Running Head: Case Study 1: Stuxnet and U.S. Incident Response 2
Stuxnet and U.S. Incident Response 2
Case Study 1: Stuxnet and U.S. Incident Response
Trevor Terry
CIS359 Disaster Recovery Management
Professor Kevin Jayne
October 21, 2018
The United States has a cyber emergency response team that is called the United States Computer Emergency Readiness Team (US-CERT). This group falls under the U.S. Department of Homeland Security division of National Cybersecurity and Communications Integration Center (NCCIC) and their mission “is to reduce the risk of systemic cybersecurity and communications challenges in our role as the Nation’s flagship cyber defense, incident response, and operational integration center” (U.S. Department of Homeland Security, 2018). US-Cert operates on a 24-hour basis and monitors for any potential threat. Information is collected by US-CERT and then works with their private and public partners who have control over industrial and commercial infrastructure and responds to events to reinforce U.S. security in the industrial realm (U.S. Department of Homeland Security, 2018).
When Stuxnet a malicious computer worm was found on computer systems in a U.S. based manufacturing facility, US-CERT sent its Industrial Control Systems Computer Emergency Response Team (ICS-CERT) to deal with the situation quickly. The ICS-CERT reported that the virus was found on computers worldwide in 2010 (Ferran, 2012). ICS-CERT conducted an onsite response, identified all equipment that was infected and removed the malware from the control system network. It was reported that the virus may have been created by a non-nation state and had the U.S. and Iran atop of that short list according to a congressional report and cyber experts (Ferran, 2012). US-CERT has been responding to numerous sites since the Stuxnet event. In 2011 the incident response tickets went from 41 in 2010 to 198 in 2011 and responded to 7 onsite responses down by one from the 8 in 2010 (U.S. Department of Homeland Security, 2018). US-CERT goes through the reported incident tickets and responds to an onsite event by priority (Ferran, 2012).
ICS-CERT went to a power company back in 2012, when it was determined that the power companies industrial control system had become infected with malware. There was another organization that reported that there was a virus in its turb...