Which of the following is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output?
Which of the following is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output?
The most important security objective when applying cryptography to control messages that tell an Industrial Control System (ICS) how much electrical power to output is to assure the integrity of messages. Ensuring the integrity verifies that the messages have not been tampered with or altered during transmission, which is crucial for the safe and reliable operation of the ICS. Any modification to these control messages could result in incorrect and potentially dangerous outputs, making integrity the highest priority.
Cryptography concerns confidentiality, integrity, and authentication but not availability
Cryptography does not provide integrity to messages on its own, but it can contribute to ensuring message integrity when used in conjunction with other security measures. Encryption is a process of converting plaintext into ciphertext to protect the confidentiality of the message. However, if an attacker intercepts an encrypted message, they can still tamper with the message or replace it with a different one. Encryption alone does not provide any assurance that the original message has not been tampered with. To ensure message integrity, additional measures such as message authentication codes (MACs) or digital signatures can be used in combination with encryption. MACs and digital signatures provide a way to verify that the message has not been tampered with during transmission and that it was indeed sent by the intended sender. When used in conjunction with encryption, these measures can help ensure that the message's confidentiality and integrity are maintained.
Answer is D. The most important security objective when applying cryptography to control messages for an Industrial Control System (ICS) is to assure the integrity of messages. Ensuring the integrity of control messages is critical for the safe and reliable operation of the system, as any tampering or alteration of the messages could have serious consequences, including equipment damage and physical harm to people.
D: You want to be sure that the message content "deliver 600V" is not changed to "900V" :-)
Correct answer is D because we are concerned with Integrity of the output and not availability
Did allot of research for this one. Protocol conformance would allow the ICS system to have a defined int or string. Lets say what is defined is 600V. Anything that does not match 600V would not allow the code to be ran. Because of this I am going to have to go with C.
Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)
The MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output is to assure the integrity of messages. By assuring message integrity, an attacker cannot modify the message content to instruct the ICS to produce an unsafe or unauthorized result. This is critical in industrial control systems, where safety and accuracy are paramount, and any incorrect or unauthorized action can have serious consequences.
Correct answer is D, as the ICS is running the message conformance is already in place.
C is right from another test dump and research it makes sense. The word crypto is deterring everyone but this question is about the ICS Industrial control system and how much power to output you need protocol conformance or else you're effed
In this scenario, maintaining the integrity of the messages is crucial. Cryptography, particularly techniques like digital signatures or message authentication codes (MACs), ensures that the content of the messages remains unchanged and unaltered during transmission or processing. Given the criticality of controlling electrical power output in an ICS, it's imperative to guarantee that the messages haven't been tampered with or altered maliciously.
C is the correct answer for ICS: https://resources.infosecinstitute.com/topic/ics-protocols/ ICS systems used different communication protocols (RS-232 and RS-485, Modbus, DNP3, HART, TASE 2.0 and ICCP, CIP, PROFIBUS and PROFINET, FOUNDATION Fieldbus, BACnet); exchange between different components in an industrial automation network may have various communication protocols at work; when introducing cryptography protocol conformance for messages is most important
I thought it was D (integrity) until I found this: https://resources.infosecinstitute.com/topic/ics-protocols/ Now I believe C (conformance)