Cyberwarfare Task 2, computer science homework help

Anonymous
timer Asked: Jul 6th, 2017
account_balance_wallet $20

Question description

CYBERWARFARE

Competency 4028.1.3: Protecting a Network

- The graduate develops strategies to protect a threatened network

using appropriate federal standards, international standards, or

industry best practices.
Competency 4028.1.4: Cyberwarfare Actors and Threats

- The graduate formulates appropriate strategies for dealing with

current cyberwarfare actors and threats from a U.S.-centric viewpoint.


Task 2: Network Evaluation and Defense Strategy

Introduction:

Using the scenarios provided in each task, you will compose each of the three components of a cyberwarfare defense report. The defense report in its entirety should be written for the Department of Defense (DoD) Chief Information Officer (CIO). The defense report has been broken into three tasks; each task should be submitted independently for scoring. Your report should be formatted in Arial 12-point font and double spaced. For this task, you will write the network evaluation and defense strategy portion of the defense report, which should be 6–9 pages long.

Task 1: Cyberwarfare History and APT Profiling (suggested length of 6–9 pages)
Task 2: SCADA Network Evaluation and Defense-in-Depth Strategies (suggested length of 6–9 pages)
Task 3: Safeguards and Systems (suggested length of 2–4 pages)

Scenario:

You are a cybersecurity analyst on a security team at Red Cell 637 Defense, a DoD contractor specializing in cyber operations and defensive strategies.

High-ranking federal government officials informed your team that recent intelligence shows an advanced persistent threat (APT) is looking at exploiting supply chain vulnerabilities against the computers that operate the Western Interconnection power grid. You are to assume that this APT originates from either a well-funded nation state or terrorist group. The APT has been able to probe and map the network over the course of several months. The officials have given your team access to classified intelligence indicating that the currently unidentified group may be planning to install malicious malware within the grid’s computer network that will disrupt power to eleven states.

Your team has been asked to work closely with the DoD, Department of Homeland Security (DHS), and other federal stakeholders to strengthen the security and safety of the power grid and its related computer information systems.

The federal agencies responsible for critical infrastructure protection want to ensure that the Western Interconnection power grid computer network has the strongest possible defense while ensuring continued operation. They formally request that your team analyze common vulnerabilities in SCADA networks such as the western power connection grid, and then apply the Cyber Kill Chain to determine how this adversary could have exploited the vulnerabilities to attack the network. In addition, you will utilize the NSA’s information assurance–based “Defense in Depth” strategy as it relates to the power grid’s computer networks to make recommendations for implementing stronger information assurance measures and actions. You will compose a report with graphics, detailing your recommendations for securing the network against future cyberattacks.

Requirements:

Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly. Use the Turnitin Originality Report available in Taskstream as a guide for this measure of originality.

You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.

A. ICS Vulnerabilities and Cyber Kill Chain

1. Reconnaissance - Summarize plausible active and passive gathering techniques that the adversary could have executed to gain intelligence on the target in the scenario.

2. Weaponization and Delivery - Explain how the adversary could use the exploited intelligence to create a malicious payload, including plausible delivery methods of the payload to the target.

3. Exploitation and Installation - Describe the series of events that could occur during the exploitation and installation of a malicious payload, including where the payload could be delivered on the network to accomplish the adversary’s goals as described in the scenario.

4. Command & Control - Create a visual representation of channels through which an adversary could use tools to exploit a compromised network and create an “at will” entry point for sending and receiving information. Be sure to clearly indicate each component represented in your visual.

5. Actions - Describe how the adversary is likely collecting and exfiltrating information from the Western Interconnection power grid, including how that information could be used to successfully execute an attack.

B. "Defense in Depth” Recommendations

1. People - Recommend information assurance policies or procedures specific to the facilities and personnel security that control and monitor access to facilities and critical infrastructures for Western Interconnection power grid. Be sure to explain how each policy and procedure will raise information assurance levels.

2. Technology – Recommend supply chain management acquisition policies or procedures that Western Interconnection power grid should put into place to detect and protect against cyberattacks. Be sure to explain how these policies or procedures will raise information assurance levels.

3. Operations - Recommend policies or procedures to sustain security posture for the Western Interconnection power grid on a day-to-day basis. Be sure to explain how these policies or procedures will raise information assurance levels.

C. Acknowledge sources, using APA-formatted in-text citations and references, for content that is quoted, paraphrased, or summarized.

A1. Reconnaissance Not Evident Approaching Competence A summary is not provided, or The submission summarizes the submission does not active and passive gathering address active and passive techniques that the adversary gathering techniques. could have executed, but the information provided is not plausible for the scenario or contains inaccuracies. Criterion Score: Competent The submission summarizes plausible active and passive gathering techniques that the adversary could have executed to gain intelligence on the target in the scenario. Not Evident Comments on this criterion: 6/28/2017 - The updated response discusses several gathering techniques such as Shodan, Google, slithering mailing records, sites and web journals and utilizing social relationships. It is not clearly evident which of these would be considered passive and which would be considered active gathering techniques. 6/23/2017 - The work explains that reconnaissance and the "find" phase of the kinetic kill chain model is the same. The rubric requires that the submission summarizes plausible active and passive gathering techniques that the adversary could have executed to gain intelligence on the target in the scenario which could not be found in this discussion. 6/16/2017 - The response notes that reconnaissance can be passive or active by the used of scans. It is not clear by the response what active and passive gathering techniques the adversary could have used to gain intelligence on the target. 2/14/2017 - The response outlines the attack as opportunistic. The requirement is to summarize plausible active and passive gathering techniques that the adversary could have executed to gain intelligence on the target in the scenario. A2. Weaponization and Delivery Not Evident Approaching Competence Competent An explanation is not provided, The submission explains how The submission explains how or the submission does not the adversary could use the the adversary could use the address how the adversary exploited intelligence to create exploited intelligence to create could use the exploited a malicious payload but a malicious payload, including intelligence to create a plausible delivery methods are plausible delivery methods of malicious payload. not included, or the the payload to the target. information provided contains inaccuracies. Criterion Score: Approaching Competence Comments on this criterion: 6/28/2017 - The updated response discusses sending a phishing email with a weaponized PDF. An explanation of how the adversary could use the exploited intelligence to create a malicious payload could not be found. 6/2 3/2017 -The work explains how a document is weaponized in order to effect the ICS in an adverse manner. It is still unclear how the collected intelligence from the reconnaissance phase is used to cerate a malicious payload. 6/16/2017 - A discussion of a weaponized Microsoft office document is presented. What is not clear is how the intelligence gathering during the reconnaissance phase is used to create a malicious payload. 2/14/2017 - A limited discussion of weaponizing Microsoft Office documents can be found. A discussion of the plausible delivery methods of the payload to the target is not clearly evident. A4. Command and Control Not Evident Approaching Competence A visual is not provided or The visual represents channels does not represent channels through which an adversary through which an adversary can exploit a compromised can exploit a compromised network and create an “at will” network and create an “at will” entry point for sending and entry point for sending and receiving information, but the receiving information. submission does not clearly indicate each component, or the visual contains inaccuracies. Criterion Score: Competent The visual accurately represents channels through which an adversary could exploit a compromised network and create an “at will” entry point for sending and receiving information. The submission clearly indicates each component represented in the visual. Not Evident Comments on this criterion: 6/28/2017 - The updated response provides a general flow of the attack. The requirement is to provide a visual drawing of a compromised network (indicating each component) while accurately representing the channels through with the adversary could exploit the network and create an "at will" connection. 6/23/2017 - The visual illustrates the receipt of a malicious email and how it adversely effects a computer. It is not clear how the visual represents channels through which an adversary could exploit a compromised network and create an “at will” entry point for sending and receiving information 6/16/2017 - The provided visual depicts an email, malicious document, computer and server in two separate diagrams. The detail of the diagram is limited and does not clearly illustrate channels through which an adversary could exploit a compromised network and create an “at will” entry point for sending and receiving information. 2/14/2017 - The detailed essay discusses how the attacker could move around within the environment and have commands sent from the C2 server. The requirement is to create an original visual that accurately represents channels through which an adversary could exploit a compromised network and create an “at will” entry point for sending and receiving information. B2. Defense in Depth Recommendations: Technology Not Evident Approaching Competence Competent The submission does not The submission recommends The submission recommends recommend any supply chain supply chain management supply chain management management acquisition acquisition policies or acquisition policies or policies or procedures or the procedures that should be put procedures that should be put recommendations are not into place at Western into place at Western specific to Western Interconnection power grid to Interconnection power grid to Interconnection power grid for detect and protect against detect and protect against detecting and protecting cyberattacks but does not cyberattacks. An accurate against cyberattacks. include an explanation of each explanation is provided for policy or procedure, or the how each policy or procedure information provided contains will raise information inaccuracies. assurance levels. Criterion Score: Not Evident Comments on this criterion: 6/28/2017 - The detailed response discusses setting up DMZs. It is not clearly evident how this aligns with the requirement to identify supply chain management acquisition policies or procedures. 6/23/2017 - The response recommends network segmentation, proper deployment and configuration of firewalls, IDS and antivirus solutions, proprietary protocols and standards and suitable encryption and cryptographic technologies to secure data in the event of an attack. It is not clear how these viable policies and procedures address supply chain management acquisition. 6/16/2017 - it is recommended that switches are properly administered and tested. It is not clear how the recommendations address supply chain management acquisition policies or procedures that should be put into place at Western Interconnection power grid to detect and protect against cyberattacks. 2/14/2017 - The 8 page response discusses switches that could capture data and two factor authentication for remote connections. It is not clearly evident how this would be considered an appropriate recommendation of supply chain management acquisition policies or procedures that should be put into place at Western Interconnection power grid to detect and protect against cyberattacks.

Tutor Answer

Ellah
School: UC Berkeley

Attached.

Running head: NETWORK EVALUATION AND DEFENSE STRATEGY

Network Evaluation and Defense Strategy
Insert Name Here
Institutional Affiliations

1

NETWORK EVALUATION AND DEFENSE STRATEGY

2

Introduction
Amid the previous couple of years, there has been an ascent in mindfulness
inside the worldwide group of the risks that are related with cyber-attacks against basic
foundation in countries or firms. These attacks are rising to be a growing tension
between governments and firms the world over (Amin & Wollenberg, 2005).
Additionally, the developing interconnectivity of Supervisory Power and Data Acquisition
(SCADA) networks has kept on exposing organizations’ networks to different network
security challenges. Most of the present networks are related to the associations'
corporate framework notwithstanding the Internet associations (Byres, 2008). The report
will break down the regular vulnerabilities in SCADA systems, similar to that of the
Western Interconnection power grid and afterward apply the Cyber Kill Chain to build up
the way this enemy would have exploited the vulnerabilities to attack the SCADA
network. This report will also examine the "Defense in Depth" strategy with respect to
the Western Interconnection power grid’s SCADA networks to make proposals for
actualizing more grounded data affirmation measures and activities (Wang, Xu, &
Khanna, 2011).
ICS Vulnerabilities and Cyber Kill Chain

NETWORK EVALUATION AND DEFENSE STRATEGY

Vulnerabilities of SCADA

3

NETWORK EVALUATION AND DEFENSE STRATEGY

4

Security authorities have contended that the essential test identified with SCADA
is that they were not planned to be associated with the Internet; the essential concerns
connected to the angles were not mulled over in their improvement network. A SCADA
set-up gives an interconnection to handle segments on the organization’s floor. It
involves sensors, and actuators, which are overseen and through the set-up by means
of either a PC framework or a Programmable Logic Controller (PLC). In this manner,
framework operation depends on control frameworks SCADA-, which screens, and
controls the physical set-up. The United States power grid framework is an interrelated
framework, which comprises of transmission, power creation notwithstanding circulation
network (Byres, 2008).
The present computing power grants SCADA frameworks to attempt multifaceted
sequencing operations, and also offers for visit accumulation (for example, like
clockwork) of energy framework information. The electric power industry does not
perceive a solitary event of energy blackouts because of electronic interruption. In any
case, the standard of utility individuals agrees that an electronic attack fit for prompting
territorial or broad intrusion that goes on for over 24 hours is, in fact, commonsense
(Amin & Wollenberg, 2005). Cyber security for energy delivery frameworks in numerous
nations involves the gravest grid remodel and foundation resistance is at the zenith of
most organization’s worries. In this way, from cyber security perspective, a potential
attacker should network an attack course from the attack PCs to the SCADA. Hence, an
attack may possibly affect from any spot on the physical, mechanical assembly and the
Internet that the SCADA network is observing (Wang, Xu, & Khanna, 2011).

NETWORK EVALUATION AND DEFENSE STRATEGY

5

There are more than a couple of different threats, which may unfavorably affect the
SCADA networks that include:


The threat of illicit access to the power programming. Regardless of whether it is
singular accessory changes made deliberately or coincidentally by virus infection
and other programming threats, which subsists on the power have mechanical
assembly represent a few t...

flag Report DMCA
Review

Anonymous
Wow this is really good.... didn't expect it. Sweet!!!!

Similar Questions
Hot Questions
Related Tags

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors