The University of Queensland
CYBR7001 Fundamentals of Cyber Security
Assignment 1 – Individual Work

Due Date: 02 September 1400hrs (Brisbane time)
Total possible score: 100 marks (which contributes to 35% of total CYBR7001 assessment score)
Submission: Only via Learn.UQ Blackboard site. Submit only in PDF format. Remember to put your name and student
ID on the submission document.

Please observe strict academic integrity. All submissions will be checked by Turn-it-in for plagiarism and for original written
content. Submissions with 20% or higher similarity scores will be flagged for disciplinary action.

Part 1: Situation Assessment and Policy Brief (50 marks)
In this part of the assignment, you will take on the role of policy adviser of Lucky Country (LC) as part of a
hypothetical cybersecurity taskforce, preparing to brief the LC Prime Minister’s Committee on National Security.
This assignment information document contains fictional information on the background and current situation
involving a major cyber incident affecting systems. The attacks notionally take place in 2024. The scenario
presents a fictional account of political developments and public reporting surrounding the cyber incident.

The LC Prime Minister’s Committee on National Security needs information on the full range of response options
available to them regarding this incident. Your team has been tasked with developing an appropriate course of
action for them to recommend to the LC Prime Minister.

You are to consider as facts the following pages for formulating your response.

You will use the fictional scenario material presented to write a Situation Assessment and Policy Brief (no
more than 2 A4-sized pages; Arial font size 10):

Write an analytical policy brief that provides a concise assessment of the situation, addresses potential impacts
and risks, and discusses the implications of the cyber incident. Describe policy considerations for different
potential state and non-state actors and explore the course of action you are recommending in depth.

The length of the brief is limited to two single-sided pages in length.

Part 1 marking rubrics:
- 15 marks – Quality of situational assessment and analysis depth
- 10 marks – Quality of immediate/short-term recommendations
- 10 marks – Quality of long-term recommendations
- 10 marks – Clarity of communication to appropriate audience
- 5 marks – Writing style, grammar, structure and formatting
Keep these tips in mind as you are reading and considering your policy response alternatives:
● Analyse the issues. The goal of this assignment is to grapple with complex issues and weigh the strengths and
weaknesses of sometimes conflicting interests. Priority should be given to analysis of the issues and not to listing
all possible issues or solutions.
● Engage the scenario. Believe that the universe we have created is plausible and that the events that happen in
it are realistic. Nevertheless, remember to think critically about the intelligence you have been provided and its
provenance.
● Think multi-dimensionally. When analysing the scenario, remember to consider implications for other
organizations and domains (e.g. private sector, military, law enforcement, diplomatic) and incorporate these
insights along with cyber security.
● Consider who you are, and who you’re briefing. You are cyber policy professionals briefing the upper echelons
of the Lucky Country government, which happened to have a very similar cyber security ecosystem as
that of its ally Australia. As such, you should be ready to answer questions on agency responsibility, provide
justifications for your recommendations, and have potential alternatives ready. In other words, for ease of
describing the organisations in the ecosystem, you may use Australian organisations/agencies (e.g.
LCCSC likened to ACSC, or any organisation from the Patrick Fair overview) in your brief.
● Be creative. Cyber policy is an evolving discourse, and there is no single correct course of action to the
scenario information provided. There are many ideas to experiment with in responding to the crisis.
Note: Most of this part of the assignment is based on and referenced from the Atlantic Council Cyber 9/12 cyber competition packages. All
materials included are fictional and were created only for the purpose of this assignment. All scenario content is for academic purposes and is not
meant to represent the views of the university, authors, or any affiliated organizations. All names and places, if relating to any real-world
characters or places, are purely coincidental. If you score really well, we may nominate you to represent UQ at the next competition. J
CYBR7001 Assignment 1
2
From: Lucky Country (LC) Cyber Security Centre
Re: Vulnerabilities in Key LC Systems Date: August 5th, 2024
As senior policy advisers preparing to brief the Prime Minister’s Committee on
National Security on a developing threat to LC, I’ll let you know what her leading
worries are.
Based off initial intelligence, the Prime Minister has indicated that she is concerned
about threat vectors concerning the status of LC electricity supply security and how
it could affect the rest of the nation. There may be other threat vectors that the
PM is not yet aware of.
Given the unclear nature of the threat, the PM requests your team prepare a concise
assessment of the ongoing situation and reporting. Your assessment should include:
How or where the relevant systems could be vulnerable to exploitation, and
what steps can be made to mitigate these vulnerabilities;
An assessment of potential risks and impacts to consider if the vulnerabilities
are successfully exploited; and
Immediate and long-term responses the LC government can or should consider to
address these vulnerabilities, taking into account the severity and likelihood
of the threat.
To provide this assessment and policy recommendations, you will apply your
understanding of UQ’s CYBR7001 (e.g. elements of cyber security threats,
vulnerabilities, technologies involved, law, foreign policy, international relations,
criminology) to synthesize useful policy measures from limited information. Your
recommendation must analyse the possible strengths, weaknesses, opportunities, and
threats of your proposed response.
As policy advisers, in formulating your response you will be expected to have
considered, at a minimum:
 All stakeholders when determining an action or recommendation, including the
role of the government and private sector;
 The long and short-term impacts of your recommendation;
Which agency will be responsible for the action you have recommended,
 Whether you can, or should, attribute the threat; and
 The covert or overt nature of your response.
Additionally, this message is accompanied by several documents that may assist your
team in preparing a comprehensive policy recommendation for the task force:
Tab 1 – LCNN Article #1
Tab 2 – LCNN Article #2
 Twitter feeds

CYBR7001 Assignment 1
3
LCNN Article #1

[Breaking] Devastating Power Outage Across Lucky
Country’s East Coast
5th August 2024 0600 hrs LCT

Report by Jonathan de Souza

A power cut has hit all cities and towns along the entire east coast of the Lucky Country. The blackout
lasted just over five hours and started just before 11pm on 4th August 2024, causing service disruption
and possible life loss.

The blackout caused all traffic lights and telecommunication base stations to malfunction and essential
services to run on backup generator power. Several traffic accidents have occurred across most cities
along the east coast. At least three hospitals reported power outages after their backup power were
depleted after three hours, causing disruption to hospital operating theatres and intensive care units
(ICU).

There have been unconfirmed reports of a handful of patients affected by the disrupted operations and
social media coverage of the chaos at affected emergency departments.

Prime Minister Michelle Macintosh said the blackout was attributed to the outage of the grid system
linking the entire east coast of the country and cited possible cyber-attacks on the country’s grid systems.

The PM has activated the LC Defence Force to assist in all affected areas. She also urged all citizens
to remain calm and stay indoors wherever possible.

The PM elaborated that the attack was likely caused by a state actor deploying an advanced persistent
threat vector on the power grid’s industrial control systems. When asked by LCNN, the PM refused to
name the state actor involved.

Cyber security expert Professor Andrew Cole said the electricity and power supply industry has been a
sitting duck to cyber-attacks for a long time, with power companies guilty of ignoring the risks repeatedly
highlighted by the LC Cyber Security Centre and many cyber security professionals.

He said that power companies are guilty of negligence and bad governance, since the attacks were
similar to the attacks on the Ukrainian power plants in 2015 and 2016, the January 2024 Ukraine cyber-
attacks on government websites, and more recently, a smaller scale series of power outages on LC’s
Old North Wales (ONW) state in June 2024.

The cyber-security company Information Security and Assurance Partners (ISAP) has linked the
incident to the hack and ONW blackout in June 2024 that affected 225,000. It also said a series of other
recent attacks in South America were connected.

CEO of Power Lucky Country, Mr Bradley Wilson, the company managing the grid line on LC’s East
Coast, denied these accusations and said that the company has passed all cyber security audits and
is certified to the ISO/IEC 27001 cyber security standard.

The chief police commissioner, Commissioner Wilfred Chan, urged all members of the public to remain
indoors and report possible looting to the police.

Access to electricity is a major contention as the price of electricity has risen sharply across the country
despite the increased unreliability of the providers. The loss of power could impact essential services
and businesses throughout Lucky Country. The debate seems likely to continue further still as the
country enters one of the coldest winters on record.

More to come…

CYBR7001 Assignment 1
4
LCNN Article #2

Lucky Country Announces Sanctions on the
Democratic People’s Republic of Korrelle
20th May 2024 0900 hrs LCT

Report by Santokh Singh

The Prime Minister of Lucky Country Michelle Macintosh has announced that Lucky Country will impose
economic sanctions and bans on all petroleum imports and coal exports for the Democratic People’s
Republic of Korelle (DPRK).

With this announcement, Lucky Country has joined at least five other nations announcing similar
sanctions on the country embroiled in years of conflict with its neighbouring countries. The move is
likely going to impact the already-impoverished DPRK, which has largely depended on fuel imports for
its local economy.

United Nations experts said in key sections of a recently released report obtained on 10th May by LCNN
that DPRK has also evaded sanctions through “targeted” cyber attacks against officials of 10 countries
on the U.N. Security Council and on members of its expert panel. They did not elaborate or identify
which of the 10 council nations were targeted.

In the report to the U.N. Security Council, the experts said DPRK has maintained its nuclear facilities
and continues to produce fissile material, including highly enriched uranium, that can be used in nuclear
weapons. It has also continued “to develop infrastructure and capacity for its ballistic missile program”
and moved ahead on construction of an experimental light water reactor, they said.

CYBR7001 Assignment 1
5
Twitter Feeds

(Note: Do not post these fictitious tweets online)
CYBR7001 Assignment 1
6
Part 2 – Case Study (50 marks)

In this part of the assignment, you will take on the role of Chief Information Security Officer (CISO) of Norsk
Hydro when it was just struck by a cyber-attack.

See: https://news.microsoft.com/transform/hackers-hit-norsk-hydro-ransomware-company-responded-transparency/

You are encouraged to do your own research.

Write an advisory (limited to 800 words) for the company’s senior management
o Using the Lockheed Martin Cyber Kill Chain as a visual tool, detail the events which led to the cyber-attack.
(5 marks)
o Describe the actor(s), motivation(s) and vulnerabilities involved in this attack. (10 marks)
o Recommended actions for the company. (10 marks)
o In bullet point form, key things to note for a media press release to media companies. (10 marks)
o Longer-term mitigation strategies for the company to prevent such attacks from happening again (hint: many
strategies and approaches were described in the CYBR7001 lectures). (15 marks)

(Note that the word limit is strict. Exceeding the word limit may result in penalties).

End of Assignment 1

请加QQ：99515681  邮箱：99515681@qq.com   WX：codinghelp