This essay focuses on the weaknesses and vulnerabilities exploited by the attackers.. Your immediate task is to assist in analyzing and reporting on a Red Team penetration test described later in this document. As part of that report.
You have been assigned to assist with After Action Reporting in support of the Sifers-Grayson Blue Team.However, Your immediate task is to assist in analyzing As part of that report, you will identify weaknesses and vulnerabilities exploited by the attackers (the Red Team), compile a set of lessons learned, and then make recommendations for actions the company should take to close the gaps in their cybersecurity posture (at a minimum, you must address the identified vulnerabilities and weaknesses that were exploited by the Red Team).
You should also use the readings from Weeks 1-4 to help you identify security gaps and incident response capabilities .
Background
Engineering Department: SCADA Lab
The SCADA lab was originally setup in 1974.However, It has been in upgrade and in rehabb several times since then. However, The most recent hardware and software upgrades are in completion three years ago after the lab is with a ransomware attack that exploits several Windows XP vulnerabilities.
A second successful ransomware attack occurred three months ago.However, the company paid the ransom in both cases because the lab did not have file backups that it could use to recover the damaged files (in the first case) and did not have system backups that it could use to rebuild the system hard drives (in the second case).
The SCADA Lab is in lock into using Windows 8.1.
The planned transition to Windows 10 is on indefinite hold due to technical problems encountered during previous attempts to modify required software applications to work under the new version of the operating system.However, This means that an incident response and recovery capability for the lab must support the Windows 8.1 operating system and its utilities.
Engineering Department: R&D DevOps Lab
The R&D DevOps Lab was built in 2010 and is in use to develop, integrate, test, support, and maintain software and firmware (software embedd in chips) for the company’s robots, drones, and non-SCADA industrial control systems product lines. Finally,the workstations in this lab are running Windows 10 and are in configuration
The company uses a combination of Windows 10 workstations and laptops as the foundation of its enterprise IT capabilities. Moreover, The servers in the data center and the engineering R&D center are built .However, an external attacker could use the network path.
Contractual & Regulatory Requirements
Newly won government contracts now require compliance with DFARS §252.204-7008, 7009, and 7012
– https://www.acquisition.gov/dfars
Derivative requirements include:
– Implementation of and compliance with NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r2.pdf – Compliance with DFARS 252.239-7009 Representation of Use of Cloud Computing and 7010 Cloud Computing Services (see https://www.acq.osd.mil/dpap/dars/dfars/html/current/252239.htm#252.239-7009
Additional Contractual Requirements for Lab Operations include:
– Firstly,incident Response per NIST SP-800-61 (Computer Security Incident Handling Guide)
– Secondly, SCADA Security per NIST SP 800-82 (Guide to Industrial Control Systems Security)
– Thirdly, Software / Systems Development Lifecycle (SDLC) Security per NIST SP 800-64 (Security Considerations in the System Development Life Cycle)
–Further, configuration Management per NIST SP 800-128 (Guide for Security-Focused Configuration Management of Information Systems)
– Finally, initial configuration.