concepts of Cyber-attacks on the Energy Sector.

Chapter 10 explains the concepts of Cybersecurity on Petroleum Subsector.

Chapter 11 clarifies the concepts of Encryption and Decryption Techniques in Cyber Security.

Chapter 12 explicates the concepts of Windows Encrypted File System.

Chapter 13 addresses how manufacturers of the automobiles fail to consider the security risks involved when connecting the vehicles to the internet.

Chapter 14 evaluates The Active Cyber Defense Certainty Act.

Chapter 15 depicts the problem behind Target data breach and its effects on the retail industry.

Chapter 16 futurizes on the Unmanned Aerial Vehicles Cyber-Physical Security Vulnerabilities issues.

Chapter 17 considers the issues encountering in Securing Electronic Voting Systems.

Chapter 18 navigates Cloud Computing Vulnerabilities, Risks, and Threats.

In this book, the author is eclectic in the interest of the reader to understand the significance of cyber security and the growing number of related issues. The philosophy and principles underlying the techniques used for securing organizational assets provide the framework for this book. The author does not assume that readers of this book have prior knowledge of this subject or the art of critical infrastructure architecture.

The purpose and significance of this book is to take a fresh look at the techniques, policies and procedures, guidelines, and standards that are commonly required to protect data and information in our cyber world today. These techniques and procedures are necessary in every step of securing organizational assets because of their interdependencies. This exploration includes several forms of encryptions and decryptions, policy implementations which are distinctive types of business rules that are documented for the purpose of security procedures, as well as physical and logical network control mechanisms .

Several years ago, the need for data protection was not considered as important, let alone critical. When systems were disintegrated (not networked), managers believed that hacking was impossible, even unthinkable. They were reluctant to spend money on infrastructure security. If told to do, the only question they would ask was if the system is working, why do we have to secure it? Data protection was not taken seriously before the explosion of information-handling technologies such as Smart Phones, Two-Way Pagers, Mobile Computing, Personal Digital Assistants, Bluetooth and the integration of systems, along with the emergence of social media (Facebook, Twitter, WhatsApp, Instagram, Snap Chat, team-snap, and Musically) which increasingly reminded organizations about the need for cyber security due to frequent and ever-increasing hacking instances.