Project 2: Nations Behaving Badly
Despite work that cyber management teams perform in regard to systems design, network security protocols, hardware and software maintenance, training, policies, implementation, maintenance, and monitoring, breaches can and do occur. In this project, you will work with a team of other cyber professionals to analyze and respond to anomalous network activities.
The graded submission for Project 2 is a packaged deliverable to the CISO about risk and network intrusion, to be completed as a team. The deliverable to the CISO will include the following five parts:
Cybersecurity Risk Assessment including Vulnerability Matrix
Incident Response Plan
FVEY Indicator Sharing Report
Final Forensic Report
The project will take 15 days to complete. After reading the scenario below, proceed to Step 1, where you will establish your team agreement plan.
The US reports data exfiltration has been detected in the IDS (intrusion detection system). All nations will perform forensic analysis and collect corroborating information to identify the bad actor.
Prior to the summit, your nation team was tasked with setting up its own independent secure comms network. Now, at 3 a.m., just hours before the summit begins, you receive a text message from your CISO that reads: “I need to meet with the team immediately about an urgent matter. Please come to the conference room next to my hotel room now so we can discuss it.”
You quickly dress and head to the conference room. When you arrive, she breaks the news to your team: The nation hosting the summit has detected data exfiltration in its IDS (intrusion detection system). It is likely that this pattern of network traffic could also result in buffer overflows or other attacks such as denial of service. Each nation’s server is at risk.
“The report shows that the pattern of network traffic is anomalous,” says the CISO. “And the point of origin is internal. Someone at the summit is involved in this.”
Given the nature of the summit, participants understand that all nations have a common goal. “None of the FVEY members would have done this,” says a colleague. “It’s got to be the Russians or the Chinese. Friends don’t read each other’s mail.”
The CISO says, “No one is above suspicion here. Our FVEY partners have been known to both collect intelligence and seek to embarrass other partners when it suited their strategic needs. It could have been anyone. Until we know for sure, though, we will continue to regard them as allies.”
Leaders of the nations at the summit agree they all need to perform forensic analysis on their respective systems to identify the bad actor.
Your CISO continues. “Let’s get to the bottom of this. We’re all familiar with data exfiltration attacks; do you think that’s part of what we’re dealing with here? Or do you think there’s more? Use our packet sniffing tools to analyze the network traffic. Additionally, we need to identify attack vectors and attributes. Give me any information you can find on the tools, techniques, and the identity of this bad actor. Also, establish an incident response plan that we can use in case of another cyber event.”
“Our systems went down due to this attack. We need to examine the service-level agreement to see what it will take to get the summit back up and running. After our analysis, we need to quickly let our allies know how to protect their networks through an indicator sharing report.
“Remember, no one is above suspicion—not even our allies. Got it?”
Everyone nods in agreement. The CISO says, “Good. Now get to work. I’m going to try to go back to sleep for a few hours.”
When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.
Project 2: Nations Behaving Badly
Step 1: Establish Team Agreement Plan
As a part of your nation team, an agreement needs to be established in order to work efficiently on each project. Begin by revisiting your current team agreement document, which includes a suggested schedule for project completion. Update your team agreement with roles and assignments for this project. Your team will use this document as a guide to establish a plan for completing and submitting the group tasks. When you have completed the plan, resubmit it for review in the dropbox below.
In the next step, you will identify attack vectors.
Step 2: Identify Attack Vectors
You and your nation state have just suffered an intrusion attack. As a cybersecurity professional, one of the first steps is to identify potential attack vectors. For each known cybersecurity vulnerability and known threats (addressing cybersecurity threats through risk management, international cybersecurity approaches, you and your team members need to identify attack vectors via information systems hardware, information systems software, operating systems (operating system fundamentals, operating system protections), telecommunications (internet governance), and human factors (intrusion motives/hacker psychology). Then, you must determine if any attribution is known for the threat actor most likely involved in exploiting each weakness.
Review the materials on attack vectors if a refresher is needed. Once you’ve identified the attack vectors in this step, you will be able to participate in the next step, in which you will discuss your findings with colleagues and compare the findings with their analyses.
Step 3: Discuss Attack Vectors and Known Attribution
In light of your research in the last step, you will now use your group’s discussion board to share your thoughts with other members of your nation team. Review the findings of classmates in your group, noting points of agreement or disagreement, asking critical questions, and making suggestions for improvement or further research.
You should research incidents of known attribution of the hackers and actors who employ the attack vectors previously discussed by your group. This step provides a variety of options and perspectives for your group to consider when drafting the Attack Vector and Attribution Analysis in the next step.
This step also provides the foundation for research into known attribution, which will help you to discern the motivation for intrusion as well as the identity of the hackers and actors who employ the attack vectors noted.
Step 4: Analyze Attack Vectors and Known Attribution
You’ve discussed attack vectors and attribution with your nation state team members. In this step, your group will prepare an Attack Vector and Attribution Analysis of your group’s findings in the previous steps. The analysis should first identify all possible attack vectors via hardware, software, operating systems, telecommunications, and human factors. Next, you should discuss whether attribution is known for the threat actor (hackers and actors) likely involved in exploiting each weakness. Integrate supporting research via in-text citations and a reference list. This analysis will play a key role in the development of a Vulnerability Assessment Matrix and Cybersecurity Risk Assessment in the next few steps.
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we\'ll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.