ERP Nation Cyber-Security in the U.S. Since

ERP Nation

Cyber-security in the U.S.

Since 911, Federal agencies dedicated to critical infrastructure in the United States have contributed significant allocation to upgrading cyber-systems toward risk mitigation against threat. A major challenge to this effort is the persistence of 'legacy systems' or older propriety architectures that are non-standard to command syntax. Replacement of legacy systems that were originally implemented as internal 'unique' security platforms for control of facilities, out flows of energy and engineered scientific missions, has resulted in increased standardization of information control systems architectures and their taxonomies for optimized urgent response in case of environmental disaster or terrorist attack. The new systems also allow better management of information to the end of greater data accountability, and time constraint and cost reductions.

The U.S. space agency NASA has been core to development of new frameworks of enterprise resource planning and the modernization of organizational legacy systems where manufacturers and other government entities involved as partners or suppliers to those missions are concerned. NASA's role as a scientific institution puts the Agency in a discreet position as representative of U.S. interests in space, yet separate in terms of its capacity to collaborate on international missions with other space agencies. Instrumental to the development of a variety of migration strategies, pilot projects and enterprise missions, the competence and engineering expertise derived from NASA information security architectures and models of integrated systems of distributive compliance are critical to an informed discussion on advancements in enterprise resource planning (ERP) systems since the emergence of the Department of Homeland Security, post 9/11. Critical infrastructure as defined in the U.S. PATRIOT Act of 2001 are those,

"systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters" (Shea, 2).

Industries subject to legacy reconfiguration from that period forward include a range of infrastructural resources engaged on NASA missions, including chemical and defense manufacturing sectors. Probabilistic risk is to NASA enterprises is substantial, so that a great deal of the Agency's enterprise systems support architecture is dedicated to collection and analysis of technological and random human error and its potential to cause catastrophe to launch. Here, mechanistic malfunction is at high risk of explosion. Network systems controlled jet propulsion commands are analyzed according to the garbage in and garbage out risk scenario as illustrated in Figure 1.

Figure 1

Figure 1. A schematic showing the arrangement of the valves in the main propulsion system of Mars Observer (Harland, 2005).

The dawn of sophistication in space science enterprise IT technical systems as universal framework to industrial infrastructure architecture began approximately one decade prior to the 9/11 incident and set the format for NASA's continued recommendation to legislative policy and engineering standards post that period. NASA is also responsible for piloting expert knowledge sharing databases as a means of collaboration and tracking of professional qualifications and activities in its Competency Management System (an online system that maps individuals to their competencies). Out of the CMS seed project, NASA initiated its Engineering Network (NEN) in 2005, and furthering the objectives laid forth by the Agency's Office of the Chief Engineer toward capacity building and compliance with benchmarking criteria developed in coordination with the U.S. Navy, U.S. Army Company Command, the U.S. Department of Commerce, and Boeing Corporation. The NEN network allows "peers and experts through communities of practice search multiple repositories from one central search engine, and find experts" (Topousis, D.E. et al. 2009). Simple in concept and streamlined in consideration of known actors with top level security access to proprietary information.

Also considered priority targets in the PATRIOT Act and subsequent National Strategy for Securing Cyberspace, 2003 are industrial control systems architectures used by NASA partners and suppliers of chemicals, and other combustibles such as fuel. Many of those systems are subject to supervisory control and data acquisition systems, or Distributed Control Systems (DCS) and Programmable Logic Controllers (PLC). PLC devices are automated monitoring switches for control of industrial plants, and are also used widely within manufacturing facilities. The benefit of PLC is that it offers flexibility in controls of an entire system from a central location. Networked PLC share one database and control channel manufacturing relationships such as the infrastructure of oil and gas refinement, processing to holding and distribution. The use of DCS in PLC networks is common, as the DCS synchronizes accurate control of steps within processes.

Baseline framework to ERP systems must include risk control measures that allow: 1) supervisory control; and 2) support data acquisition (SCADA) and distributive controls systems. SCADA systems are node control mechanisms implemented at the decoupling point; enhancing control of the PLC industrial channel through remote sensing of raw data and commands out of control centers. Software building blocks to industrial control systems, SCADA are utilized for monitoring and sending commands to valves and switches while simultaneously collecting data so that systems controls recognize and deploy regulated flow rates and pressures in distribution. Due to the fact that analysis and reporting on multi-scaled networks run with SCADA systems are done at centralized locations, the systems are highly vulnerable to implantation of faulty data by way of remote access. This includes dial-up and wireless modem connections officially used for systems maintenance. The propensity of hackers to deploy catastrophe with minimal resource beyond training in coding and computer systems architecture has created an almost infinite need for new protective measures that will sustain infrastructural networks as commercially available technologies advance.

Heightened attention to wireless security measures is directed at standard security protections such as alphanumeric passwords, firewalls and SSID broadcast privacy offer some provision, yet some hackers are not deterred by such measures, and unauthorized access to remote administration may still be relatively unhindered. A shift in security protocols from WEP to WPA and finally to WPA2 protected encryption formats has served to eliminate some of the risk to infrastructural networks; where hacking was previously difficult to prevent due to designated employee user accounts accessed from home offices and other public locations. Wireless networks now subject to IEEE 802.11 standards, define transmission of radio waves with either 2.4 or 5.8 GHz, radio bands in broadcast of data. Wi-Fi Protected Access and WPA improvements have increased the integrity of encryption and user authentication by way of Extensible Authentication Protocol (EAP). WPA2 now uses AES, Advanced Encryption Standard which means that low level threats are mitigated as discretionary company information is less accessible on WiFi commercial accounts.