Competency 4028.1.3: Protecting a Network
- The graduate develops strategies to protect a threatened network
using appropriate federal standards, international standards, or
industry best practices.
Competency 4028.1.4: Cyberwarfare Actors and Threats
- The graduate formulates appropriate strategies for dealing with
current cyberwarfare actors and threats from a U.S.-centric viewpoint.
Task 2: Network Evaluation and Defense Strategy
Using the scenarios provided in each task, you will compose each of the
three components of a cyberwarfare defense report. The defense report
in its entirety should be written for the Department of Defense (DoD)
Chief Information Officer (CIO). The defense report has been broken into
three tasks; each task should be submitted independently for scoring.
Your report should be formatted in Arial 12-point font and double
spaced. For this task, you will write the network evaluation and defense
strategy portion of the defense report, which should be 6–9 pages long.
Task 1: Cyberwarfare History and APT Profiling (suggested length of 6–9 pages)
Task 2: SCADA Network Evaluation and Defense-in-Depth Strategies (suggested length of 6–9 pages)
Task 3: Safeguards and Systems (suggested length of 2–4 pages)
You are a cybersecurity analyst on a security team at Red Cell 637
Defense, a DoD contractor specializing in cyber operations and defensive
High-ranking federal government officials informed
your team that recent intelligence shows an advanced persistent threat
(APT) is looking at exploiting supply chain vulnerabilities against the
computers that operate the Western Interconnection power grid. You are
to assume that this APT originates from either a well-funded nation
state or terrorist group. The APT has been able to probe and map the
network over the course of several months. The officials have given your
team access to classified intelligence indicating that the currently
unidentified group may be planning to install malicious malware within
the grid’s computer network that will disrupt power to eleven states.
team has been asked to work closely with the DoD, Department of
Homeland Security (DHS), and other federal stakeholders to strengthen
the security and safety of the power grid and its related computer
The federal agencies responsible for
critical infrastructure protection want to ensure that the Western
Interconnection power grid computer network has the strongest possible
defense while ensuring continued operation. They formally request that
your team analyze common vulnerabilities in SCADA networks such as the
western power connection grid, and then apply the Cyber Kill Chain to
determine how this adversary could have exploited the vulnerabilities to
attack the network. In addition, you will utilize the NSA’s information
assurance–based “Defense in Depth” strategy as it relates to the power
grid’s computer networks to make recommendations for implementing
stronger information assurance measures and actions. You will compose a
report with graphics, detailing your recommendations for securing the
network against future cyberattacks.
submission must be your original work. No more than a combined total of
30% of the submission and no more than a 10% match to any one
individual source can be directly quoted or closely paraphrased from
sources, even if cited correctly. Use the Turnitin Originality Report
available in Taskstream as a guide for this measure of originality.
You must use the rubric to direct the creation of your submission
because it provides detailed criteria that will be used to evaluate your
work. Each requirement below may be evaluated by more than one rubric
aspect. The rubric aspect titles may contain hyperlinks to relevant
portions of the course.
A. ICS Vulnerabilities and Cyber Kill Chain
- Summarize plausible active and passive gathering techniques that the
adversary could have executed to gain intelligence on the target in the
and Delivery - Explain how the adversary could use the exploited
intelligence to create a malicious payload, including plausible delivery
methods of the payload to the target.
and Installation - Describe the series of events that could occur
during the exploitation and installation of a malicious payload,
including where the payload could be delivered on the network to
accomplish the adversary’s goals as described in the scenario.
& Control - Create a visual representation of channels through
which an adversary could use tools to exploit a compromised network and
create an “at will” entry point for sending and receiving information.
Be sure to clearly indicate each component represented in your visual.
- Describe how the adversary is likely collecting and exfiltrating
information from the Western Interconnection power grid, including how
that information could be used to successfully execute an attack.
B. "Defense in Depth” Recommendations
- Recommend information assurance policies or procedures specific to
the facilities and personnel security that control and monitor access to
facilities and critical infrastructures for Western Interconnection
power grid. Be sure to explain how each policy and procedure will raise information assurance levels.
– Recommend supply chain management acquisition policies or procedures
that Western Interconnection power grid should put into place to detect
and protect against cyberattacks. Be sure to explain how these policies
or procedures will raise information assurance levels.
- Recommend policies or procedures to sustain security posture for the
Western Interconnection power grid on a day-to-day basis. Be sure to
explain how these policies or procedures will raise information
sources, using APA-formatted in-text citations and references, for
content that is quoted, paraphrased, or summarized.