Problem
Supply chain cyber-attacks, like the SolarWinds attack that directly impacted federal agencies or the ransomware attacks on the city of Boston that resulted in an estimated $18.2 million price tag, have demonstrated the expansive consequences that can occur from unsecured critical access points that lead to critical assets, such as systems, networks, infrastructure, data, applications, and sensitive information. Governments are full of these mission-critical systems and information, like private citizen data (e.g., social security numbers and tax information) and manage critical infrastructure and emergency services like police and fire (both the systems and records for those services). These types of infrastructure and information are some of the most targeted assets hackers will go after, and they set their sights on local government all too frequently.
As a security analyst that's part of the security team Critical Insight (CI) through PISCES, your team has been informed by high-ranking officials that a foreign, government-based cyberattack group is suspected of hacking into computers that operate the municipalities services to probe and map the network. Group members most likely originate from a Chinese-based APT, are well-funded and well-equipped, and are capable of a large-scale attack. The officials have intelligence that indicates the group may be planning to install malicious software within the municipality's computer network to, at some point, disrupt services to the municipality.
Task
For this part of the project, perform the following tasks:
Perform research and write a report that:
i. Describes three supply chain security management issues that could affect municipality services and private citizen data.
ii. Includes a list of five information sources and their URLs (e.g., Computer Network Defense vendor sites, Computer Emergency Response Teams, and so on) that would help grid operators maintain currency of computer network defense threat conditions and determine which security issues may have an impact on the municipal network.