SY202 HW08: Industrial Control Systems and Cyber Security Flashcards

Flashcards based on the SY202 HW08 lecture notes about Industrial Control Systems and Cyber Security.

T/F: Industrial Control Systems integrate IT systems to regulate physical processes.

True. Industrial Control Systems integrate IT systems to regulate physical processes.

Which of the following is NOT a consideration when operating ICS?

None of the above (i.e., all choices should be taken into consideration)

In the 3-tier model, which zone is the less frequently updated?

Field Zone

In the 3-tier model, which zone has the least amount of cyber security measures?

Field Zone

In which zone are you most likely to find PLCs?

Field Zone

In which zone are you most likely to find Engineering Workstations and Human-Machine Interfaces?

Control Zone

T/F: SCADA systems are physically constrained to a single site.

False. SCADA systems are often geographically dispersed, unlike systems constrained to a single site.

Which pillar of cyber security is less relevant for control systems?

Confidentiality

T/F: A cyber attack campaign starts by gathering publicly available information.

True. Gathering publicly available information is a typical first step in a cyber attack.

Which is NOT a good resilient control measure to increase cyber security in an ICS?

Add remote access to the network for trouble shooting purposes

T/F: Transmission delays, data losses, and cyber attacks are cyber threats to Networked Control Systems.

True. Transmission delays, data losses, and cyber attacks are examples of cyber threats.

T/F: State-awareness refers to the ability of the control system to safely operate despite cyber threats.

False. State-awareness refers to the ability of the control system to safely operate and maintain a good performance despite the presence of any cyber threat.

Jamming or blocking a sensor signal is an example of what type of attack?

Denial of Service Attack

T/F: Controllers, sensors, and communication systems are part of the surface of attack of Industrial Control Systems.

True. Controllers, sensors, and communication systems are part of the surface of attack of Industrial Control Systems.

T/F: Sharing information among sensors, actuators, and controllers makes NCS difficult to hack.

False. Sharing information makes NCS easier to hack.

Stuxnet was an example of what type of attack?

Deceptive Attack

T/F: There is ABSOLUTELY no way of making a NCS 100% secured against intruders.

True. There is ABSOLUTELY no way of making a NCS 100% secured against intruders.

T/F: The ICS Cyber Kill Chain is divided in two stages.

True.The ICS Cyber Kill Chain is divided in two stages.

T/F: Encryption can increase the integrity of data while degrading availability.

True. Encryption can increase the integrity of data in a control system at the expense of degrading availability of data.

T/F: Denial of Service attacks are easier to execute but also easier to detect.

True. Denial of Service attacks are, in general, easier to EXECUTE. However, they are also easier to DETECT.

Which stage of the ICS Cyber Kill Chain contains any cyber intruder action that causes intentional physical harm?

Stage 2 of ICS Cyber Kill Chain

T/F: Redundancy is a good cyber security measure.

True. Having redundancy on your system is an example of a good cyber security measure.