Step 1: Complete the Preparatory Exercises

The first step in preparing your team for the summit is to individually complete preparatory lab exercises that will measure your readiness. These exercises are mandatory and will provide some basic review of the tools, techniques, and methods you will be using as you begin this cyber adventure of foreign intrigue at the Global Economic Summit.

You will perform each of the lab exercises and submit results, as well as the results of an electronic assessment, to the dropbox below. These submissions will show the CISO (your instructor) that you possess the fundamental skills for the summit. You will use what you have learned in your prior courses to prepare for your experiences within a cyber domain governed by international cyber law and policy.

Make notes of each step you take and take screenshots of all examination steps. Then, compile the screenshots into a single document and submit the proof of completion.

Step 3: Research Your Country’s Policies

As a cybersecurity intelligence analyst assigned to your Five Eyes Alliance (FVEY) country’s team, there are several documents you will need to provide. Your team’s first responsibility will be to help other countries in attendance understand the policy framework within which your team will have to operate. Do not assume that all countries apply cybersecurity in the same way or with the same intentions.

The first order of business will be to create a spreadsheet or table that represents a Cyber Policy Matrix of your country’s policies and/or laws that the government has instituted to address cybersecurity management and technology. You may need to conduct additional research on those policies to complete the matrix. Include a cogent explanation of each item listed.

Each team member should create his or her own matrix using the cyber policy matrix template as a guide. In a later step, you will collaborate with your team members on a revision of the matrix and include it in a set of conference materials to be given to your CISO.

When you have completed the spreadsheet, move on to the next step, in which you will begin to track down who is responsible for the problematic cyber activity at the summit.

Step 4: Determine Bad Actors

Your team has learned about the differences in the cyber culture as well as the laws and regulations that exist for the nations at the summit.

In hopes of finding the source of the anomalous network activity, the host of the summit has provided your team with the IP addresses associated with the anomalous behavior.

These IP addresses are unfamiliar, and you need to find out information about them and about their source. The host of the summit has given these IP addresses to each nation’s cybersecurity team to analyze and take steps for defense and remediation of their nation team’s infrastructure. No other information is given.

As a team, you will provide an Attribution Report to the host of the summit, determining the bad actors. This two- to three-page report will be part of your Security Baseline Report.

You are familiar with ip2nation.com, and you want to examine the contents of the files, but first you want to determine the source. You need to be sure because any error can have ramifications in international diplomacy. You are also aware of AlienVault Open Threat Exchange and its capabilities for providing attribution for indicators, and additional information on adversaries.

You can use these two systems to help identify the indicator information. You and your team members will analyze the indicators and IP addresses using the systems.

Review the list of IP addresses that have been associated with the anomalous behavior.

Define what criteria you will use to confirm the attribution and determine which website serves to provide greater corroboration. Give reasons for that determination. Determine the effect on trusted relationships among the nations based on the international policy you have researched that governs the nations’ relationships with each other and with your nation team. Take your research seriously and properly cite your sources. Incorporate this information into your report.

This report will be provided by your team as part of the Security Baseline Report

Step 5: Complete Chain of Custody Form

Each team member should complete a chain of custody form for digital evidence. That evidence from the eDiscovery process should include digital material taken from devices and media, as well from systems and hardware. This form will follow all digital evidence in this project. The chain of custody form will track dates and times, locations, and dispositions of devices that hold digital evidence.

Step 6: Prepare and Review Preliminary Conference Materials

Each team member should now have completed his or her own policy matrix and the chain of custody form. In this step, you will review your teammates’ materials and collaborate with your team to create one policy matrix and one chain of custody form for your nation.

Use the Discussion area to coordinate and collaborate with your team. Time management is crucial as your team progresses. Be fair with yourself and your team with a plan, schedule, and priorities to set you and your team up for success.

When the team has completed the revised policy matrix and chain of custody form, submit them to your CISO for feedback. Refer to your team agreement to determine who will submit the policy agreement and chain of custody form, and when it will be submitted. Also, share your materials with the other nations within the Discussion area and begin your review of the other nations’ matrices and custody forms.

Step 12: Analyze the Security Baseline of the Global Economic Summit

Your team’s analysis of the policy matrix will allow team members to create an overview of the methods used to provide a Security Baseline Report of the organization and the need for evolving summit communications.

Your team’s baseline analysis should also include an evaluation of network forensics information such as traffic analysis and intrusion analysis, as well as the type of information needed for any future forensics investigations. The team’s evaluation of information needs for network forensics could include what is needed to support security software and hardware across multiple platforms, multiple applications, and multiple architectures to communicate with the other nations. All teams will do this by using security baseline tools to build an audit file and then scan their systems. The systems should be hardened based on the policies, procedures, and standards to ensure desired levels of enterprise-wide information assurance requirements developed by the Global Economic Summit.

In the Security Baseline Report, which also includes the Attribution Report, Network Security Checklist, and the System Security Risk and Vulnerabilities Report, your team will use scanning and auditing functions to determine the baseline security posture of your nation team system and those of the other nation teams.

As you perform your baseline, address the following tasks:

• Define the components you are searching for in this baseline determination and what you would do in light of possible disasters.
• Include the systems-level diagram of how your nation team is configured, which can be obtained from your lab documentation.
• How would you recover information assets, and how would you ensure integrity of data if such a situation were to take place?
• What are the steps to producing the scan and audit report? What are the communication ports to be used or closed during operation during the Global Economic Summit?
• How will you maintain a baseline of registers and images of data? How would you ensure integrity of these components over time?
• What are different ways to implement security controls to a system after the security posture has been defined, in order to meet the policy requirements?
• What are the missing security configurations or security updates, if any? Report on how these should be addressed to fortify the security posture of the nation system.
• In your scanning, can you determine if there are missing security updates on target computers based on your access? If so, what were they, and what tool did you use for this scan? Is there security from/to the IP network to/from the PSTN caller? You will be given decryption information, and then you will determine what are the data types in transit. Identify if these are image files, or document files, and anything else.

Your team will provide all artifacts from the baseline scanning exercise and refer to them in the security baseline analysis report.

Additionally, you should assess (compare) security issues during the scans and provide issues created by social engineering. You should cover the following testing while implementing network infrastructure contingency and recovery plans in your comparison:

• damage assessments
• types of vulnerabilities and associated attacks
• distributed computing model
• information assurance (IA) principles
• digital certificates
• digital signatures (significance of public-key infrastructure)

These will be provided in the Security Baseline Report. Remember to discuss your findings with your team members while you take part in the lab.

Step 14: Compare Nations’ Regulations

Based on the policy matrix and the environmental review and analysis you developed in previous steps, the team should provide a two- to three-page Transnational Legal Compliance Report itemizing all the compliance requirements that overlap or are similar among all the nations on the cybersecurity task force for the conference. Include a short analysis on how these requirements are consistent (or not) with the Tallinn Manual 2.0 on the International Law Applicable to the Conduct of Cyber Operations.

Then, proceed to the next step in the project to identify the critical or key international standards determined in previous steps.

Step 15: Review Key International Initiatives

Now that you have looked at the regulations used by the other nations, in this step you will consider international initiatives that foster cooperation with each other.

Among the items identified in the Transnational Legal Compliance Report and the policy matrix from the previous steps are certain international initiatives that each country has undertaken to demonstrate cooperation and compliance with other nations.

From the information you have gathered and what you have learned in previous courses, determine as a team which of these initiatives provides the best opportunity for cooperation among all the delegates at the conference.

Your team should develop a two- to three-page International Standards Report. State your sources and support your recommendations with the facts that have been gathered.