You will need to review the hardware, software, vertical, information and/or system for vulnerabilities. A few examples are listed below for your reference but may not apply specifically to your project assignment.
Typical Control System Architecture and Components
Contained / Interconnected Trusts, Wide Area / Local Area
Proprietary / Standardized
Types of Monitoring Sensors and Devices Controlled
Administrative software, user passwords, fuzzing tools
Communication Analysis
What communication protocols are used (Specific RF, OSI Layer 2/3, WAN/LAN)
How does your topic protect the communication channels?
Protocol analysis (secure/insecure channels, control bits)
Associated Vendors and/or Governing Entities
Provide a list of governing entities, hardware and software vendors, and integrators (International)
Is this specific topics control system cyber assets regulated by the government?
Vertical awareness to cybersecurity
Do the associated vendors and/or government entities have a security domain listed on their homepage (the actual word security associated with cyber) and/or a subdomain of security www.company.com/security associated with cyber)? Include Yes / No responses to both.
Are there any cybersecurity regulations, standards or guidance directly applicability to the vertical?
Known Vulnerabilities
Did you identify any known cyber or physical-cyber vulnerabilities described publicly pertaining to your topic?
Public Information
Attempt to find items of information made publicly available through a search engine (ie. BING or Google) that you consider to be sensitive. Please a description of the information, why you consider it to be sensitive and the location on the Internet.
