Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
1. After a cyber attack, the organizational decision making and re.docx
1. 1. After a cyber attack, the organizational decision making and
response to the attack is critical to getting the organization
through the incident and back to normal business after the
attack. Please review and discuss the actions management
should take prior to a cyber attack. Include in your discussion
an overview of crisis management and the role it plays in
recovery.
2. Business continuity plans (BCP) describe processes and
procedures that an organization activates for any threat or issue
that may prevent the organization from carrying on normal
business. Examples include cybersecurity attacks, fire, flood,
and other business disruption causes. Describe and discuss the
main components of a BCP.
3. In traditional warfare, attacking communications and
command and control functions are integral to victory.
Attacking the systems that are the conduit of those critical
functions are equally integral to victory. Discuss three offensive
cyber attack technologies and when they should be deployed.
4. Within the US Government, no single department or agency
has the ultimate responsibility for securing or responding
against cyber attacks. Discuss an approach to building a
coordination and collaboration comprehensive strategy across
the federal government to reduce cyber security attacks.
UMUC, 2014. ( CSEC670)
http://tychousa1.umuc.edu/CSEC670/1206/csec670_04/assets/cs
ec670_04.pdf
UMUC
Cybersecurity Capstone
3. ................... 20
Topic 4: Offensive Cyberattack Technologies
............................................................................... 23
Offensive Cyberattack Technologies
......................................................................................... 23
Topic 5: Organizations: Roles and Responsibilities
...................................................................... 26
Federal Government Roles and Responsibilities
....................................................................... 26
Use of Military Organizations and Assets
.................................................................................. 28
Role of the Private Sector
...............................................................................................
........... 30
Role of International
Organizations..........................................................................
.................. 32
Topic 6:
Summary.................................................................................
......................................... 36
Glossary
...............................................................................................
.......................................... 38
UMUC
Cybersecurity Capstone
CSEC670
5. Stephan Jones has been the Chief Information Security Officer
(CISO) at Crazy Steve's
for more than two years. The financial impact of the security
incident involving the fake
orders has put a lot of pressure on Stephan to ensure that such
an incident is not
repeated.
Scene 2
Stephan discusses the incident with his colleagues: Jamie, from
the IT Department;
Rory, from the Finance Department; Darren, from Customer
Service; and others.
Here is a transcript of the conversation.
Jamie: Did you know that our competitors have nicknamed the
recent security incident
"the Christmas Fiasco?"
Stephan: This is the first time in two years that I've had to deal
with an incident worse
than a virus outbreak.
Stephan: So far, we've only had to deal with minor issues like
employees surfing the
Internet at work.
Rory: None of those incidents caused any major damage to the
company's reputation.
The financial damage was also insignificant. This is different.
Darren: This incident has raised some serious concerns among
our customers. We've
seen a significant decline in the number of visitors to the Web
site and we are receiving
8. Whether they are customers buying goods online, tellers in a
bank, or cashiers at a gas
station, individuals are critically dependent on the systems and
infrastructures with which
they work. The impact and dependencies of a health care
provider or a military service
member deployed overseas are even more critical.
Executing the response to a cyberattack is an important
responsibility of every person
within an organization, as a potential attack can come from any
place, anywhere, and at
any time. The process of dealing with cyberattacks includes
prevention, defense,
detection, recovery, and finally, the response to an attack.
Every government agency and private business has a different
matrix of cyberthreats
and vulnerabilities. For example, the vulnerability matrix for
the U.S. Department of
Defense will not be the same as that of a bicycle manufacturer.
The final element of
response may be different, depending on the organization
attacked and the type of
attack.
This module will examine how the response to a cyberattack is
executed. It will also
examine factors to consider when developing a response plan,
the process involved in
implementing a response plan, disaster recovery, and business
continuity planning.
11. provide adequate support for
prevention and recovery in the event of an incident.
A critical element in the process of business continuity planning
is determining the
appropriate response to a cyberattack. Cyberattacks may include
the destruction or
modification of system configurations or data, unauthorized
system access, or attempts
to penetrate technologies and systems. If incidents of this type
occur, critical data can be
compromised, causing enterprise-wide system failures that may
impact the business.
Role of Leadership
The main responsibility of a company's leadership when a
cyberattack occurs is to
protect confidential information and information systems, while
at the same time
restoring business continuity. At Crazy Steve's, the leadership's
ultimate objective is to
mitigate the damage to customers, their data, and the enterprise
through isolation of the
incident while restoring critical business systems, and maintain
the integrity of the
organization.
Advance Planning
Advance planning is a key element of any response to a
cyberattack. Stephan,
Jonathan, and selected members of their team have determined
roles and
responsibilities for evaluation, response, and management of
future attack-related
events. They have also developed steps and guidelines that
12. employees will adhere to for
reporting and escalation of duties if another attack occurs.
Designating Members
Team members of the leadership team have been identified and
assigned duties. The
process has been mapped out with a clear designation of who
will declare the
occurrence of an event and who will begin the overall business
continuity and
resumption plan. Once the declaration is made, selected
members of the organization
will begin their tasks and address the damage while restoring
critical system
components.
Proper Training of Team Members
Extensive training sessions and workshops have been
implemented to ensure that staff
members with critical responsibilities and expertise across the
enterprise are properly
trained to respond immediately and fulfill their duties.
Regular Testing with Simulations
Training simulations and drills will be conducted to continually
evaluate the incident
response team's reactions to emergency situations. Only by
testing practices before an
emergency occurs will management be able to evaluate whether
the practices align with
the organization's overall business resumption strategies.
UMUC
14. Role
1 Shara
Vandivort
President Executive/Senior
Management
The executive/senior
management members
are responsible for top-
level critical and strategic
decision making for the
enterprise.
2 Jonathan
Kessler
Chief
Information
Officer
IT Management The IT management
members are responsible
for tactical and strategic
implementation and
protection of critical
systems, system security,
remediation, and system
or infrastructure
continuity operations.
3 Lesley
Ruthers
15. Vice President
of Facilities
Management
Facilities
Management
The facilities
management members
are responsible for
physical infrastructure,
physical security, and
logistics.
4 Garrett
Westerling
Vice President
of Human
Resources
Human Resources The Human Resources
Department is
responsible for
personnel, staffing
issues, and travel.
UMUC
Cybersecurity Capstone
17. The Finance and
Accounting Department
is responsible for critical
financial decisions as
well as funds
disbursement.
7 Andre
Parker
Vice President
of Risk
Management
Risk Management The risk management
members are responsible
for internal and external
evaluation of potential
risks and exposure
areas.
8 Perry
Prichett
General
Counsel
Legal The Legal Department is
responsible for counsel
and guidance regarding
legal issues.
18. 9 Sharon
Murphy
Vice President
of Compliance
Compliance The Compliance
Department is
responsible for internal
and external assurance
that the organization is
conforming to laws and
regulations affecting the
industry.
10 Jerry Kripke Chief Operating
Officer
Operations The operations area
covers other parts of the
organization that may not
be included above, but
are critical to the
functioning of the
organization.
21. Elements of a Business Continuity Plan
Policies and Processes
One of the key elements of a good BCP is establishing policies
and processes to
determine the steps the organization will take to identify,
manage, and mitigate risks that
are identified.
Competent Staff
Deploying staff with sufficient knowledge, appropriate levels of
authority, and budget
authority to deploy the BCP responsibly is a crucial factor in
ensuring the success of a
BCP.
Regular Review
It is important to test the BCP on an annual basis and have it
reviewed independently to
ensure an unbiased perspective.
Awareness and Training
Requiring everyone in the organization to be aware of threats,
and to have the proper
training and skills to succeed, is another critical element of a
strong BCP.
Organization-Wide Testing
Testing the BCP across the organization on a regular basis helps
ensure that a BCP is
capable of meeting the needs of the organization.
Critical Evaluation
A BCP's testing process needs to be critically evaluated, and the
results have to be
23. Topic 3: Decision Making in Response to Cyberattacks
The Business Continuity Planning Process
Crazy Steve's Problem
Stephan and Jonathan manage to fix the main issue that allowed
the multiple fake
orders to be placed via Crazy Steve's Web site. Stephan realizes
that this was a close
call. While working to mitigate the issue, he discovers that the
company's business
continuity plan does not include strategies for handling
cybersecurity incidents. As the
success of the entire business continuity effort hinges on
advance planning, Stephan
believes that a plan should be put in place to address
cyberattacks. He decides to
discuss this with Jonathan.
Here is a transcript of the conversation between Stephan and
Jonathan.
Stephan: Hi, Jonathan. Are you free? I need to discuss
something with you.
Jonathan: Yes. Go on.
Stephan: Now that the Christmas incident has been handled,
there is one thing that I
would like to bring to your attention.
Stephan: While handling the security incident, I realized that
our company's business
continuity plan does not consider cybersecurity.
24. Jonathan: Yes, I realized that as well. The BCP focuses
primarily on natural threats
such as fire and flooding. It also addresses major power outages
and system
breakdowns.
Jonathan: It does not deal specifically with cybersecurity
incidents.
Stephan: I think it would be prudent to call a meeting of the
BCP steering committee,
discuss this issue in depth, and decide on a proper plan of
action for fixing this gap in the
BCP.
Jonathan: I agree. I will send an e-mail immediately and get this
process started.
The Meeting
The BCP steering committee at Crazy Steve's convenes to
discuss the proposed
changes. Among the members are Jerry Kripke, the chief
operating officer, and Patricia
Gunter, the head of IT.
Here is a transcript of the conversation.
Jonathan: As you all know, this meeting has been called to
reassess the company's
business continuity plan.
Jonathan: The recent security incident regarding the fake
Christmas orders has made
us aware that the BCP does not include strategies for handling
cybersecurity incidents.
26. Stephan: This is a very serious matter that needs to be analyzed
and discussed
thoroughly before we come to a decision.
Stephan: I suggest we see what the other members of the
steering committee have to
say and consider all aspects before making a decision.
Conclusion
A thorough discussion follows. Some members agree with
Jonathan's proposal to
include cybersecurity incidents in the BCP, and some do not.
Ultimately, the committee
decides to include cybersecurity incidents in the BCP.
The BCP Process
At Crazy Steve's, the process of developing the BCP is
collaborative; stakeholders from
all areas of the business provide input. It requires business units
across the enterprise to
assess their critical processes, dependencies, operations, and
facilities, and then
develop an appropriate business continuity strategy.
Organizations that have solid
business continuity plans, in addition to reviewing, modifying,
and testing them on a
regular basis, do much better during cyberattacks and other
emergencies than
organizations that do not take these precautions.
Critical Functions
The BCP steps should focus on critical business functions,
including resumption,
recovery, and maintenance, rather than focusing solely on
technology (FFIEC, 2008, p.
4).
28. through the Business Impact Analysis (BIA), the vulnerability
assessment, and the
ongoing risk management and assessment process, in order to
continually improve the
BCP, from planning to final testing and monitoring (FFIEC,
2008, pp. 4, 13).
Reference: Federal Financial Institutions Examination Council
(FFIEC). (2008, March). Business continuity
planning: IT examination handbook. Retrieved from
http://ithandbook.ffiec.gov/ITBooklets/FFIEC_ITBooklet_Busin
essContinuityPlanning.pdf
Analyze This
Question 1: Which of the following scenarios should be
included in the BCP for
cybersecurity incidents involving Crazy Steve's Web site and
online ordering
infrastructure?
a. A Distributed Denial Of Service (DDoS) attack on the servers
b. A Structured Query Language (SQL) injection attack on the
Web site, aiming to
extract financial and customer information
c. A virus infection on the servers
d. A developer accidentally uploading a Web page with
incorrect information
Correct Answer: Options a, b, and c
Feedback:
DDoS attacks on the servers, SQL injection attacks on the Web
site, and virus infections
on the servers should all be included in the BCP for
cybersecurity incidents.
29. DDoS, SQL injections and viruses are all serious attack
methodology that can be used
by adversaries. These scenarios therefore require careful and
detailed analysis in order
to assess how they are addressed in the company’s BCP.
Uploading incorrect data onto
the company’s web page is normally just a simple error that can
be easily corrected and
does not affect Business Continuity Planning.
Question 2: Which of the following key personnel should
provide input for the steps to
be taken when a cybersecurity incident occurs on Crazy Steve's
retail Web site? Choose
all options that apply.
a. The Chief Financial Officer (CFO)
b. The Chief Information Officer (CIO)
c. The Chief Information Security Officer (CISO)
d. The public relations and media advisor
Correct Answer: Options a, b, c, and d
Feedback:
The BCP process is a collaborative undertaking in which
stakeholders from all areas of
the business should give their input.
UMUC
Cybersecurity Capstone
CSEC670
32. an important role in driving the required business recovery
timelines and expectations.
Analyze This
The BCP steering committee discussed the BIA process and
made several important
findings. Answer the following questions to learn more.
Question 1: Which of the following are critical functions or
processes at Crazy Steve's?
a. Supply chain management
b. Customer relationship management
c. Order processing
d. Online order management
Correct Answer: Options a, b, c, and d
Feedback:
Supply chain management, customer relationship management,
order processing, and
online order management are all critical functions or processes
at Crazy Steve's.
In an online e-tailer environment like Crazy Steve’s all of the
systems listed should be
considered mission critical. The failure of any one system
would have a significant
impact on the organization’s overall business operations.
Therefore, unexpected
downtime in any one or more of these information systems
would damage the company
(i.e. their reputation, ability to service customers and/or earn
profits).
Question 2: Since the bulk of Crazy Steve's business is
conducted online, which of the
34. Question 3: Customers have come to value Crazy Steve's
because of its unparalleled
online transaction speed, the lack of any significant downtime
on the company's Web
site, and the company's quick delivery of products. What is
most likely the industry
standard for acceptable downtime for Crazy Steve's retail Web
site?
a. Less than a minute, with almost no data loss
b. Less than an hour, with a few hundred recent transactions
being unavailable
c. Less than a day, with the current day's transactions being
unavailable
d. More than two days
Correct Answer: Option a
Feedback:
Considering the company's previous performance and
reputation, less than a minute
with almost no data loss is the likely acceptable downtime.
Question 4: When focusing on the retail Web site, the BCP
steering committee will
detail the dependencies for Web site operations. Which of the
following dependencies
should the committee include?
a. The server hosting the Web site
b. The Internet link to the Web site
c. The DNS servers hosting the domain name
d. The power supply to the hosting company's data center
Correct Answer: Options a, b, c, and d
Feedback:
The server hosting the Web site, the Internet link to the Web
37. Identify the vital interdependencies among applications,
systems, departments, and
critical business processes. Determine the criticality and
function of specific
equipment across departments.
Ascertain the impact to the department if a critical computing
environment and
support hardware (for example, a network or the Internet) is
unavailable, and identify
a fallback position.
Determine and identify single threads and points of failure, as
well as the impact of
the risks identified.
Determine whether there are any critical dependencies
involving outsourcing
arrangements.
Determine how the enterprise and third-party providers will
meet their service level
obligations during an emergency. Define how this will impact
the department.
Determine how effective security processes and operational
controls will be
maintained during the recovery process.
From a staffing and space perspective, determine the minimum
that will be required
to meet business requirements. Identify any alternatives. List
any special business
supplies, forms, or collateral required at the recovery site.
38. Determine whether communications provisions are available at
the backup site to
facilitate communications with customers, vendors, and
employees. Identify the
alternatives and backup.
If the recovery site is a common site used by other companies,
determine whether
the critical business resumption operations are prioritized at the
site and whether this
prioritization aligns with the company's business requirements
and expectations.
Understand how employees are trained to perform multiple
duties in the event of an
emergency and whether additional cross-training is necessary.
Create a succession
plan in case key leaders are unavailable.
Determine how the personal and family needs of employees
will be addressed.
Identify and detail the proper plans adequately to meet these
needs.
From a financial perspective, determine which issues must be
addressed in an
emergency situation.
UMUC
Cybersecurity Capstone
40. Correct Answer: Options a, b, c, and d
Feedback:
The decision-making process includes gathering all decision
makers, focusing on factors
that will get the business back to normal, gathering all the facts
to make an informed
decision, and understanding the main points related to the
security incident. Conducting
a forensic examination and involving legal counsel would come
after the attack has been
contained and broadly understood.
Obtaining advice from legal counsel is an important task.
However, it is not part of the
preliminary steps in counteracting a cyberattack on your
organization. This would
normally be done after the attack is contained, a damage
assessment can be
ascertained and results of a digital forensic investigation are
shared.
Question 2: Determining the Appropriate Process
Which of the following steps would you initially take while
determining the appropriate
process you would initiate in response to a cyberattack?
a. Identify the organization's critical business functions
b. Discuss how to prevent further harm to the business and
supporting systems
c. Analyze the qualifications of staff members
d. Assign roles and responsibilities to staff members
Correct Answer: Options a, b, and d
42. Involving senior management, IT management, and other
critical teams
Following the practices and procedures outlined in the BCP
Communications with the media would typically be handled by
the Public Relations or
Corporate Communications division, and not by Marketing.
Question 4: Critical Elements of a BCP
Which of the following are critical elements of a BCP?
a. Testing the BCP once every five years
b. Identifying risks
c. Prioritizing risks
d. Assigning mitigation strategies
e. Updating the BCP regularly
Correct Answer: Options b, c, d, and e
Feedback:
Identifying and prioritizing risks, assigning mitigation
strategies, and regular updating are
all elements of a BCP.
Question 5: Additional Elements of a BCP
Which of the following elements should be included in a BCP?
a. Understanding key business processes
b. Developing plans in advance
c. Prioritizing cross-organizational requirements
d. Focusing only on IT aspects
e. Testing the organization's BCP regularly
Correct Answer: Options a, b, c, and e
45. http://www.nytimes.com/2011/12/16/world/middleeast/iran-
warns-afghanistan-to-
stop-us-drone-flights.html
Step 3
While some drones can be armed with missiles, the U.S.
military reacted to Iranian
reports of the drone's capture by saying Tehran might have been
referring to a missing
"unarmed reconnaissance aircraft" (Jaffe & Erdbrink, 2011).
Reference: Jaffe, G., & Erdbrink, T. (2011, December 4). Iran
says it downed U.S. stealth drone; Pentagon
acknowledges aircraft downing. The Washington Post.
Retrieved from
http://www.washingtonpost.com/world/national-security/iran-
says-it-downed-us-stealth-drone-pentagon-
acknowledges-aircraft-
downing/2011/12/04/gIQAyxa8TO_story.html?wprss=rss_nation
al-security
Step 4
Drones run the risk of being shot down or crashing as a result of
malfunction or operator
error, and then being captured by foreign adversaries. U.S.
Defense authorities later
admitted that this drone was in fact spying on Iran. This
corroborates statements by
Iranian military authorities that they were able to do so using an
electronic attack
(Popular Mechanics 2011). In this case, the Iranians stated at
one point that they had
shot down the drone (The Daily Mail, 2011).
References:
47. Many organizations and governments around the world are
examining, testing, and
deploying offensive cyberattack strategies and technologies. In
the United States, strong
laws forbid aggressive actions if they entail unauthorized access
to a device connected
to the Internet. Such laws do not exist in other parts of the
world, nor does the law in
some countries protect U.S. companies from attacks by foreign
hackers.
In light of this global predicament, enterprises need to be aware
of aggressive plans that
are being considered and implemented globally. As a
cyberattack can originate
anywhere, governments and other organizations may need to
take proactive steps to
protect their assets. In traditional warfare, attacking
communications and command and
control functions are crucial to victory; attacking the systems
that host and facilitate
these critical functions is also crucial to victory.
Identify Cyberattack Methods
Identify the cyberattack technologies that have offensive
capabilities.
a. Denial of Service (DoS) attacks
b. Remote keyloggers
c. Electromagnetic Pulse (EMP) weapons
d. Bolt phase attacks
e. Attacks on control systems that cause assets to self-destruct
f. Trojan implantations that allow control of systems activity
g. Root core scans
h. Flooding attacks
Correct Answer: Options a, b, c, e, f, and h
48. Feedback:
The following cyberattack technologies have offensive
capabilities:
Distributed Denial of Service (DDoS) attacks have definite
offensive capabilities. By
using a large group of zombie computers an attacker can
generate a very damaging
attack.
Remote keyloggers are also useful offensive cyberwarfare tools
because they relay
back each and every keystroke made on an enemy’s computer.
Electromagnetic Pulse (EMP) weapons imitate the gamma-ray
pulse caused by a
nuclear explosion, disabling all electronics over wide areas
(Gertz, 2011). These
weapons are currently designed to knock out electronic
equipment and possibly even
affect humans.
Attacking a control system normally has the objective of
causing a failure of the
operating system. This is potentially a very dangerous offensive
action that an
adversary might wish to use.
A Trojan program allows an outsider to gain control of a
program or system. Often, a
Trojan gains entry to a system to allow access at a later time.
A flooding attack can easily be a very damaging offensive
attack by a government
organization, or cybercriminals. In this type of attack, a large
51. Jurisdiction
Executive authority, issued
in the form of Presidential
findings, executive orders,
and Presidential
Directives, issue
responsibility to
government departments
and agencies to take
actions within the scope of
authority granted.
Intelligence Community
Directives (ICDs) are
responsible for containing
the intelligence governance
authorities.
Federal law enforcement
responsibilities are largely
defined within federal laws.
Based on the type of crime,
the FBI, the Secret Service,
or other law enforcement
agencies may have
jurisdiction.
The National Cyber Response Coordination Group
The National Cyber Response Coordination Group (NCRCG),
composed of 13 federal
agencies, collaborates with the Intelligence Community, law
52. enforcement, and the U.S.
Computer Emergency Readiness Team (US-CERT) before,
during, and after a
cyberincident. It serves as the leading disseminator of
information and coordinates
responses among government agencies following a
cyberincident.
National Cybersecurity and Communications Integration Center
DHS's National Cybersecurity and Communications Integration
Center (NCCIC) is a
"watch and warning" center with 24/7 capabilities for
emergency communications related
to cybersecurity. The NCCIC works across all levels of the
private sector and
government. It provides a unified and integrated response to
incidents that may impact
homeland security. The NCCIC is collocated with the Industrial
Control Systems Cyber
Emergency Response Team (ICS-CERT), the National
Coordinating Center for
Telecommunications (NCC), and US-CERT. Other federal
partners, including the
Department of Defense, members of the Intelligence
Community, and law enforcement,
also collaborate with the NCCIC. Information Sharing and
Analysis Center (ISAC)
activities for a few sectors also originate with the NCCIC (DHS,
2011).
UMUC
Cybersecurity Capstone
54. defensive cybermeasures.
Many countries have developed cyberattack capabilities. For
example, "Iran claims to
have the world's second-largest cyber-army," while China,
Russia, Israel, and North
Korea have capabilities of their own (The Economist, 2010).
As of now, it is difficult to gauge the true capabilities of
potential enemies. Thus,
countries need to prepare for worst-case scenarios. The
concurrent challenge is the
anonymity of a cyberattack. For example, one country could
launch a cyberattack on
another through a third and innocent nation. An attack of this
type could create mistaken
identity, misattribution, and lack of confidence, which could
easily escalate to military
action.
Reference: The Economist. (2010, July 1). Cyberwar: It is time
for countries to start talking about arms
control on the internet. Retrieved from
http://www.economist.com/node/16481504?story_id=16481504
&source=features_box1
Georgia Cyberattacks
Russia's military advance on Georgia during the South Ossetia
war of 2008 was
accompanied by cyberattacks, which included both DOS attacks
on numerous Georgian
Web sites and hacking of some government sites (Moses, 2008).
While Georgia has
accused Russia of orchestrating the cyberattacks, it is difficult
to prove that actions like
these are the result of action by an enemy state, as opposed to
55. independent hackers
working on their own (McCullagh, 2010).
Attribution is complicated by the fact that cyberattacks can be
geographically
decentralized. For example, when Estonia was subjected to
cyberattack in 2007, it
blamed Russia. However, the attack was carried out using a
network of thousands of
infected computers, 17 percent of which were said to have been
located in the United
States (Baldor, 2011).
References:
Baldor, L. C. (2011, June 22). New orders detail Pentagon
cyberwar guidelines. The Associated Press.
Retrieved from Air Force Times Web site:
http://www.airforcetimes.com/mobile/index.php?storyUrl=http%
3A%2F%2Fwww.airforcetimes.com%2Fnews
%2F2011%2F06%2Fap-pentagon-gets-cyberwar-guidelines-
062211%2F
McCullagh, D. (2010, July 29). U.S. military cyberwar: What's
off-limits? CNET News. Retrieved from
http://news.cnet.com/8301-31921_3-20012121-281.html
Moses, A. (2008, August 12). Georgian websites forced offline
in "cyber war." The Sydney Morning Herald.
Retrieved from
http://www.smh.com.au/news/technology/georgian-websites-
forced-offline-in-cyber-
war/2008/08/12/1218306848654.html
58. more documented members than the U.S. military and formed
the largest private
detective organization.
Reference: Morn, F. (1982). The eye that never sleeps: A
history of the Pinkerton National Detective
Agency. Bloomington: Indiana University Press.
Now
Blackwater Security Consulting (BSC), formed in 1997 and
renamed in 2011 as Academi
is a private firm that performed some security functions under
federal contract during the
Iraq War. Blackwater provided support for coalition forces and
installations, and trained
Iraqi military and police forces. Just as the Pinkertons did, in
the 1850s, Blackwater has
used its expertise to aid the U.S. government in various ways.
Public-Private Partnerships
Public-private partnerships have been used in research and
development efforts in many
areas. This is also true in cybersecurity. The private sector's
contribution to advances in
cybertechnology is bound to have a tremendous impact on the
future of cyberwarfare.
The market for such technology is not limited by borders or
nationalities. For example, a
company could develop a specific technology and sell it across
borders with ease, via
the Internet.
Global innovation in technology, for both good and evil
purposes, can now originate
virtually anywhere. This changing characteristic could be a
61. advent of the Internet, cyberwarfare has become the latest threat
to security.
International organizations like the United Nations (UN) and
North Atlantic Treaty
Organization (NATO) are debating the effect of cyberwar and
the appropriate responses
to cyberattacks. As cyberattacks are not covered under the
Geneva Conventions and
there is no formal agreement among nations, limitations on
cyberwar and international
protocols of engagement are not defined.
Activity
Read and analyze each fictitious scenario, and answer the
related questions.
Question 1: A country has been under cyberattack by a known
and highly capable
adversary. The government has talked for a long time about
treating cyberwarfare the
same as it would treat kinetic warfare. What kind of effective
counterattack can it mount?
a. Kinetic warfare
b. Offensive cyberwarfare
c. A blended attack using both kinetic warfare and cyberwarfare
d. Disconnect the country's Internet connection
Correct Answer: Options a, b, and c
Feedback for Correct Answer:
The response would differ depending on the severity of the
cyberattack. For example, if
the cyberattack is against a water system, and it results in the
loss of 50,000 lives, a
62. decision might be made to not only initiate a cyberattack but
also to include a kinetic
strike against the facility that initiated the action. Conversely, if
an attack results
exclusively in damage to data, the response might be entirely
cyber.
Feedback for Incorrect Answer:
Disconnecting the country's Internet connection would not be an
effective measure to
use in the case of launching a cyberattack. As a cyberattack
would require utilizing the
Internet, and if you disconnect from the Internet this would be
view solely as a defensive
maneuver.
The response would differ depending on the severity of the
cyberattack. For example, if
the cyberattack is against a water system, and it results in the
loss of 50,000 lives, a
decision might be made to not only initiate a cyberattack but
also to include a kinetic
strike against the facility that initiated the action. Conversely, if
an attack results
exclusively in damage to data, the response might be entirely
cyber.
UMUC
Cybersecurity Capstone
CSEC670
64. The weather service's public relations function is best-suited to
deal with the media.
The office of the chief meteorologist, the executive
management, or the information
systems department shouldn't deal with media because this is
not their area of expertise.
The best organizational unit to deal with the media is the public
relations group since this
is a professionally trained group that knows what to say, as well
as what not to say
during a cybersecurity incident.
Question 4: You work for Herbert & Sons, a local consulting
firm, and you have been
hired to develop a BCP for a large community hospital. What
information should not be
included in the BCP?
a. Test plans
b. System interdependencies
c. Staff assignments and responsibilities
d. Capital cost of capital expenditures by fiscal year
Correct Answer: Option d
Feedback:
Cost calculations about capital expenditures should not be
included in the BCP. These
cost calculations would instead be included in the planning and
budgeting processes.
Capital cost expenditures are one-time costs that are normally
depreciated over the
individual asset’s useful life. For accounting purposes, this is
normally done over a 2-10
year period of time.
66. for a long time
Correct Answer: Options a, b, and d
Feedback:
Along with acceptable recovery times and interdependencies for
each system, manual
processes that can be initiated for each system if it is down
should be a part of the BIA.
The CISO's responsibilities for incident response are not part of
a business impact
analysis. These responsibilities would typically be outlined in
the CISO's job description
as well as the organization's business continuity and disaster
recovery plans.
Question 7: Which of the following options is not considered an
offensive
cybertechnology?
a. DDoS
b. Viruses
c. Worms
d. Dedicated firewalls
Correct Answer: Option d
Feedback:
DDoS, viruses, and worms have offensive capabilities. A
dedicated firewall has
defensive capability.
Question 8: Which of the following options is not a role of the
federal government as it
relates to cybersecurity?
a. Maintaining civil order
68. We have come to the end of Module 4. The key concepts
covered in this module are
listed below.
After a cyberattack, organizational decision making and
response to the attack is
critical in getting an organization through the incident and back
to normal. For
most companies, the response will include mitigating and
remediating the loss
caused by the attack.
The process of handling a cyberattack generally includes
prevention, defense,
detection, recovery, and response. All facets of an organization,
including
technical members and leaders, should work together to make
the right
decisions.
Business continuity and disaster recovery plans help companies
to deal
effectively with cyberthreats and security incidents. A well-
developed plan will
identify the potential threats to the company, and provide
adequate support for
prevention and recovery in the event of an incident.
The main responsibility of a company's leadership in the event
of a cyberattack is
69. to protect confidential information and information systems
while ensuring
business continuity.
A strong crisis management team will plan far in advance of an
event, with team
members who have the skills to perform their duties. The crisis
management
team normally includes members from various key departments.
The steps of a solid Business Continuity Plan (BCP), along
with the planning
process, include identification, assessment, prioritization,
management, and
mitigation of risk.
The first step in the BCP process is the Business Impact
Analysis (BIA).
Companies perform BIAs in order to determine the priority of
business functions
that need to be restored in the event of a crisis.
Many countries have developed cyberattack capabilities. As it
is difficult to gauge
the true capabilities of potential enemies, countries need to
prepare for worst-
case scenarios.
Private-sector firms currently assist traditional war operations
in areas ranging
from training to logistics. Private companies' flexibility with
72. cybersecurity infrastructure.
Denial of Service (DoS)
Attack
Denial of Service (DoS) or Distributed Denial of Service
(DDoS) attacks use "zombie" servers to flood a target site with
large volumes of traffic. This flood of traffic consumes the
target site's network or system resources and denies access
to legitimate users.
Disaster Recovery Plan A disaster recovery plan is a
comprehensive plan for enabling
a company to resume work quickly in the wake of a disaster or
damage to IT infrastructure.
Electromagnetic Pulse
(EMP) Weapons
Electromagnetic Pulse (EMP) weapons disable electronics
over wide areas by imitating the gamma-ray pulse caused by
a nuclear explosion. These weapons are currently designed to
knock out electronic equipment and possibly even affect
humans.
Service Level
Agreement (SLA)
A Service Level Agreement (SLA) is a contract between a
customer and an IT service provider. It lists all the work tasks
outsourced to the provider and the output the provider is
expected to deliver.
National Cybersecurity
and Communications
Integration Center
73. (NCCIC)
The Department of Homeland Security's National
Cybersecurity and Communications Integration Center
(NCCIC) is a "watch and warning" center with 24/7 capabilities
for emergency communications related to cybersecurity.
National Cyber
Response Coordination
Group (NCRCG)
The National Cyber Response Coordination Group (NCRCG),
composed of 13 federal agencies, serves as the leading
disseminator of information and responses among
government agencies following a cyberincident.