Compile the risk profile and threat matrix and create Cyber Sector Risk Profile.
Project 4: Protecting the Homeland Step 18: Compile the Cyber Sector Risk Profile Develop the Cyber Sector Risk Profile, a culmination of your research of risks and defense strategies in your sector. In this profile, provide a cybersecurity analysis of your industry sector. Combine this information with the risk profile and risk threat matrix from prior steps to create this comprehensive profile. 2 Introduction Cyber risks threaten every sector with damaging consequences of data exposure, system outages, and financial impacts. Some industries and sectors are targeted more frequently than others. The U.S. Federal Government encompasses the legislative, executive, and judicial branches and the authorities withheld by each, including taxation, budget, military defense, and foreign affairs. The responsibilities and engagements of the Federal Government make this entity a common target for cyberattacks among various adversarial groups. This risk profile will identify the risks to the U.S. Federal Government and the risk management techniques that the government can leverage to counter these persistent threat actors and their tactics, techniques, and procedures. Threats Similar to other industries, the federal government is exposed to physical and cyber threats. Therefore, the government must understand the current threat landscape to safeguard its assets against cyber threats. One of the primary concerns is the cyber threat to critical infrastructure. There are 16 critical infrastructure sectors, including healthcare, financial, food and agriculture, water, defense, and emergency services (CISA, n.d.-b). These sectors are considered vital services, and a disruption in these sectors would have a debilitating effect on our national security, financial security, public health, or safety (CISA, n.d.-b). The federal government’s focus on cyber threats also aims to protect sensitive and classified information from an adversarial breach. Federal networks are the information technology system networks that the government relies on for essential operations. Internal and external attacks frequently target these federal networks to exfiltrate high-value data. Protecting these physical networks from damage, interception, or security breaches also protects the government’s data. Threat Actors Targeting the US The Federal Government networks and critical infrastructure are targeted by unsophisticated hackers, insider threats, and nation-state cyber actors equipped with sophisticated cyber tools. The U.S.’ primary nation-state cyber threats are China, Russia, North Korea, and Iran. China maliciously targets the U.S. for intellectual property and multiple critical infrastructure sectors, including defense information, chemical systems, and communications (CISA, n.d.-a). Russia engages in malicious cyber espionage to affect or influence U.S. social and political activity, industrial control infrastructure, nuclear facilities, and critical infrastructure (CISA, n.d.-e). North Korea poses an evolving threat of espionage, theft against financial institutions and cryptocurrency, and attack threats (CISA, n.d.). Finally, Iran continuously develops its cyber capabilities to suppress political activity, deploy destructive malware, and steal personally identifiable information (CISA, n.d.-c). Insider threats are another concern for the Federal Government. Employees have access to classified and sensitive data that must be protected from insider threats and data exfiltration. The security incident at the summit demonstrated how vulnerabilities could be exploited, and internal threats can disrupt operations and cause damage. Fortunately, these vulnerabilities were remediated using technical and security controls adopted by the U.S. government. Relevant Security Controls Protecting our nation’s federal networks and critical infrastructure from adversarial breaches requires risk management informed by threat intelligence. The risks associated with internal threats, cyber hackers, and nation-states require proactive countermeasure implementation using security and privacy controls. NIST SP 800-53 control families provide 20 categories of protective measures, including Access Control (A.C.), System and Communications Protection (S.C.), and System and Information Integrity (S.I.). Various solutions can be implemented to meet the (A.C.) control, such as multi-factor authentication with a zero-trust framework to restrict and limit access to information resources. NIST (SC-5) recommends protecting systems and communications from denial-of-service attacks via technical controls that filter packets. Application of this control would suggest the government implement firewalls with intrusion detection systems and anti-virus software. NIST (S.I.) provides recommendations for various protections such as malicious code protection (SI-3), system monitoring (SI-4), and input validation (SI-10). The application of the NIST guidance will ensure that the U.S. Federal Government comprehensively safeguards the information networks and control systems that subsequently protect our critical infrastructure from adversarial threats. Summary The primary cyber risks that threaten the U.S. are hackers, insider threats, and nation-state-sponsored hackers. These malicious actors pose a significant and persistent threat to the safety and security of the U.S. population. Therefore, the Federal Government has adopted the guidance of NIST to prescribe relevant security and privacy controls to safeguard information networks, critical infrastructure, and the SCADA systems that monitor and control these industrial control systems. References CISA. (n.d.-a). China cyber threat overview and Advisories. Retrieved from https://www.cisa.gov/uscert/china CISA. (n.d.). Critical infrastructure sectors. Retrieved from https://www.cisa.gov/critical-infrastructure-sectors CISA. (n.d.-c). Iran cyber threat overview and Advisories. Retrieved from https://www.cisa.gov/uscert/iran CISA. (n.d.-d). North Korea cyber threat overview and Advisories. Retrieved from https://www.cisa.gov/uscert/northkorea CISA. (n.d.-e). Russia cyber threat overview and Advisories. Retrieved from https://www.cisa.gov/uscert/russia NIST. (2020, September). Security and privacy controls for information systems and organizations. Retrieved from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf Wikipedia. (n.d.). Scada. Retrieved from https://en.wikipedia.org/wiki/SCADA 2 Risk Threat Matrix Group 1 – Team United States/Federal Government University of Maryland Global Campus CYB 670 9042 Capstone in Cybersecurity Professor Glebocki June 4, 2022 Table of Contents 1.Summary3 2.Risk threat matrix3 3.Conclusion4 4.References:6 1. Summary Cyber security-based risks and threats have increased, creating financial and confidential data loss issues for organizations and individuals. There are different cybersecurity-related risks to the US Federal Government, which can have different impacts. Thus, to effectively handle the possible risks and define the mitigation techniques, the risk threat matrix is being developed in this report. The Federal Government will implement different regulations like HIPPA, etc., to handle the possible risks effectively. The classification of possible risks to the USA Federal Government and all its infrastructure is carried out with the help of a developed risk threat matrix. 2. Risk threat matrix The developed risk threat matrix, which contains different possible risks, their categories, attack vector, and impact levels, is provided underneath: Risk Vulnerability Category Threat Attack vector Impact factor Current threats to USA Federal government Leakage by openSSH connections Software Data modification, Confidential data loss Men in middle based attack High Unsecured connections from public web pages or websites Web application Authentication failure, Confidential data loss XML or script based attack High Phishing attacks on confidential information of infrastructure Email or application Hijacking of the complete system, ransomware attacks Email-based or application-based attacks. High Emerging threats in future Attacks on infrastructure Software, hardware, or application script Exfiltration, an interception in services, data exploitation, modification of confidential data Vulnerabilities in used hardware, use of insecure applications, exploits of web browser, phishing, MITM, Malware, spyware High IoT devices-based attack. Software, hardware, or application script Exfiltration, an interception in services, data exploitation, modification of confidential data Botnet attack, the man in the middle attack, eavesdropping attacks Middle Mobile device-based attacks Software, hardware, or application script Exfiltration, an interception in services, data exploitation, modification of confidential data Phishing attacks, ransomware attacks, MITM attacks, DOS attacks, Bluesnarfing attacks, malware attack High Common risks Infrastructure risks Emails, software, or hardware Integrity loss, authentication failure, transaction failure, sign-up failure. Phishing attacks, malware attack Low The possible risks to the Federal Government are identified in the above-developed risk threat matrix. In addition, the possible source of these risks is also identified in the above-supplied risk matrix. 3. Conclusion Identifying possible risks to the complete infrastructure of the USA federal government is a critical task. There are so many risks that can cause issues to the defined infrastructure. The implementation of IoT devices has increased the chances of possible risks to the defined infrastructure by the federal government. The identification of possible risks to the maintained infrastructure by the USA federal government is carried out in this report. The possible risk threat matrix is developed, and their impact level is defined. The possible source of these risks or attack vectors is also defined in this report. Implementing regulations like HIPPA can help the federal government control these risks and threats. 4. References: Al Nafea, R., & Almaiah, M. A. (2021, July). Cyber security threats in the cloud: A literature review. In 2021 International Conference on Information Technology (ICIT) (pp. 779-786). IEEE. Humayun, M., Niazi, M., Jhanjhi, N. Z., Alshayeb, M., & Mahmood, S. (2020). Cyber security threats and vulnerabilities: a systematic mapping study. Arabian Journal for Science and Engineering, 45(4), 3171-3189. Williams, C. M., Chaturvedi, R., & Chakravarthy, K. (2020). Cybersecurity risks in a pandemic. Journal of medical Internet research, 22(9), e23692.