INFO5301 Tutorial 7
Analysing Security Incidents
The goal of this tutorial is to provide you an opportunity to analyse real security incidents. This
process will allow you to understand the consequences of the attacks and identify what went wrong.
You will also figure out the preventive, mitigating actions taken for each incident and will evaluate
what are the security measures to be taken to avoid future attacks of the similar nature
You will work in groups to answer the exercise questions. Each group will be allocated with one
Exercise.
Exercise 1:
SolarWinds is a major IT firm that provides software for entities ranging from Fortune 500
companies to the US government. On December 2020, SolarWinds experienced a cyber-
attack which resulted in data breach of the company’s clients.
According to Business Insider Australia, “The breach went undetected for months, and
could have exposed data in the highest reaches of government, including the US military
and the White House.
Now that multiple networks have been penetrated, it’s expensive and very difficult to secure systems.
Tom Bossert, President Trump’s former homeland security officer, said that it could be years
before the networks are secure again.”
Reference:
Business Insider, Tech article on How the massive SolarWinds hack happened and why it’s
such a big deal
Research on this security incident and answer the following questions.
1.1 What are the consequences of the incident?
Answer:
- US agencies, including parts of the Pentagon, the Department of Homeland Security, the
State Department, the Department of Energy, the National Nuclear Security Administration,
and the Treasury were attacked.
- Private organisations like Microsoft, Cisco, Intel, and Deloitte, California Department of
State Hospitals, and Kent State University were attacked
1