CUSTOMER SATISFACTION WITH LEGACY SYSTEMS

Customer Satisfaction with Legacy Systems



Customer Satisfaction with Legacy Systems

Introduction

This paper begins by Analyzing the users' grade of satisfaction in relative to factors associated with data security and risks in an organization.It then relates countermeasures for decreasing those risks. A structure for balancing the countermeasures against the threats over time, granted restricted resources, is proposed. Finally a functional form is demonstrated which allows the architect of an data security risk principle to goal a desired grade of risk.

Information Security

How difficult is it for a person or persons with evil intent to break into the IT system of an infrastructure provider such as an electrical utility, a transportation control center, or a health provider? First readers should understand that no IT system is infallible. There are hundreds if not thousands of known methods and tools for attacking information technology systems. These methods exploit vulnerabilities, i.e. weaknesses in hardware, software, and people. (Proctor,2004)

Examples of these tools include scanners, script kiddy tools, sniffers, and rootkits. A scanner tool such as SuperScan looks for open “ports” (like open windows in a house) on a machine such as a network server. When a port is found the attacker is alerted. The attacker can then use the open port to explore the machine. If a program such as Trivial File Transfer Program (tftp.exe - often installed by default with the computer) is on the machine then the intruder can deposit a “Trojan horse” piece of software such as Back Orifice 2K (BO2K). Pieces of software like BO2K are known as “script kiddy” tools because they simple to use. Even a fairly naïve user can craft harmful attacks with them. An insider can run a sniffer such as Ethereal from any computer on a network. The program is configurable to sit and wait for a user to log on and then grab their password. 

End Users

Given that many threats to general networks exist, what impact might this have on the specific types of Control Systems (CS) such as Supervisory Control and Data Acquisition (SCADA) Networks used by critical infrastructure organizations? Aren't these systems typically more isolated and have specific versus general purposes?  In this paper we will refer henceforth to the entire “operational” systems used by infrastructure organizations as SCADA. In truth there is an alphabet soup of many IT elements within this umbrella. These include sensors, valves, logic controllers, switches, intermediate “intelligent” devices, communications lines as well as full-scale computers and computer networks. Since the early 1990s there have been many movements toward standardizing protocols for SCADA Systems. (Zorz,,2003)

There are two general areas where different types of vulnerabilities exist in control systems. The first is in legacy systems, which are patchworks of controls put in place over decades of IT materialization. The second is the newer emergent systems that are focused upon standard configurations. The good news for the much older legacy control equipment is that these systems are relatively safe from attack by ...