Ability to detect, analyse, and mitigate
- Subject Code :
CYB7037
- University :
University of Hertfordshire Exam Question Bank is not sponsored or endorsed by this college or university.
- Country :
United Kingdom
Details Assignment brief
This individual assessment is designed to assess your ability to detect, analyse, and mitigate
sophisticated cyberattacks from a national security perspective. You will be provided with a PCAP ?le and other evidence related to an attack targeting the critical national infrastructure.
Your task is to act as a cyber operations analyst for a government agency tasked with protecting national assets. The report will simulate the critical decision-making process involved in a real-world cyber incident affecting the nation's defence capabilities, public safety, and economic stability.
This assessment is weighted at 60% of the overall mark and should take you approximately 30 hours to complete. The report is expected to be around 3500 words, and you will submit both a technical report and a defensive bash script that automates network defences.
Note: Using paraphrasing tools to avoid plagiarism and LLM models, such as Chat GPT, Bard, Bing AI, etc., to complete the assignment will be regarded as academic misconduct and will be dealt with in accordance with the university's academic misconduct policy.
Scenario Overview:
The UK government has been under constant cyberattacks in recent months due to rising geopolitical tensions. Critical National Infrastructure (CNI), including power grids, ?nancial institutions, and transportation systems, has been targeted by state-sponsored and independent adversaries. These attackers use advanced techniques such as:
Psychological operations (e.g., deepfake media, misinformation campaigns).
Phishing attacks (targeting government employees via email).
Advanced Persistent Threats (APTs) (stealthy network intrusions).
Current Incident: Cyberattack on London Tra?c Light Management System
London, the UKs ?nancial and political hub, has recently suffered a cyberattack on its Tra?c Light Management System (TLMS). This system plays a crucial role in controlling tra?c ?ow across the capital. A disruption in its operation could lead to major transportation chaos, accidents, and economic losses.
Initial intelligence reports suggest that a transportation department employee fell victim to a phishing attack. This incident may have provided attackers with access to critical systems.
Your Role
You are part of an incident response team tasked with analysing a PCAP ?le containing network tra?c data from the attack. Your objective is to:
- Identify the attack method How did the adversaries gain access?
- Determine the infected systems Which devices were compromised?
- Understand the attackers actions What were their tactics after gaining access?
- Assess the impact How severe was the breach?
- Recommend mitigation steps What security measures should be taken
Deliverables:
1. Executive Summary:
A high-level overview of the attack, including the cyber and psychological components, and the potential impact on the London tra?c light system.
2. Threat Intelligence Analysis:
Attacker Pro?le (Use MOC attributes):
Analyse the pcap data and the multimedia evidence to determine the potential actors involved (nation-state, hacktivist, etc.).
Identify their motivations, capabilities, and likely objectives.
Disinformation Campaign Analysis:
Analyse the deepfakes and morphed media:
Identify the target audience and the intended message.
Assess the potential impact on public perception and behaviour. Analyse the distribution method of the deepfake media.
Impact Assessment:
Evaluate the potential consequences of the combined cyber and psychological attack on the London tra?c light system and the wider community.
Consider the impact on public safety, tra?c ?ow, emergency services, and public trust.
3. Technical Analysis of Cyber Components:
Analyse the pcap data to identify the technical aspects of the attack Reconnaissance, exploitation, C2, and DDoS.
Identify the speci?c vulnerabilities targeted. Provide technical details of the attacks.
4. Defence and Counter-Disinformation Strategy:
Develop a comprehensive strategy to mitigate the combined threats Technical security measures to protect the tra?c light system.
Counter-disinformation measures to address the deepfakes and propaganda. Incident response plans.
5. Immediate Mitigation Measures (Bash/Python Script):
Provide a script that addresses a speci?c technical aspect of the attack (e.g., blocking malicious IPs, detecting anomalous network tra?c).
Task Breakdown and Assessment Criteria
Task | Mark Available |
Executive Summary | 5 |
Threat Intelligence Analysis | 15 |
Technical Analysis of Cyber Components | 25 |
Defence and Counter-Disinformation Strategy | 10 |
Immediate Mitigation Measures (Bash/Python Script) | 5 |
Total | 60 |
The PCAP ?le contains tra?c from the network during an attack window. You are expected to identify:
Reconnaissance activity, including port scans and probes.
Exploitation attempts, such as exploiting a known vulnerability in the command system's software.
Ex?ltration or sabotage attempts where the attackers may have attempted to steal classi?ed data or disrupt communications.
The deepfake media contains fake news, videos, misinformation etc. Deliverables
- Report Format: The main report should be submitted in a .doc or .docx (Microsoft Word)
- Script Format: The script should be submitted as a plain text ?le (e.g., .txt).
- Screenshots: Include screenshots of the script's output in the appendix of the main report. Submission Deadline: 22/05/2025
Assignment Files
/courses/116917/?les/10597021/download
(https://herts.instructure.com/courses/116917/?les/10597021/download)
CLICK ON THE ABOVE LINK TO DOWNLOAD THE ASSIGNMENT FILES.
Note: Every effort has been made to remove anomalies from the PCAP, but there could still be traces of malware or viruses. We strongly recommend that students conduct the analysis in a controlled environment, preferably using a Virtual Machine (VM) for the PCAP ?le analysis.
Learning Outcomes Covered
- Demonstrate the ability to critically re?ect on the implementation and management of offensive and defensive Cyber Operations at all
The assignment challenges students to assess both offensive cyber-attacks (e.g., identifying attacks and attackers) and defensive responses (e.g., proposing mitigations). It encourages re?ection on real-world scenarios involving national security.
2. Demonstrate the ability to design and undertake substantial investigations under the context of situational awareness.
Students are tasked with conducting a situational awareness analysis by investigating network tra?c and identifying speci?c attacks. They will use this information to assess the situation and provide a risk mitigation strategy.
3. Demonstrate the ability to investigate the critical ICT infrastructure in an organisational context and create a threat model and mitigation strategy.
The assignment requires students to identify critical ICT assets and create threat models for the infrastructure, applying risk assessment frameworks like NIST. The students then develop appropriate mitigation strategies based on their ?ndings.
4. Demonstrate the ability to analyse evidence obtained in various forms, i.e., intelligence report and network activity log, and develop a risk mitigation strategy.
By analysing the PCAP ?le (network logs) and crafting a mitigation strategy, this LO is clearly covered. The students use both the intelligence provided in the scenario and evidence from packet analysis to support their risk mitigation.
5. Demonstrate the ability to self-direction and exhibit creativity in designing and developing a cyber defence environment.
Students will apply their knowledge by designing and implementing custom cyber defence solutions, such as creating automated scripts, developing custom security tools, or integrating existing tools in in
