Question 1: ICS Security RISK 1
One of the security risks for Industrial Control Systems is "improper use of ICS workstations". Explain in 4 sentences what is meant by this statement and explain what "improper use of ICS workstations" is?
Question 2: ICS Security RISK 2
Another ICS Security risk is "password sent over clear text". Explain in 4 sentences -- why is it more likely that password are sent over clear text in Industrial Control Systems compared to IT systems?
Question 3: ICS Security Strategy
One of the ICS Security strategies is "defense in depth". Explain within 4 sentences what is entailed in "defense in depth"?
Question 4: Security goals.
C-I-A (confidentiality, Integrity and Availability) triad is often described as the goal of securing a system against cyber attacks. However, it is said that in the context of Industrial Control Systems, the goal is A-I-C triad (Availability, Integrity, and Confidentiality). Explain in 4 sentences the reason behind this changed order of importance of the goals?
Question 5: Attack Sequence
In one of the lectures, a sequence of slides pictorially described the way an ICS system's controllers and other important assets get attacked because of the control network's connection to the enterprise network (IP-convergence). Please explain in your own words in 4 sentences that sequence of slides (pictorial demonstration of an attack sequence that starts external to the enterprise network but eventually attacks the control network assets)?