You are part of a collaborative team that was created to address cyber threats and exploitation of US financial systems critical infrastructure. Your team has been assembled by the White House Cyber National security staff to provide situational awareness about a current network breach and cyber attack against several financial service institutions. Your team consists of four roles, a representative from the financial services sector who has discovered the network breach and the cyber attacks. These attacks include distributed denial of service attacks, DDOS, web defacements, sensitive data exfiltration, and other attack vectors typical of this nation state actor.
A representative from law enforcement who has provided additional evidence of network attacks found using network defense tools. A representative from the intelligence agency who has identified the nation state actor from numerous public and government provided threat intelligence reports. This representative will provide threat intelligence on the tools, techniques, and procedures of this nation state actor. A representative from the Department of Homeland Security who will provide the risk, response, and recovery actions taken as a result of this cyber threat.
Your team will have to provide education and security awareness to the financial services sector about the threats, vulnerabilities, risks, and risk mitigation and remediation procedures to be implemented to maintain a robust security posture. Finally, your team will take the lessons learned from this cyber incident and share that knowledge with the rest of the cyber threat analysis community.
At the end of the response to this cyber incident, your team will provide two deliverables, a situational analysis report, or SAR, to the White House Cyber National security staff and an After Action Report and lesson learned to the cyber threat analyst community.
Tasks
1. Security Assessment Report (SAR): This report should be a 14-15 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
2. After Action Report (AAR): This report should be a 10-15 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
3. This is a 5-8 slide PowerPoint presentation for executives along with a narrated or In-Class Presentation summarizing your SAR and AAR report.
Representative task:
• Financial Services Representative.
- Description of the impact the threat would have on the financial services sector.
• Law Enforcement Representative.
- Description of the impact the threat would have on the law enforcement sector.
• Intelligence Agency Representative.
- Provide intelligence on the nation-state actor, their cyber tools, techniques, and procedures. Leverage available threat reporting such as from FireEye, Mandiant, and other companies and government entities that provide intelligence reports.
• Homeland Security Representative.
- Use the US-CERT and other similar resources to discuss the vulnerabilities and exploits that might have been used by the attackers.
To be completed by all team members:
• Assessing Suspicious Activity.
- Leverage the network security skills of using port scans, network scanning tools, and analyzing Wireshark files, to assess any suspicious network activity and network vulnerabilities.
• Financial Service.
- Provide submissions from the Information Sharing Analysis Councils related to the financial sector. You can also propose fictitious submissions. Also, review the resources for Industrial Control Systems, and advise the importance of them to the financial services sector. Explain the risks associated with the Industrial Controls Systems.
• Law Enforcement.
- Nothing.
• Intelligence Agency.
- Provide an overview of the life cycle of a cyber threat. Explain the different threat vectors that cyber actors use, and provide a possible list of nation-state actors that have targeted the US financial services industry before.
• Homeland Security.
- Provide a risk-threat matrix and provide a current state snapshot of the risk profile of the financial services sector.
• Proof reading.
- Proof reading of SAR.
- Proof reading of AAR
• PowerPoint presentations.
- A 5-8 slide PowerPoint presentation for executives along with narration or In-Class presentation by each team member summarizing a portion of your SAR and AAR report.
- APA citations of AAR
SAR report need to be 4 pages. AAR report need to be 4 pages. PowerPoint presentation for executives along with narration 3 slides