Case Study--- IMPORTANT NOTIFICATION to Counter Attack Team from CRISP and NCCIC: At 5 pm today the entire ERGOT power grid was compromised. Power outages are wide spread. The attack appears to be from multiple fronts. A DDoS attack was carried out on the main facility and substations simultaneously. Computers, iPads, and iWatches throughout the facilities including remote substations flashed and then showed the face of a masked man but no message was sent. Employees reported that immediately after the attack all cell phone service was routed to an unknown number rather than the numbers attempted. Employees were unable to reach anyone outside the building. At the same time machinery inside four of the main substations failed due to apparent sudden mechanical problems. The most direct offensive attack occurred ten minutes after the power went down, when armed men opened fire simultaneously on transformers at remote substations across Texas, causing major damage to the facilities and injuring guards. Because of outages, security features at the facilities were also down, allowing the attackers to enter the facilities where employees on the evening shift were forced to hand over access keys and passwords. While facility managers and employees attempted to reverse the attack and are even now drawing on borrowed power from other grids, it is estimated that the damage will take weeks and maybe more to reverse. The men who attacked the remote substations were not caught but surveillance has provided the authorities with leads.

Task: You and the team now need to deal with the attack, reclaiming the facilities and services and getting power up as quickly as possible. You also need to find all the holes that were created in the system by the attackers and devise ways to close the backdoors and other attack sites. Time is key to protect the public and prevent riots and even deaths. Develop a plan that includes the following parts: Overview of the problem including a summary of what happened, who the possible attackers were, what country or organization Analysis of how the plan for securing the grid failed; where were the holes, vulnerabilities, weaknesses in security and systems Plan to deal with the attack and get the grid back up to full capacity. This will most likely be a phased in approach. Be sure to give details of what will be done, who is responsible, how it will fix the situation, what long term effects are expected. Provide a plan for preventing such an attack in the future. Include physical and digital security that needs to be addressed as well as policies.