Scenario: The United States’ critical infrastructure power, water, oil and natural gas, military systems, financial systems have become the target of cyber and physical attacks as more critical infrastructure systems are integrated with the internet and other digital controls systems. The lesson learned in mitigating and defending against cyberattacks is that no entity can prevent or resolve cyberattacks on its own. Collaboration and information sharing are key for success and survival.
You were chosen to address the cyber threats and exploitation of US financial systems’ critical infrastructure. Your selected by the White House cyber national security staff to provide situational awareness about a current network breach and cyberattack against several financial service institutions.
You will have to provide education and security awareness to the financial services sector about the threats, vulnerabilities, risks, and risk mitigation and remediation procedures to be implemented to maintain a robust security posture.
Law Enforcement Representative: Provide a descriiption of the impact that the threat would have on the law enforcement sector. These impact statements can include the loss of control of systems, the loss of data integrity or confidentiality, exfiltration of data, or something else. Also provide impact assessments as a result of this security incident to the law enforcement sector.
1. Provide submissions from the Information Sharing Analysis Councils related to the financial sector. You can also propose fictitious submissions. Then, review the resource for “industrial control systems” attached and explain their level of importance to the financial services sector. Explain risks associated with the industrial control system.
2. Provide a risk-threat matrix and a current state snapshot of the risk profile of the financial services sector. These reports will be part of an overall risk assessment. Review and refer to this “risk assessment” resource attached to aid you in developing this section of the report.
3. Provide an overview of the life cycle of a cyberthreat. Explain the different threat vectors that cyber actors use and provide a possible list of nation-state actors that have targeted the US financial services industry before.
Review the “Threat Response and Recovery” resource attached and use what you learn to propose an analytical method in which you are able to detect the threat, identify the threat, and perform threat response and recovery. Identify the stage of the cyberthreat life cycle where you would observe different threat behaviors. Include ways to defend and protect against the threat.
