Cybersecurity and Safety Protective System for Industrial Facility
Student’s Name
Institutional Affiliation
Course
Instructor
Due Date
Cybersecurity and Safety Protective System for Industrial Facility
Table of Contents
Contents Pages
2.0 Project Goals and Objective. 4
4.0 Work Breakdown Structure. 6
5.0 Development of Schedule. 8
7.0 Quality Management Plan. 14
8.0 Resource Management Plan. 15
List of Figures
List of Tables
Table 1. Work Breakdown Structure. 7
Table 2. Project milestones. 8
Table 3. Sequencing of project tasks and activities. 9
Table 4. Duration in each phase required to deliver each set of milestones. 10
Table 6. Budget of system development 14
1.0 Introduction
The food processing industry is growing rapidly in the United Arab Emirates, as it seeks to become food secure and diversify its economy. Because of having a harsh climate and lacking sufficient arable land, the United Arab Emirates has invested heavily in technology to produce and process food efficiently and cost effectively for the rapidly expanding population. The food processing sector in the United Arab Emirates imports bulk and intermediate agricultural products worth $2.5 billion (Food Export Association, 2022). Consequently, the large food processing facility in the country is highly automated and uses sophisticated technologies, which is in line with the country’s ambition to become a technological hub in the region and worldwide. In turn, the advanced technology in the food processing industry generates, uses, and stores vast amounts of critical information that would be valuable to competitors within and beyond the country. In addition, that information is valuable to unscrupulous individuals and groups that intend to make quick money and damage the reputation of the food processors for diverse reasons, including monetary gain, political mileage, or settling business conflicts. Therefore, highly-automated industrial facilities are susceptible to cyberattacks, which can compromise their operations and even ground the firm entirely (Valaskova et al., 2020). The attacks often come in from malware, denial-of-service attacks, phishing, ransomware, hacking, SQL injection attacks, password attack, man-in-the middle attack, and cross-site scripting attack (Melnick, 2022). Unfortunately, these attacks cost companies huge amounts of money in addition to interruptions in production. The monetary cost of cyberattacks in 2020 ranged between $24,000 and $504,000 for small firms and enterprise level companies respectively (Guim, 2021). For instance, a meatpacking company in Brazil had to pay $4.4 million following a ransomware attack in 2021, with additional loss of revenue when its operations were interrupted (Guim, 2021). More worrisome is that cyberattacks targeting manufacturing facilities are increasing at an alarming rate. For instance, NTT’s Global Threat Intelligence Report indicated that the sector experienced a 300% increase in cyberattacks between 2019 and 2020 (Millman, 2021). Therefore, it is imperative and urgent that the food processing plant in the United Arab Emirates is protected against cyberattacks.
This project aims at developing and implementing a cybersecurity and safety protective system for a large food processing facility in the United Arab Emirates. The food processing industry was selected because of its importance to UAE’s economy and the fast growth it is experiencing currently. Besides, the food processing industry is exposed to fierce competition from local and international firms intending to capitalize on the high demand for good globally. The project will outline the goals and objectives, scope, work breakdown structure, cost management plan, quality management plan, and resource management plan.
2.0 Project Goals and Objective
2.1 Project Goals
The goal of this project is to develop and implement a cybersecurity and safety protective system for a highly automated food processing facility in the United Arab Emirates. The food processing facility requires a robust cybersecurity and safety protective system to prevent loss of information and protect the facility from cyber-attacks. Automated processes are susceptible to attacks on their software, which can be introduced physically or remotely by unscrupulous agents (Finogeev & Finogeev, 2017)). Such an attack would be detrimental to the food processing plant because it would cause the automated systems to malfunction. The attack may also cause the automated systems to cease running thus stalling the food processing. Therefore, the cybersecurity and safety protective system should detect and prevent any malicious interruption of operations. Besides, the automated systems generate much data, which can be stolen. In this regard, the cybersecurity and safety protective should detect unauthorized access and prevent unauthorized retrieval and removal of data. Moreover, the cybersecurity and safety protective system should alert the food processing facility’s information system administrators its top level executives.
The cybersecurity and safety protective system should be running at the food processing facility within four months. The system should run integrated with the existing automated system. Therefore, a team of local information and communication experts at the firm and a third-party software developer will work collaboratively to develop and deploy a robust cybersecurity and safety protective system. In the end, the cybersecurity and safety protective system is expected to secure the automated systems and digital information, and guarantee the seamless functioning of the facility without undue interruptions.
2.2 Project Objectives
The objectives of this project are
- Develop a software that secures information from intentional and unintentional loss
- Develop a system that limits access to different people based on their authority at the firm and need-to-know status
- Develop a system that secures the facility from cyberattacks
3.0 Project Scope
The project scope articulates the work needed to complete a project. In this case, the project scope is the tasks and activities that will need to be undertaken to develop and deploy a cybersecurity and safety protective system at the food processing facility (Kerzner, 2019). Therefore, the project scope focuses on the features of a product needed to meet the stakeholders’ requirements and expectations.
This project will focus in the development of a protective system to be deployed in the food processing facility in the United Arab Emirates. The facility already has several other automated and information systems that control the procession of different foods by controlling the automated equipment. These systems use programs and software to automate these processes. Besides the systems generate large amounts of information that is considered intellectual property, which is valuable to the food processing facility. Therefore, the cybersecurity safety protective system will be connected to these systems to prevent their failure by sabotage and loss of valuable data, and loss of production. The food processing facility will not develop the cybersecurity and safety protective system from scratch; rather it will procure a functional cybersecurity and safety protective system from a reputable vendor and modify or customize it to fit the security and safety needs of the facility. This procured system will be customized to address the unique facility needs and become integrated in the existing food processing automation system. Similarly, the project will not modify the existing food processing system or the information management system already existing at the facility. Therefore, according to this scope, the project will confine its activities to producing and implementing a cybersecurity and safety protective system that can be integrated into the existing food production and information management systems.
4.0 Work Breakdown Structure
A work breakdown structure (WBS) is a visual representation of the deliverables in a project. It is hierarchical listing of project activities because it outlines the order and hierarchy of achieving the milestones of the project. In the WBS, the entire work of a project is broken down to manageable and measurable tasks that can be assigned to the individuals and task teams forming the project team (Kerzner, 2019). Therefore, the WBS also details which individuals are responsible for complete each if the tasks in the project. The project will be implemented in five phases; initiation, planning, execution, monitoring and control, and completion. Therefore, the activities are grouped according to the project phases, although they may not necessarily follow that order during execution. The WBS of the cybersecurity and safety protective system is detailed in table 1.
Table 1. Work Breakdown Structure
| No | Phase | Activity | Smaller tasks |
| 1 | Initiation | Define project goals | Initiating projectDefine project goals |
| Create a business case for the a cybersecurity and safety protective system | Identify the benefits of the a cybersecurity and safety protective system Identify detriments of the systemCompare the benefits and detriments | ||
| Prepare project charter | Describe project and its goalsConduct a risk analysisIdentify the limits and boundaries of the projectPrepare signed charter document | ||
| Identify and define project stakeholders | Identify stakeholdersDefine stakeholders’ roles | ||
| 2 | Planning | Defining of project scope | Scope planningScope definitionScope documentationScope change management |
| Create project plan | Determine project requirementsEstimate costsIdentify critical success factors | ||
| Prepare budget | Identifying cost pointsAllocating cost for each activityCompiling the budgetGetting budget approval | ||
| Selection of project team | Identifying and engaging a project managerConstituting the project teamAssign tasks to project team members | ||
| 3 | Execution | Allocating resources | Assigning resources according to WBS and budget |
| Developing system | Designing the systemModifying the procured system | ||
| Implementing system | Connecting the system to the existing onePilot testing the systemDebugging systemCorrecting connectivity and compatibility issuesRetesting the systemRolling out the system | ||
| 4 | Monitoring and control | Tracking project progress | Checking project timelines against project planAdjusting implementation plan |
| Tracking system performance | Identifying security threat preventedDetermining frequency of threats preventedIdentifying threats not preventedTweaking threat detection capabilitiesGenerating threats and attack report | ||
| 5 | Completion | Commissioning system | Preparing system operation manualHanding over the system to the clientHanding over project documentation Getting project approved by the client |
| Closing project | Documenting lessons learnedDisbanding project team |
Each of these major tasks has a milestone that is measurable and time bound. In addition, the major activities comprise several smaller tasks that are manageable and measurable against the assigned individuals and teams. The smaller tasks in each major deliverable are listed in smaller tasks column of the WBS in table 1.
5.0 Development of Schedule
A project schedule is a timetable showing all the tasks to be undertaken in a project from its beginning to the end when the project finally closes after commissioning, and the project team is disbanded. In addition, the timetable stipulates the resources and due dates of each milestone. It also identifies the protect team members assigned to be responsible to each task. The milestones to be realized are organizes against the project phases, as illustrated in table 2.
Table 2. Project milestones
| Project phase | Milestones |
| Initiation | Project charter |
| Planning | Project scope documentation Budget Project team |
| Execution | Budget Customized cybersecurity and safety protective system |
| Monitoring and control | Performance reportMid-term evaluation |
| Completion | Final evaluation System operation manualProject documentationlessons learned |
5.1 Sequencing
This is the identification and documentation of the relationships between the different activities in a project. In this regard, the tasks are ordered in their order of execution by identifying the tasks that come before and after each activity. In addition, the task dependencies are identified to determine which activities can be performed simultaneously to reduced time and cost of the project. For instance, constituting the project team can be conducted while the project and its goals are being defined and business case is being made. Similarly, the commissioning of the project can be performed alongside documenting the lessons learned and disbanding the project team. Such bungling of activities and tasks will help reduce the overall time used to complete the entire project, thus reducing possible time and budget overruns. The sequence of the different tasks to be performed in the cybersecurity and safety protective system project is outlined in table 3.
Table 3. Sequencing of project tasks and activities
| Task ID | Activity | Duration (Days) | Immediate predecessors |
| A | Initiating project | 0 | |
| B | Describe project and its goals | 1 | A |
| C | Build a business case | 1 | B |
| D | Constitute the project team | 4 | A,B,C |
| E | Conduct a risk analysis | 4 | D |
| F | Identify the limits and boundaries of the project | 1 | D |
| G | Prepare signed charter document | 5 | D |
| H | Identify stakeholders and their roles | 2 | G |
| I | Scope definition | 5 | G,H |
| J | Estimate costs | 2 | I |
| K | Identify critical success factors | 2 | I |
| L | Compile the budget | 5 | I,J,K |
| M | Assigning resources according to WBS and budget | 2 | L |
| N | Designing the system | 20 | M |
| O | Modifying the procured system | 20 | M |
| P | Connecting the system to the existing one | 10 | N,O |
| Q | Pilot testing the system | 10 | P |
| R | Debugging system | 5 | Q |
| S | Resolving connectivity and compatibility issues | 5 | Q |
| T | Retesting the system | 5 | R,S |
| U | Rolling out the system | 10 | T |
| V | Preparing mid-term report | 5 | U |
| W | Evaluating the system | 5 | U |
| X | Training personnel | 20 | U |
| Y | Commissioning the project | 1 | W,X |
| Z | Documenting lessons learned | 2 | Y |
| AA | Disbanding project team | 1 | Y,Z |
| AB | Project closure | 0 | Z,AA |
5.2 Duration
This is the time that every task in the project will take to be completed, including the time the entire projects will be completed. In this project, the cybersecurity and safety protective system development and implementation is expected to take four months. However, the activities of the development and implementation of the cybersecurity and safety protective system are broken down to illustrate the main activities and the time it will take to achieve the several project milestones. Each project phase has critical milestones to be attained before embarking on the next phase. The deliverables in each milestone may be in form of signed documents, contracts, and reports, which are tangible, or evidence of completion of a set of tasks and approval by a supervisor or manager.
Table 4. Duration in each phase required to deliver each set of milestones
| Project phase | Milestones | Deliverable | Duration (weeks) |
| Initiation | Project charter | Document | 2 |
| Planning | Project scope documentation Budget Project team | DocumentsTeam list | 3 |
| Execution | Cybersecurity and safety protective system | Report | 8 |
| Monitoring and control | Performance reportMidterm evaluation report | reports | 2 |
| Completion | Final evaluation reportSystem operation manualProject documentationlessons learned | reportmanualdocuments | 1 |
| Total | 16 |
5.3 Critical Path
The critical path indicated the minimum time required to deliver a completed project. It comprises the longest path from the start to finish of a project in terms of time. The critical path for the development and implementation of the cybersecurity and safety protective system is illustrated in figure 2. This critical path outlines the relationship between the different project activities and the minimum time it will take to perform each task, which will depend on the task relationships identified in the WBS, the project schedule, and the project sequencing. In figure 2, the critical path is displayed by the red arrows.
Figure 1. Critical path
Key: The circles represent activities containing task ID and time (t) in days
Red: critical path arrow and cumulative time
The Gantt chart is prepared once the project scheduling is complete. It utilizes the information obtained from the sequencing table and critical path diagram. The Gantt chart visualizes what the sequencing table has summarized. The project’s Gantt chart is presented in table 5.
Table 5. Gantt chart
| Activity | Duration (weeks) | ||||||||||||||
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 11 | 12 | 13 | 14 | 15 | 16 | |
| Initiating project | |||||||||||||||
| Describe project and its goals | |||||||||||||||
| Build a business case | |||||||||||||||
| Constitute the project team | |||||||||||||||
| Conduct a risk analysis | |||||||||||||||
| Identify the limits and boundaries of the project | |||||||||||||||
| Prepare signed charter document | |||||||||||||||
| Identify stakeholders and their roles | |||||||||||||||
| Scope definition | |||||||||||||||
| Estimate costs | |||||||||||||||
| Identify critical success factors | |||||||||||||||
| Compile the budget | |||||||||||||||
| Assigning resources according to WBS and budget | |||||||||||||||
| Designing the system | |||||||||||||||
| Modifying the procured system | |||||||||||||||
| Connecting the system to the existing one | |||||||||||||||
| Pilot testing the system | |||||||||||||||
| Debugging system | |||||||||||||||
| Resolving connectivity and compatibility issues | |||||||||||||||
| Retesting the system | |||||||||||||||
| Rolling out the system | |||||||||||||||
| Preparing mid-term report | |||||||||||||||
| Evaluating the system | |||||||||||||||
| Training personnel | |||||||||||||||
| Commissioning the project | |||||||||||||||
| Documenting lessons learned | |||||||||||||||
| Disbanding project team | |||||||||||||||
| Project closure |
6.0 Cost Management Plan
The new system being developed will require resources, which have financial implications. The aim of the cost management plan ensures that the project expenditure is within budget and cost overruns are avoided. In this project, the budget proposal has a 5% variability to allow for subtle changes when the actual project is underway. In addition, a speedy bidding system will be used to identify the most cost effective procurements and suppliers rather than employ the single-sourcing approach, which constraints the project in case one supplier fails to deliver.
The budget of the project is provided in table 6.
Table 6. Budget of system development
| Item | Cost estimate ($) |
| Salaries | 200,000 |
| Internet | 3,000 |
| Transport | 2,000 |
| Cite visits and meetings | 2,000 |
| Insurance | 1,485 |
| Hiring consultant | 6,500 |
| Hiring contractor for system development | 30,500 |
| Procuring a cybersecurity and safety protective system | 6,500 |
| Procuring system hardware | 50,000 |
| Hiring lawyer | 5,000 |
| Electricity bill | 2,000 |
| Training | 25,000 |
| Printing and binding | 1,500 |
| System maintenance, support, and upgrade | 21,000 |
| Contingencies | 20,000 |
| Total | 376,485 |
7.0 Quality Management Plan
The aim of this project is to develop a high-quality cybersecurity and safety protective system. Therefore, quality must be assured and maintained at every step of system development and implementation. Therefore, continuous and consistent quality monitoring and control is critical at every project phase and milestone. In this project, quality will be guaranteed using the critical success factors, which outline the outcome and their acceptable quality against a given standard (Vrchota, et al. 2020). In this regard, the critical success factors set for this project include, number of cyberattacks detected, types of cyberattacks detected, number of cyberattacks prevented, number of successful cyberattacks, and frequency of system upgrades.
8.0 Resource Management Plan
This project requires several diverse resources. These include financial resources, equipment, and human resources (Meredith, Shafer & Mantel Jr, 2017). The financial resources are outlined in the budget. The equipment needed in the project include the computer hardware and software needed to run the cybersecurity and safety protective system. The hardware comprises servers, routers, modems, user terminals, backup power supply, cables and connectors. The human resources include the internal employees allocated to the project and external experts skilled in developing and implementing cybersecurity and safety protective systems and those that will support the project team as it works of developing and implementing the cybersecurity and safety protective system. These include highly qualified system developers, technicians, drivers, and caterers, a lawyer, a consultant, and a vendor.
9.0 Conclusion
This project set out to develop and implement a cybersecurity and safety protective system for a large food processing facility in the United Arab Emirates. The need to develop and implement the system was prompted by the severity and frequency of cyberattacks on manufacturing facilities, which were increasing at an alarming rate, and threatening the operations of the firm. According to the project plan, the system should be running at the facility within four months. This report has outlined the various components of the projects that will ensure that is it completed on time and within the set budget. All the aspects of prudent project management were employed when developing this report. In the end, it is expected that this project will yield valuable lessons to clients, organizations, project teams working on cybersecurity projects.
References
Finogeev, A. G., & Finogeev, A. A. (2017). Information attacks and security in wireless sensor networks of industrial SCADA systems. Journal of Industrial Information Integration, 5, 6-16.
Food Export Association (2022). United Arab Emirates (UAE) country profile. Retrieved from https://www.foodexport.org/export-insights/market-and-country-profiles/united-arab-emirates-country-profile#/.
Kerzner, H. (2019). Using the project management maturity model: Strategic planning for project management. John Wiley & Sons.
Melnick, J. (2022). Top 10 most common types of cyber attacks. Netwirx. Retrieved from https://blog.netwrix.com/2018/05/15/top-10-most-common-types-of-cyber-attacks/.
Meredith, J. R., Shafer, S. M., & Mantel Jr, S. J. (2017). Project management: A strategic managerial approach. John Wiley & Sons.
Millman, R. (2021). Cyberattackson manufacturing up 300% in a year. IT Pro, retrieved from https://www.itpro.com/security/359492/cyber-attacks-on-manufacturing-up-300-in-a-year#:~:text=The%20company’s%202021%20Global%20Threat,from%20just%2011%25%20in%202019.
Valaskova, K., Throne, O., Kral, P., & Michalkova, L. (2020). Deep learning-enabled smart process planning in cyber-physical system-based manufacturing. Journal of Self-Governance and Management Economics, 8(1), 121-127.
Vrchota, J., Řehoř, P., Maříková, M., & Pech, M. (2020). Critical success factors of the project management in relation to industry 4.0 for sustainability of projects. Sustainability, 13(1), 281.