US critical infrastructure-power—water, oil and natural gas, military systems, financial systems—have become the target of cyber and physical attacks as more critical infrastructure systems are integrated with the Internet and other digital controls systems. The lesson learned in defending and mitigating cyberattacks is that no entity can prevent or resolve cyberattacks on its own. Collaboration and information sharing is key for success and survival.
This is a group exercise, representing collaboration across all sectors, to support and defend US critical infrastructure. In the working world, a team like this would include some agencies, some industrial partners, and some private sector corporations. Each organization has different strengths and skills, different access to information, and different authorities to report to. When the sectors work together and leverage resources and skills, the result is that everyone benefits from the defense and protection of US IT infrastructure. In your teams, you can model the same collaboration, leveraging each other’s expertise, sharing each other’s knowledge, teaching each other, and providing contributions specific to your role in the scenario.
- Homeland Security Representative: special task in Step 6
Step 2: Assessing Suspicious Activity
Your team is assembled and you have a plan. It’s time to get to work. You have a suite of tools at your disposal from your work in Project 1, Project 2, and Project 3, which can be used together to create a full common operating picture of the cyber threats and vulnerabilities that are facing the US critical infrastructure. Begin by selecting the following links to brush up on your knowledge:
- network security
- mission critical systems
- penetration testing
Step 6: Homeland Security
To be completed by the Homeland Security Representative: Use the US-CERT and other similar resources to discuss the vulnerabilities and exploits that might have been used by the attackers.
Explore the resources for risk mitigation and provide the risk, response, and risk mitigation steps that should be taken if an entity suffers the same type of attack.
To be completed by all team members: Provide a risk-threat matrix and provide a current state snapshot of the risk profile of the financial services sector. These reports will be part of an overall risk assessment, which will be included in the SAR and AAR.
Review and refer to this risk assessment resource to aid you in developing this section of the report.
Step 7: The SAR and AAR
All team members: After you compile your research, and your own critical assessments and analysis, determine which information is appropriate for a Security Assessment Report (SAR) that will be submitted to the White House, and an After Action Report (AAR) that will be submitted to the rest of the analyst community.
- Prepare your SAR for the White House Cyber National Security Staff, describing the threat, the motivations of the threat actor, the vulnerabilities that are possible for the threat actor to exploit, current and expected impact on US financial services critical infrastructure, the path forward to eliminate or reduce the risks, and the actions taken to defend and prevent against this threat in the future.
- Prepare the AAR. This knowledge management report will be provided to the cyber threat analyst community, which includes the intelligence community, the law enforcement community, the defense and civilian community, the private sector, and academia. The purpose of the AAR is to share the systems life cycle methodology, rationale, and critical thinking used to resolve this cyber incident.
SAR needs to be 4 pages AAR needs to be 3-4 pages.