Protecting the Homeland (Research Paper Sample)

Protecting the Homeland: Risk Profile
Name
Institution
Protecting the Homeland: Risk Profile
The US Federal Government does need effective cyber security in identifying, prioritizing and managing cyber risk across its departments. There are different manifestations of cyber risks, such as the complex techniques that pose threats that are compromising in nature to the malicious techniques that infect user machines with malware without their knowledge (Office of Management and Budget, 2018). To identify cybersecurity threats, the DHS should establish a descriptive Risk Profile that provides a comprehensive outline of the possible cyber threats. A Risk Profile outlines the known risks, policies, and practices that provide guidance as to what can and should be done to protect an organizations data and assets (Amundrud, Aven, & Flage, 2017). This outline concisely summarizes the cybersecurity risks so as to give priority to the strategies for mitigation. Due to technological advancements, a Risk Profile should be constantly modified and updated to retain its efficacy. The top three cyber threats identified by the US Federal Government will be discussed in this Risk Profile.
Risk Profile
1. Threat 1
Insider threat
Description
An insider threat originates from within the federal government. It could come from present or previous employees, consultants, or other affiliates with access to the Federal Government's data and computer systems. Furthermore, this threat may or may not come from Executives, Senior Management, or System Administrators, and it is one of the most expensive and difficult to detect of all known attacks (Portman & Carper, n.d.).
Relationship
Internal relationship.
Motive
Money is the primary motivation for malicious insider threats. Other motivations include emotional and political motivations. Unintentional Insider threats and are motivated by a lack of knowledge, ease of access, and misguided technology (Portman & Carper, n.d.).
Intent
Malicious or intentional attempts to access sensitive data.
Capability
Has a considerable impact on the organization. Has a profound impact on the company. In addition to the lost asset value due to removal, divulgence or destruction, institutions may experience instant decline of intrinsic value and revenue loss.
Target Victim
United States Federal Government.
Targeted Asset
U.S. Federal Government data, databases, and file servers.
Action
Unauthorized access to intentionally or unintentionally harm the government or agency and its resources.
Objective
In most cases, the usual employee is unaware of the unintended loss of data. System administrators tend to misuse their privileges and may use un - authorized devices to smuggle exfiltrated data. The Executives and Senior management are commonly targeted by Spear-Phishing. Also, they may deliberately exfiltrate data after leaving their previous organizations, especially if they were not in good terms with them.
Threat 2
Nation/State-Sponsored Actors
Description
These are groups sponsored by foreign governments to use force and illegal access to the networks of the U.S. Government or other U.S.-owned commercial networks with the intention of stealing, damaging, or altering information (Portman & Carper, n.d.).
Relationship
External relationship.
Motive
Espionage and nationalism.
Intent
Obtaining secrets from other nations, sabotaging their networks and computer systems, to disrupt their operations, and compromising data (Portman & Carper, n.d.).
Capability
Nation-State Actors are highly-skilled, well-funded through government resources, and operate in the dark, often never acknowledging responsibility for their actions.
Target Victim
U.S. Federal Government.
Targeted Asset
Networks, servers, computers, and systems operated or owned by the U.S. Government or those in which there is a possibility to exploit vulnerabilities, and also U.S. Government officials.
Action
Social engineering, phishing, compromising stolen data and credentials, social network spoofing, brute force attacks, data export through malware and hacking.
Objective
To steal secrets from the government, disrupt crucial information systems, influencing government mistrust and interrupting policy discussions and decisions through propaganda
Threat 3
Cybercrime.
Description
In the context of the U.S. Government, cybercrime includes the use of computers to commit crimes such as denial of service attacks, hacking, online fraud, privacy violation, and identity theft against the U.S. Government’s digital services, systems, and networks (Portman & Carper, n.d.).
Relationship
External.
Motive
The main motivation is financial gain. Other motivations include ego, espionage, activism, and cyber theft.
Intent
Deliberate or competitive intent.
Capability
Cyberattacks against the