Exam CAS-004 topic 1 question 303 discussion

This one is funny because the question is clearly referencing Stuxnet which famously jumped and air gap due to user behavior. The malware modified the RPM to cause the refinement of nuclear material to fail and damage the centrifuge. So, the answer is B but that did not work.

The best solution to prevent a side-channel attack in the future, given the scenario, would be B. Air gapping important ICS and machines. Air gapping is a security measure that involves isolating a computer or network and preventing it from establishing an external connection. This means that an air-gapped system does not connect to the internet or to other systems that are connected to the internet. In the context of a SCADA system, this would prevent an attacker from being able to access the system remotely, thereby significantly reducing the risk of a side-channel attack.

Air gapping important ICS and machines (Option B) would be the best solution to prevent a side-channel attack in the future. Air gapping involves physically isolating a computer or network and preventing it from establishing an external connection. For example, an air-gapped computer is not connected to the internet or to any other systems that are connected to the internet. This makes it extremely difficult for an attacker to access the system and carry out attacks like the one described. While other solutions like installing online hardware sensors (Option A), implementing a Host-based Intrusion Detection System (HIDS) (Option C), and installing a Security Information and Event Management (SIEM) agent on the endpoint (Option D) can also provide certain security benefits, they do not directly address the specific threat of side-channel attacks.

Air gapping important ICS and machines. This is because removing the possibility of remote access to sensitive systems is a direct counter to the described attack.

B appears to be the correct answer