代写 CYBR7001、代做 C++，Python 程序设计

日期：2024-08-31 10:56

The University of Queensland

CYBR7001 Fundamentals of Cyber Security

Assignment 1 – Individual Work

Due Date: 02 September 1400hrs (Brisbane time)

Total possible score: 100 marks (which contributes to 35% of total CYBR7001 assessment score)

Submission: Only via Learn.UQ Blackboard site. Submit only in PDF format. Remember to put your name and student

ID on the submission document.

Please observe strict academic integrity. All submissions will be checked by Turn-it-in for plagiarism and for original written

content. Submissions with 20% or higher similarity scores will be flagged for disciplinary action.

Part 1: Situation Assessment and Policy Brief (50 marks)

In this part of the assignment, you will take on the role of policy adviser of Lucky Country (LC) as part of a

hypothetical cybersecurity taskforce, preparing to brief the LC Prime Minister’s Committee on National Security.

This assignment information document contains fictional information on the background and current situation

involving a major cyber incident affecting systems. The attacks notionally take place in 2024. The scenario

presents a fictional account of political developments and public reporting surrounding the cyber incident.

The LC Prime Minister’s Committee on National Security needs information on the full range of response options

available to them regarding this incident. Your team has been tasked with developing an appropriate course of

action for them to recommend to the LC Prime Minister.

You are to consider as facts the following pages for formulating your response.

You will use the fictional scenario material presented to write a Situation Assessment and Policy Brief (no

more than 2 A4-sized pages; Arial font size 10):

Write an analytical policy brief that provides a concise assessment of the situation, addresses potential impacts

and risks, and discusses the implications of the cyber incident. Describe policy considerations for different

potential state and non-state actors and explore the course of action you are recommending in depth.

The length of the brief is limited to two single-sided pages in length.

Part 1 marking rubrics:

- 15 marks – Quality of situational assessment and analysis depth

- 10 marks – Quality of immediate/short-term recommendations

- 10 marks – Quality of long-term recommendations

- 10 marks – Clarity of communication to appropriate audience

- 5 marks – Writing style, grammar, structure and formatting

Keep these tips in mind as you are reading and considering your policy response alternatives:

● Analyse the issues. The goal of this assignment is to grapple with complex issues and weigh the strengths and

weaknesses of sometimes conflicting interests. Priority should be given to analysis of the issues and not to listing

all possible issues or solutions.

● Engage the scenario. Believe that the universe we have created is plausible and that the events that happen in

it are realistic. Nevertheless, remember to think critically about the intelligence you have been provided and its

provenance.

● Think multi-dimensionally. When analysing the scenario, remember to consider implications for other

organizations and domains (e.g. private sector, military, law enforcement, diplomatic) and incorporate these

insights along with cyber security.

● Consider who you are, and who you’re briefing. You are cyber policy professionals briefing the upper echelons

of the Lucky Country government, which happened to have a very similar cyber security ecosystem as

that of its ally Australia. As such, you should be ready to answer questions on agency responsibility, provide

justifications for your recommendations, and have potential alternatives ready. In other words, for ease of

describing the organisations in the ecosystem, you may use Australian organisations/agencies (e.g.

LCCSC likened to ACSC, or any organisation from the Patrick Fair overview) in your brief.

● Be creative. Cyber policy is an evolving discourse, and there is no single correct course of action to the

scenario information provided. There are many ideas to experiment with in responding to the crisis.

Note: Most of this part of the assignment is based on and referenced from the Atlantic Council Cyber 9/12 cyber competition packages. All

materials included are fictional and were created only for the purpose of this assignment. All scenario content is for academic purposes and is not

meant to represent the views of the university, authors, or any affiliated organizations. All names and places, if relating to any real-world

characters or places, are purely coincidental. If you score really well, we may nominate you to represent UQ at the next competition. J

CYBR7001 Assignment 1

2

From: Lucky Country (LC) Cyber Security Centre

Re: Vulnerabilities in Key LC Systems Date: August 5th, 2024

As senior policy advisers preparing to brief the Prime Minister’s Committee on

National Security on a developing threat to LC, I’ll let you know what her leading

worries are.

Based off initial intelligence, the Prime Minister has indicated that she is concerned

about threat vectors concerning the status of LC electricity supply security and how

it could affect the rest of the nation. There may be other threat vectors that the

PM is not yet aware of.

Given the unclear nature of the threat, the PM requests your team prepare a concise

assessment of the ongoing situation and reporting. Your assessment should include:

How or where the relevant systems could be vulnerable to exploitation, and

what steps can be made to mitigate these vulnerabilities;

An assessment of potential risks and impacts to consider if the vulnerabilities

are successfully exploited; and

Immediate and long-term responses the LC government can or should consider to

address these vulnerabilities, taking into account the severity and likelihood

of the threat.

To provide this assessment and policy recommendations, you will apply your

understanding of UQ’s CYBR7001 (e.g. elements of cyber security threats,

vulnerabilities, technologies involved, law, foreign policy, international relations,

criminology) to synthesize useful policy measures from limited information. Your

recommendation must analyse the possible strengths, weaknesses, opportunities, and

threats of your proposed response.

As policy advisers, in formulating your response you will be expected to have

considered, at a minimum:

All stakeholders when determining an action or recommendation, including the

role of the government and private sector;

The long and short-term impacts of your recommendation;

Which agency will be responsible for the action you have recommended,

Whether you can, or should, attribute the threat; and

The covert or overt nature of your response.

Additionally, this message is accompanied by several documents that may assist your

team in preparing a comprehensive policy recommendation for the task force:

Tab 1 – LCNN Article #1

Tab 2 – LCNN Article #2

Twitter feeds

CYBR7001 Assignment 1

3

LCNN Article #1

[Breaking] Devastating Power Outage Across Lucky

Country’s East Coast

5th August 2024 0600 hrs LCT

Report by Jonathan de Souza

A power cut has hit all cities and towns along the entire east coast of the Lucky Country. The blackout

lasted just over five hours and started just before 11pm on 4th August 2024, causing service disruption

and possible life loss.

The blackout caused all traffic lights and telecommunication base stations to malfunction and essential

services to run on backup generator power. Several traffic accidents have occurred across most cities

along the east coast. At least three hospitals reported power outages after their backup power were

depleted after three hours, causing disruption to hospital operating theatres and intensive care units

(ICU).

There have been unconfirmed reports of a handful of patients affected by the disrupted operations and

social media coverage of the chaos at affected emergency departments.

Prime Minister Michelle Macintosh said the blackout was attributed to the outage of the grid system

linking the entire east coast of the country and cited possible cyber-attacks on the country’s grid systems.

The PM has activated the LC Defence Force to assist in all affected areas. She also urged all citizens

to remain calm and stay indoors wherever possible.

The PM elaborated that the attack was likely caused by a state actor deploying an advanced persistent

threat vector on the power grid’s industrial control systems. When asked by LCNN, the PM refused to

name the state actor involved.

Cyber security expert Professor Andrew Cole said the electricity and power supply industry has been a

sitting duck to cyber-attacks for a long time, with power companies guilty of ignoring the risks repeatedly

highlighted by the LC Cyber Security Centre and many cyber security professionals.

He said that power companies are guilty of negligence and bad governance, since the attacks were

similar to the attacks on the Ukrainian power plants in 2015 and 2016, the January 2024 Ukraine cyber-

attacks on government websites, and more recently, a smaller scale series of power outages on LC’s

Old North Wales (ONW) state in June 2024.

The cyber-security company Information Security and Assurance Partners (ISAP) has linked the

incident to the hack and ONW blackout in June 2024 that affected 225,000. It also said a series of other

recent attacks in South America were connected.

CEO of Power Lucky Country, Mr Bradley Wilson, the company managing the grid line on LC’s East

Coast, denied these accusations and said that the company has passed all cyber security audits and

is certified to the ISO/IEC 27001 cyber security standard.

The chief police commissioner, Commissioner Wilfred Chan, urged all members of the public to remain

indoors and report possible looting to the police.

Access to electricity is a major contention as the price of electricity has risen sharply across the country

despite the increased unreliability of the providers. The loss of power could impact essential services

and businesses throughout Lucky Country. The debate seems likely to continue further still as the

country enters one of the coldest winters on record.

More to come…

CYBR7001 Assignment 1

4

LCNN Article #2

Lucky Country Announces Sanctions on the

Democratic People’s Republic of Korrelle

20th May 2024 0900 hrs LCT

Report by Santokh Singh

The Prime Minister of Lucky Country Michelle Macintosh has announced that Lucky Country will impose

economic sanctions and bans on all petroleum imports and coal exports for the Democratic People’s

Republic of Korelle (DPRK).

With this announcement, Lucky Country has joined at least five other nations announcing similar

sanctions on the country embroiled in years of conflict with its neighbouring countries. The move is

likely going to impact the already-impoverished DPRK, which has largely depended on fuel imports for

its local economy.

United Nations experts said in key sections of a recently released report obtained on 10th May by LCNN

that DPRK has also evaded sanctions through “targeted” cyber attacks against officials of 10 countries

on the U.N. Security Council and on members of its expert panel. They did not elaborate or identify

which of the 10 council nations were targeted.

In the report to the U.N. Security Council, the experts said DPRK has maintained its nuclear facilities

and continues to produce fissile material, including highly enriched uranium, that can be used in nuclear

weapons. It has also continued “to develop infrastructure and capacity for its ballistic missile program”

and moved ahead on construction of an experimental light water reactor, they said.

CYBR7001 Assignment 1

5

Twitter Feeds

(Note: Do not post these fictitious tweets online)

CYBR7001 Assignment 1

6

Part 2 – Case Study (50 marks)

In this part of the assignment, you will take on the role of Chief Information Security Officer (CISO) of Norsk

Hydro when it was just struck by a cyber-attack.

See: https://news.microsoft.com/transform/hackers-hit-norsk-hydro-ransomware-company-responded-transparency/

You are encouraged to do your own research.

Write an advisory (limited to 800 words) for the company’s senior management

o Using the Lockheed Martin Cyber Kill Chain as a visual tool, detail the events which led to the cyber-attack.

(5 marks)

o Describe the actor(s), motivation(s) and vulnerabilities involved in this attack. (10 marks)

o Recommended actions for the company. (10 marks)

o In bullet point form, key things to note for a media press release to media companies. (10 marks)

o Longer-term mitigation strategies for the company to prevent such attacks from happening again (hint: many

strategies and approaches were described in the CYBR7001 lectures). (15 marks)

(Note that the word limit is strict. Exceeding the word limit may result in penalties).

End of Assignment 1