Project 3: Threat Analysis and Exploitation

Step 1: Establish Roles

As described in the scenario, you will be working in a small team (usually five members). Your instructor has provided an area for your group discussions, collaboration, and file sharing. Take some time to learn about your teammates (e.g., introductions, LinkedIn profiles, bios) to understand the experience and expertise of your team members.

Studies on teamwork outline the typical team stages of forming, storming, norming, and performing (see Tuckman, Bruce W. (1965), “Developmental sequence in small groups,” Psychological Bulletin, 63, 384–399). This guidance on teamwork may be helpful.

In order to do well, you and your team members must start communicating immediately and discuss how you will divide the work; this is the forming stage. Review the project and, if you have portions of the work that play well to your strengths, make this known to your team members. Then develop a project plan and schedule individual responsibilities to get the work done.

Finally, agree on a communications plan, which allows your team members to know where the project stands. During this stage, you may have disagreements or differences of opinion about roles and division of work. This is a normal aspect of “storming.”

During this stage, you may have disagreements about roles and division of work. This is a normal aspect of the storming stage. Once you start agreeing on roles and tasks, you are well on your way to norming, the third stage. You should settle on a collaboration space and share drafts of your work in your classroom team locker so your team members and the instructor can see your progress. All team members must contribute, but the deliverables need to be cohesive. Therefore, each of you will need to review each other’s work and help each other. At this point, you will have entered the performing stage.

While you may have to use collaborative tools outside the classroom, maintain the key documents in the respective team project locker in the classroom. Your team will use this area to establish ground rules for communication and collaboration. Team members will gain an overview of the entire project, establish roles, agree on the division of work, and complete and sign the Team Project Charter.

If you sense problems during your team communications sessions, discuss risk management and project adjustments your team may need to make. Contact your instructor and request intervention if you recognize issues.

After the plan is completed, elect one person to attach or link the final document to the team project locker. This step should be completed early in the term, between Weeks 2 and 4.

Setting up team roles and expectations is an important part of this project, and completing the charter is critical to the project’s success. Such practices ensure equity and build trust in professional environments. When you have completed this important step, move to the next step.

References

Tuckman, B. W. (1965). Developmental sequence in small groups. Psychological Bulletin, 63, 384-399.

Step 2: Assess Suspicious Activity

Your team is assembled and you have a plan. It’s time to get to work. You have a suite of tools at your disposal from your work in the earlier projects. That work can be used to create a full common operating picture of the cyberthreats and vulnerabilities that are facing the US critical infrastructure. Begin by reading the following resources to brush up on your knowledge:

1. network security
2. mission-critical systems
3. penetration testing

All team members must leverage network security skills by using port scans, network scanning tools, and analyzing Wireshark files to assess any suspicious network activity and network vulnerabilities.

Professionals in the Field

In many twenty-first century professions, expertise in your own field is not always enough. Sure, you are well on your way to becoming an expert in cybersecurity. But the cybersecurity field exists so that professionals in other field can be confident that their computing platforms are safe. Knowledge of the types of information, processes, teams, and real-life activities that other professionals engage in is what will enable you to make the best decisions about how to ensure CIA on widely disparate platforms in different environments.

Try career exploration tools such as O*NET, intelligencecareers.gov, and DoD Civilian Careers to browse the career paths and positions available to cyber professionals in the public and private sectors. Where would you like to be at the end of this program, or five years after that? What position might you seek the next time you’re on the market? The answers to these questions will inform your career pathway plan.

Step 3: The Financial Sector

To be completed by the Financial Services Representative: Provide a description of the impact that the threat would have on the financial services sector. These impact statements can include the loss of control of the systems, the loss of data integrity or confidentiality, exfiltration of data, or something else. Also provide impact assessments as a result of this security incident to the financial services sector. Ensure that the information is appropriately cited.

To be completed by all team members: Provide submissions from the Information Sharing Analysis Councils related to the financial sector. You can also propose fictitious submissions. Then, review the resource for industrial control systems and explain their level of importance to the financial services sector. Explain risks associated with the industrial control system. Ensure that the information is appropriately cited.

Step 4: Law Enforcement

To be completed by the Law Enforcement Representative: Provide a description of the impact that the threat would have on the law enforcement sector. These impact statements can include the loss of control of systems, the loss of data integrity or confidentiality, exfiltration of data, or something else. Also provide impact assessments as a result of this security incident to the law enforcement sector. Ensure that the information is appropriately cited.

Step 5: The Intelligence Community

To be completed by all team members: Provide an overview of the life cycle of a cyberthreat. Explain the different threat vectors that cyber actors use and provide a possible list of nation-state actors that have targeted the US financial services industry before.

Review this threat response and recovery resource and use what you learn to propose an analytical method in which you are able to detect the threat, identify the threat, and perform threat response and recovery. Identify the stage of the cyberthreat life cycle where you would observe different threat behaviors. Include ways to defend and protect against the threat. Provide this information in your SAR and AAR. Ensure that the information is appropriately cited.

To be completed by the Intelligence Community Representative: Provide intelligence on the nation-state actor and the actor’s cyber tools, techniques, and procedures. Use available threat reporting such as from FireEye, Mandiant, and other companies and government entities that provide intelligence reports. Also, include the social engineering methods used by the nation-state actor and their reasons for attacking US critical infrastructure. Include this information in your SAR and AAR. Ensure that the information is appropriately cited.

Step 6: Homeland Security

To be completed by the Homeland Security Representative: Use the US-CERT and similar resources to discuss the vulnerabilities and exploits that might have been used by the attackers. Ensure that the information is appropriately cited.

Explore the resources for risk mitigation and provide the risk, response, and risk mitigation steps that should be taken if an entity suffers the same type of attack.

To be completed by all team members: Provide a risk-threat matrix and a current state snapshot of the risk profile of the financial services sector. These reports will be part of an overall risk assessment, which will be included in your SAR and AAR. Ensure that the information is appropriately cited.

Review and refer to this risk assessment resource to aid you in developing this section of the report.

Step 7: The SAR and AAR

All team members: After you compile your research and your own critical assessments and analysis, determine which information is appropriate for a Security Assessment Report (SAR) that will be submitted to the White House, and for an After Action Report (AAR) that will be submitted to the rest of the analyst community.

1. Prepare your SAR for the White House Cyber National Security staff, describing the threat, the motivations of the threat actor, the vulnerabilities that are possible for the threat actor to exploit, current and expected impact on US financial services critical infrastructure, the path forward to eliminate or reduce the risks, and the actions taken to defend and prevent against this threat in the future.
2. Prepare the AAR. This knowledge management report will be provided to the cyberthreat analyst community, which includes the intelligence community, the law enforcement community, the defense and civilian community, the private sector, and academia. The purpose of the AAR is to share the systems life cycle methodology, rationale, and critical thinking used to resolve this cyber incident.

The deliverables for this project are as follows:

1. Security Assessment Report (SAR): This report should be a 14- to 15-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
2. After Action Report (AAR): This report should be a 10- to 15-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
3. Presentation: This should be a five- to eight-slide PowerPoint presentation for executives, including narration or an in-class presentation with each team member summarizing a portion of your SAR and AAR reports.

Submit your deliverables after reading the instructions below.

Check Your Evaluation Criteria

Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title.

• 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.
• 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.
• 4.1: Lead and/or participate in a diverse group to accomplish projects and assignments.
• 4.3: Contribute to team projects, assignments, or organizational goals as an engaged member of a team.
• 8.4: Possess knowledge of proper and effective communication in case of an incident or crisis.

Take Action

Submit your assignment to your instructor for review and feedback.

Follow these steps to access the assignment:

• Click My Tools in the top navigation bar.
• Click Assignments.
• Select the relevant assignment.