Addressing Cyber Threats in US Financial Systems: Impact Assessment and After Action Report

Overview of the Current Network Breach and Cyber-Attacks

Task:

You are part of a collaborative team that was created to address cyber threats and exploitation of US financial systems' critical infrastructure. Your team has been assembled by the White House cyber national security staff to provide situational awareness about a current network breach and cyberattack against several financial service institutions.

Your team consists of four roles:

A representative from the financial services sector, who has discovered the network breach and the cyber-attacks. These attacks include distributed denial-of-service attacks, DDOS, web defacements, sensitive data exfiltration, and other attack vectors typical of this nation-state actor.
A representative from law enforcement, who has provided additional evidence of network attacks found using network defense tools.
A representative from the intelligence agency, who has identified the nation-state actor from numerous public and government-provided threat intelligence reports. This representative will provide threat intelligence on the tools, techniques, and procedures of this nation-state actor.
A representative from the Department of Homeland Security, who will provide the risk, response, and recovery actions taken as a result of this cyber threat.

Provide a description of the impact the threat would have on the financial services sector. These impact statements can include the loss of control of the systems, the loss of data integrity or confidentiality, exfiltration of data, or something else. Also provide impact assessments as a result of this security incident to the financial services sector.

Provide submissions from the Information Sharing Analysis Councils related to the financial sector.

Law Enforcement

Provide a description of the impact the threat would have on the law enforcement sector. These impact statements can include the loss of control of systems, the loss of data integrity or confidentiality, exfiltration of data, or something else. Also provide impact assessments as a result of this security incident to the law enforcement sector.

The Intelligence Community

Provide intelligence on the nation-state actor, their cyber tools, techniques, and procedures. Leverage available threat reporting such as from FireEye, Mandiant, and other companies and government entities that provide intelligence reports. Also include the social engineering methods used by the nation-state actor and their reasons for attacking US critical infrastructure.

Homeland Security

Use the US-CERT and other similar resources to discuss the vulnerabilities and exploits that might have been used by the attackers.
Explore the resources for risk mitigation and provide the risk, response, and risk mitigation steps that should be taken if an entity suffers the same type of attack.
Provide a risk-threat matrix and provide a current state snapshot of the risk profile of the financial services sector.

3. After Action Report

The purpose of the AAR is to share the systems life cycle methodology, rationale, and critical thinking used to resolve this cyber incident.
Identify the purpose and function of firewalls for organization network systems, and how they address the threats and vulnerabilities you have identified.
Also discuss the value of using access control, database transaction and firewall log files.
Identify the purpose and function of encryption, as it relates to files and databases and other information assets on the organization's networks.