Score: Does not Meet

Comment: 6/23/2017 - The work provides a good discussion of the evolution of cyber-related capabilities and technologies in warfare since 1998 by illustrating the evolving tradecraft and methodologies associated with major cyber activities such as Midnight Maze, Stuxnet, Code Red and others. The characteristics of the APT are provided and the likely attack origin is provided. It is unclear within the work how the characteristics of the APT in the scenario differ from those of a threat before 1998 and the resources, capabilities, and accesses of the proposed attacker.

General comments:
6/23/2017 - The work provides a good discussion of the evolution of cyber-related capabilities and technologies in warfare since 1998 by illustrating the evolving tradecraft and methodologies associated with major cyber activities such as Midnight Maze, Stuxnet, Code Red and others. The characteristics of the APT are provided and the likely attack origin is provided. It is unclear within the work how the characteristics of the APT in the scenario differ from those of a threat before 1998 and the resources, capabilities, and accesses of the proposed attacker.
Detailed Results
(Rubric used: BWP Task 1 (1216))
Display
All Comments Criteria Description
A. EVOLUTION OF CYBERWARFARE
NOT EVIDENT / APPROACHING COMPETENCE / COMPETENT
An evaluation is not provided, or the submission is not related to cyber-related capabilities. / The submission evaluates the evolution of cyber-related capabilities and technologies in warfare since 1998 but includes inaccurate information or is not supported with academic or scholarly research. / The submission accurately evaluates the evolution of cyber-related capabilities and technologies in warfare since 1998 and uses academic or scholarly research to support its findings.
CRITERION SCORE:
Competent
B. CHARACTERISTICS OF AN APT
NOT EVIDENT / APPROACHING COMPETENCE / COMPETENT
An explanation is not provided, or the submission does not address the characteristics of an APT. / The submission explains the characteristics of an APT but the information provided is inaccurate or does not include specific examples of the tradecraft commonly used to accomplish intended goals. / The submission accurately explains the characteristics of an APT, including specific examples of the tradecraft commonly used to accomplish intended goals.
CRITERION SCORE:
Competent
COMMENTS ON THIS CRITERION:
6/23/2017 - A very in-depth discussion about the characteristics of the APT in the scenario is provided. The five actions that characterize an APT (use of social engineering, sophisticated tools, highly structured, clear objectives and very disciplined) are presented and defined.
C. EFFECT OF THE INTERNET ON ATTACKS
NOT EVIDENT / APPROACHING COMPETENCE / COMPETENT
An explanation is not provided. / The submission explains how the characteristics of the APT in the scenario are different than threats or attacks attempted before the prevalence of the Internet but the explanation includes inaccuracies, or the characteristics chosen do not reflect threats or attacks before 1998. / The submission accurately explains how the characteristics of the APT in the scenario are different than threats or attacks attempted before 1998.
CRITERION SCORE:
Approaching Competence
COMMENTS ON THIS CRITERION:
6/23/2017 - The response notes that the attackers pre- 1998 were less organized than present day APTs. While this is a valid point, it is limited in scope. It is unclear how the remaining characteristics of the APT in the scenario differ from a threat conducted before 1998.
D. ATTACK ORIGINATION AND PERPETRATOR
NOT EVIDENT / APPROACHING COMPETENCE / COMPETENT
A description is not provided, or the submission does not address where in the network the attack originated. / The submission describes where on the network an attack could originate but does not provide specific examples, or the information provided contains inaccuracies. / The submission accurately describes where in the network an attack could originate. The provided examples are specific and justify the claims.
CRITERION SCORE:
Competent
COMMENTS ON THIS CRITERION:
6/23/2017 - It is noted that the threat could originate from an insider. The justification provides a scenario where a disgruntled employee is employed to embed a remote access trojan into the network.
E. PROFILE OF ATTACKER
NOT EVIDENT / APPROACHING COMPETENCE / COMPETENT
A created profile is not provided. / The created attacker profile is not plausible for the scenario or the descriptions of the attacker’s probable resources, capabilities, and physical and logical access are not fact-based or contain inaccuracies. / The created attacker profile is plausible for the scenario and includes accurate, fact-based descriptions of the attacker’s probable resources, capabilities, and physical and logical access.
CRITERION SCORE:
Approaching Competence
COMMENTS ON THIS CRITERION:
6/23/2017 - The response indicates that the attacker is most likely China or Russia. It is unclear within the response what the resources, capabilities, and access are for the attacker along with fact based descriptions to support the accusations.
F. SOURCES
NOT EVIDENT / APPROACHING COMPETENCE / COMPETENT
The submission does not include both in-text citations and a reference list for sources that are quoted, paraphrased, or summarized. / The submission includes in-text citations for sources that are quoted, paraphrased, or summarized, and a reference list; however, the citations and/or reference list is incomplete or inaccurate. / The submission includes in-text citations for sources that are properly quoted, paraphrased, or summarized and a reference list that accurately identifies the author, date, title, and source location as available.
CRITERION SCORE:
Competent
PROFESSIONAL COMMUNICATION
NOT EVIDENT / APPROACHING COMPETENCE / COMPETENT
Content is unstructured, is disjointed, or contains pervasive errors in mechanics, usage, or grammar. Vocabulary or tone is unprofessional or distracts from the topic. / Content is poorly organized, is difficult to follow, or contains errors in mechanics, usage, or grammar that cause confusion. Terminology is misused or ineffective. / Content reflects attention to detail, is organized, and focuses on the main ideas as prescribed in the task or chosen by the candidate. Terminology is pertinent, is used correctly, and effectively conveys the intended meaning. Mechanics, usage, and grammar promote accurate interpretation and understanding.
CRITERION SCORE:
Competent