**KIM WOODS** Asset Protection and Migration Report

Resource: “Section 3: Common Findings” section in the ICS-CERT Incident Response Summary Report from the US-CERT

https://ics-cert.us-cert.gov/ICS-CERT-Incident-Response-Summary-2009-2011 (please use this site)
Select one scenario from the Asset Protection and Mitigation Report. (chosen scenario below)

 

An incident response team was deployed to support a critical energy facility due to abnormal activity on its network. The incident response team analyzed the network system and discovered that there were several suspicious files running.

 

The network examination showed that company hosts had communicated with malicious IP addresses as a result of a malware infection around the time of the infection period. The incident response team also discovered that a sophisticated adversary had sent several spear-phishing e-mails to internal recipients, which were opened by several recipients.

 

After reviewing the facilities network systems, the incident response team discovered that the organization lacked basic defensive technologies in their security system. They provided recommendations for improving the architecture of the network and its defensive posture.

 

Imagine you are the security manager for the company’s owner or operator. The CEO of the company asks you to write a brief report on one of the incidents.

 

Write a 70-80 word report on the incident that includes the following:

 

• Identify two to three reasons why the incident may have occurred.