Module 5: Threats
Module 5 Team Activity
Overview
Student teams continue to build descriptions of the operating environment for their sector-based organizations. They review the different threat possibilities using the Government Accountability Office (GAO) table, “Sources of Emerging Cybersecurity Threats.” Teams identify the different threats that would be likely to impact their sector-based organizations, providing a rationalization for their selections.
Team Activity Objectives
| Module 5 Learning Objective # | Revised Bloom’sTaxonomy | Team Activity Objectives |
|---|---|---|
| 5.1 | Understand | Define threats and threat agents, and explain how risk assessment relates to understanding threats. |
| 5.2 | Understand | Identify how different threats—including hijacking, denial-of-service attacks, malicious software, SMTP spam engines, Man-in-the-Middle (MITM) attacks, and social engineering—would apply to critical infrastructure. |
| 5.3 | Understand | Identify different types of malware and their intended payloads. |
| 5.4 | Understand | Describe overflow attacks and provide examples of the impact on CI systems. |
| 5.5 | Apply | Provide examples of malware attacks specific to a critical industry and discuss the impact on that system. |
Assignment
Review the Required Reading text, GAO-12-92, Critical Infrastructure Protection: Cybersecurity Guidance Is Available, but More Can Be Done to Promote Its Use.
Also read the table below, which is a reproduction of Table 1 from the U.S. Government Accountability Office (GOA) report “Critical Infrastructure Protection: Department of Homeland Security Faces Challenges in Fulfilling Cybersecurity Responsibilities“, May 2005.
| Threat | Description |
|---|---|
| Bot-network operators | Bot-network operators are hackers; however, instead of breaking into systems for the challenge or bragging rights, they take over multiple systems in order to coordinate attacks and to distribute phishing a schemes, spam, and malware b attacks. The services of these networks are sometimes made available on underground markets (e.g., purchasing a denial-of-service attack, servers to relay spam or phishing attacks, etc.). |
| Criminal groups | Criminal groups seek to attack systems for monetary gain. Specifically, organized crime groups are using spam, phishing, and spyware/malware to commit identity theft and online fraud. International corporate spies and organized crime organizations also pose a threat to the United States through their ability to conduct industrial espionage and large-scale monetary theft and to hire or develop hacker talent. |
| Foreign intelligence services | Foreign intelligence services use cyber tools as part of their information-gathering and espionage activities. In addition, several nations are aggressively working to develop information warfare doctrine, programs, and capabilities. Such capabilities enable a single entity to have a significant and serious impact by disrupting the supply, communications, and economic infrastructures that support military power—impacts that could affect the daily lives of U.S. citizens across the country. |
| Hackers | Hackers break into networks for the thrill of the challenge or for bragging rights in the hacker community. While remote cracking once required a fair amount of skill or computer knowledge, hackers can now download attack scripts and protocols from the Internet and launch them against victim sites. Thus, while attack tools have become more sophisticated, they have also become easier to use. According to the Central Intelligence Agency, the large majority of hackers do not have the requisite expertise to threaten difficult targets such as critical U.S. networks. Nevertheless, the worldwide population of hackers poses a relatively high threat of an isolated or brief disruption causing serious damage. |
| Insiders | The disgruntled organization insider is a principal source of computer crime. Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of a target system often allows them to gain unrestricted access to cause damage to the system or to steal system data. The insider threat also includes outsourcing vendors as well as employees who accidentally introduce malware into systems. |
| Phishers | Individuals, or small groups, that execute phishing schemes in an attempt to steal identities or information for monetary gain. Phishers may also use spam and spyware/malware to accomplish their objectives. |
| Spammers | Individuals or organizations that distribute unsolicited e-mail with hidden or false information in order to sell products, conduct phishing schemes, distribute spyware/malware, or attack organizations (i.e., denial of service). |
| Spyware/malware authors | Individuals or organizations with malicious intent carry out attacks against users by producing and distributing spyware and malware. Several destructive computer viruses and worms have harmed files and hard drives, including the Melissa Macro Virus, the Explore.Zip worm, the CIH (Chernobyl) Virus, Nimda, Code Red, Slammer, and Blaster. |
| Terrorists | Terrorists seek to destroy, incapacitate, or exploit critical infrastructures in order to threaten national security, cause mass casualties, weaken the U.S. economy, and damage public morale and confidence. Terrorists may use phishing schemes or spyware/malware in order to generate funds or gather sensitive information. |
Look at other resources, like the page “Cyber Threat Source Descriptions” on the CISA website and NIST’s Guide to Operational (OT) Security Appendix C. Visit the footnoted sources for additional information. Research the operation of at least one of the following malware attacks: Flame, Stuxnet, BlackEnergy, Havex, and Duqu.
How does your review affect the confidentiality, integrity, and availability scores? In addition, are there any organizational concerns that might stem from security incidents that go beyond the impact analysis?
Based on your team’s investigation of your chosen sector and created fictitious organization, select standards from the CSET-Standards-Risk-management PDF list.
Assignment Options
Option 1: Submit a detailed written explanation of how you selected appropriate risk assessment standards for your fictitious organization.
Option 2: Prepare 2–3 presentation slides explaining your justification for selecting those particular risk assessment standards.
Grading Criteria Rubric
- Content
- Evidence of teamwork
- References
- Use of American Psychological Association (APA) style in writing the assignment
Grade Points 100
