User Account

All Pages

Discuss contract or derivative requirement for cybersecurity

Assignment Help Computer Engineering
Reference no: EM131812656

Project Assignment: Incident Response Exercise & Report

Your Task

You have been assigned to work incident clean-up as part of the Sifers-Grayson Blue Team. Your task is to assist in analyzing and documenting the incident described below. The Blue Team has already created a set of enterprise architecture diagrams (see figures 1-4) to help with your analysis of the incident and preparation of the incident report as required by the company's contracts with the federal government. After completing their penetration tests, the Red Team provided Sifers-Grayson executives with a diagram showing their analysis of the threat environment and potential weaknesses in the company's security posture for the R&D DevOps Lab (see figure 5).

Your Deliverable

Complete and submit the Incident Report form found at the end of this file. Consult the "Notes to Students" for additional directions regarding completion of the form.

Overview of the Incident

Sifers-Grayson hired a cybersecurity consulting firm to help it meet the security requirements of a contract with a federal agency. The consulting firm's Red Team conducted a penetration test and was able to gain access to the engineering center's R&D servers by hacking into the enterprise network through an unprotected network connection (see figure 2). The Red Team proceeded to exfiltrate files from those servers and managed to steal 100% of the design documents and source code for the AX10 Drone System. The Red Team also reported that it had stolen passwords for 20% of the employee logins using keylogging software installed on USB keys that were left on the lunch table in the headquarters building employee lounge (see Figure 3). The Red Team also noted that the Sifers-Grayson employees were quite friendly and talkative as they opened the RFID controlled doors for the "new folks" on the engineering staff (who were actually Red Teamers).
The Red Team continued its efforts to penetrate the enterprise and used a stolen login to install malware over the network onto a workstation connected to a PROM burner in the R&D DevOps lab (See Figure 3). This malware made its way onto a PROM that was then installed in an AX10-a test vehicle undergoing flight trials at the Sifers-Grayson test range (See Figures 1 and 4). The malware "phoned home" to the Red Team over a cellular connection to the R&D center. The Red Team took control of the test vehicle and flew it from the test range to a safe landing in the parking lot at Sifers-Grayson headquarters.

Background

Sifers-Grayson is a family owned business headquartered in Grayson County, Kentucky, USA. The company's physical address is 1555 Pine Knob Trail, Pine Knob, KY 42721. The president of the company is Ira John Sifers, III. He is the great-grandson of one of the company's founders and is also the head of the engineering department. The chief operating officer is Michael Coles, Jr. who is Ira John's great nephew. Mary Beth Sifers is the chief financial officer and also serves as the head of personnel for the company.

Recent contracts with the Departments of Defense and Homeland Security have imposed additional security requirements upon the company and its R&D DevOps and SCADA labs operations. The company is now required to comply with NIST Special Publication 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. The company must also comply with provisions of the Defense Federal Acquisition Regulations (DFARS) including section 252-204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting.These requirements are designed to ensure that sensitive technical information, provided by the federal government and stored on computer systems in the Sifers-Grayson R&D DevOps and SCADA labs, is protected from unauthorized disclosure. This information includes software designs and source code. The contract requirements also mandate that Sifers-Grayson report cyber incidents to the federal government in a timely manner.

SCADA Lab

The SCADA lab was originally setup in 1974. It has been upgraded and rehabbed several times since then. The most recent hardware and software upgrades were completed three years ago after the lab was hit with a ransomware attack that exploited several Windows XP vulnerabilities. At that time, the engineering and design workstations were upgraded to Windows 8.1 professional. A second successful ransomware attack occurred three months ago. The company paid the ransom in both cases because the lab did not have file backups that it could use to recover the damaged files (in the first case) and did not have system backups that it could use to rebuild the system hard drives (in the second case).

The SCADA Lab is locked into using Windows 8.1. The planned transition to Windows 10 is on indefinite hold due to technical problems encountered during previous attempts to modify required software applications to work under the new version of the operating system. This means that an incident response and recovery capability for the lab must support the Windows 8.1 operating system and its utilities.

R&D DevOps Lab

The R&D DevOps Lab was built in 2010 and is used to develop, integrate, test, support, and maintain software and firmware (software embedded in chips) for the company's robots, drones, and non-SCADA industrial control systems product lines. The workstations in this lab are running Windows 10 and are configured to receive security updates per Microsoft's monthly schedule.

Enterprise IT Operations

The company uses a combination of Windows 10 workstations and laptops as the foundation of its enterprise IT capabilities. The servers in the data center and the engineering R&D center are built upon Windows Server 2012.

Issues Summary:

1. Newly won government contracts now require compliance with DFARS §252.204-7008, 7009, and 7012

2. Derivative requirements include:

- Implementation of and compliance with NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.

- Compliance with DFARS 252.239-7009 Representation of Use of Cloud Computing and 7010 Cloud Computing Services.

3. Additional Contractual Requirements for Lab Operations include:

- Incident Response per NIST SP-800-61 (Computer Security Incident Handling Guide)

- SCADA Security per NIST SP 800-82 (Guide to Industrial Control Systems Security)

- Software / Systems Development Lifecycle (SDLC) Security per NIST SP 800-64 (Security Considerations in the System Development Life Cycle)

- Configuration Management per NIST SP 800-128 (Guide for Security-Focused Configuration Management of Information Systems)

Notes to Students:

1. Your final deliverable should be professionally formatted and should not exceed 10 pages. The goal is to be clear and concise in your reporting of your analysis of this incident.

2. You may include annotated diagrams if necessary to illustrate your analysis and/or make your point(s). You may use the figures in this assignment as the foundation for diagrams in your final report (no citations required).

3. Use the NIST Incident Handling Process (see Table 1) to guide your incident analysis.

4. You may assume that the company has implemented one or more of the IT products that you recommended in your Case Studies for this course. You may also assume that the company is using the incident response guidance documents that you wrote for your labs and that the associated operating systems utilities are in use (e.g. you can assume that system backups are being made, etc.).

5. DOCUMENT YOUR ASSUMPTIONS about people, processes, and technologies as if they were fact. But, don't change any of the factual information provided in the incident report from the Red Team.

6. Use the incident report form that appears at the end of this file. Copy it to a new MS Word document. After you perform your incident analysis, fill in the required information, attach the file to your assignment folder entry, and submit it for grading as your final project.

7. For section 1 of the form, use your own name but provide reasonable but fictitious information for the remaining fields.

8. For section 2 of the form, assign IP addresses in the following ranges to any servers, workstations, or network connections that you need to discuss.

a. R&D Center 10.10.150.0/24
b. Test Range 10.10.148.0/24
c. Corporate Headquarters 10.10.155.0/24

9. For sections 2, 3, and 5, you should use and interpret information provided in this file (Overview, Background, Issues Summary). You may use a judicious amount of creativity, if necessary, to fill in any missing information.

10. For section 4 of the form you may provide a fictitious cost estimate based upon $100 per hour for IT staff to perform "clean-up" activities. Reasonable estimates are probably in the range of 150 to 300 person hours. What's important is that you document how you arrived at your cost estimate.

11. Discuss the contract requirements and derivative requirements for cybersecurity at Sifers-Grayson in 3 to 5 paragraphs under "Section 6 General Comments."

Reference no: EM131812656

Questions Cloud

Prepare a statement of retained for pearmain : Prepare a statement of retained for Pearmain, Inc. for the year ending December 31, 2010.
What is the journal entry for the final interest payment : what is the journal entry for the final interest payment and the redemption of the bonds
What is the probability that tourist will be able to talk : A tourist who speaks English and German but no other language visits a region of Slovenia. If 35% of the residents speak English, 15% speak German.
Prepare the journal entries for september 12 : a. Prepare the journal entries for September 12, September 16, and September 19. b. Assuming that the account was paid on September 25, prepare the journal entr
Discuss contract or derivative requirement for cybersecurity : Discuss the contract requirements and derivative requirements for cybersecurity at Sifers-Grayson in 3 to 5 paragraphs under "Section 6 General Comments."
Company sold merchandise inventory costing : The company acquired $2, 400 in merchandise inventory with two-thirds of the purchase on account 4. The company sold merchandise inventory
Effective or ineffective in persuading others to accept : What techniques are effective or ineffective in persuading others to accept your views?
Find the probability that the part was defective : A manufacturer examines its records over the last year on a component part received from outside suppliers. The breakdown on source (supplier A, supplier B).
Domestic currency the peruvian nuevo sol : You are a Peruvian Copper firm located in Peru and you would like to borrow capital in your domestic currency the Peruvian nuevo sol(PEN for your activities

Reviews

Write a Review

Computer Engineering Questions & Answers

  Find a minimal expansion as boolean products

Use K-map to find a minimal expansion as Boolean products of each of these functions Also draw the logic circuit

  How can you calculate the size of the database

What information do you as an analyst need to input into the tool? How are size estimates calculated? If your CASE tool does not accept volumetric information, how can you calculate the size of the database?

  Show the schematic diagram of memory system

In each of the designs in Problem, show the physical location of the following addresses: 0, 48, 356, and 8192.

  Explain how a dfs can be used to look for cycles in a graph

question 1choose one of the exercised from the award winning book computer science unplugged. record a creative

  In a four- to five-page paper analyze a business task that

in a four- to five-page paper analyze a business task that you would like to computerize. consider how you could use

  Define your usage of the mailing list

plan an E-R Diagram showing each entity, its attributes, and it relationships to the other entities. State any assumptions you make. Also Describe your usage of the mailing list, including the dates and subjects of the postings.

  Analyze needs of fictitious organization-wonder widgets inc

In this assignment, you will analyze the needs of a fictitious organization-Wonder Widgets Inc. Why does everyone seem to be doing this?"

  Compare and contrast two models of conceptualizing addiction

Compare and contrast two models of conceptualizing addiction. Describe the models, how they are synergistic, or how they take competing views.

  Difference between systems analysis and systems design

What is the difference between systems analysis and systems design? What is the difference between architectural design and detail design

  Explain the following hypothetical scenario

The new CIO and his biker buddy COO decide to form a Steering Committee to clean up the mess. They involve the key decision makers from their respective organizations and get the commitment from Senior VP of Marketing. The CIO and COO make it clea..

  Which state requires greater duties of the tenant

Write a minimum of two (2) pages comparing and contrasting the tenant rights and duties of two states; one state should be your home state and the other is a state of your choosing. Identify which state is your home state and answer the followign q..

  Data storagecomputer processes need to be able to store

data storagecomputer processes need to be able to store data during the execution phase. the data may need to be stored

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd