Cyber Incidents
Occured in 2010 and was caused by a computer worm that targeted an Iranian nuclear plant.
What is Stuxnet?
Concept that relates to the secrecy of data; ensures that only authorized users have access to the data.
What is confidentiality?
Intended to disrupt an authorized users access to a particular network or service.
What is a DoS?
The default action of a system is to deny access. If a task is unable to completed, undo everything.
What is Fail-Safe Defaults?
A premier intern institute for growing R&D cybersecurity staff members for national security.
What is the Center for Cyber Defenders (CCD)?
Occurred in 2014 and was a spear phishing attack in which the attackers gained complete access to a plant’s networks resulting in physical damages.
What is the German steel mill attack?
Concept that relates to the correctness of data and its source; ensuring data is unaltered and comes from the authorized user that it says it is from)
What is Integrity?
Malicious software that is designed to disrupt, damage, or gain unauthorized access to a computer system.
What is malware?
Strength of security should not depend on secrecy of design or implementation (or configuration).
What is Open Design?
In 1945 Sandia National Labs was founded as this division.
What is the Z division?
Occurred in 2021, and involved an attacker adjusting the levels of sodium hydroxide at a water treatment plant.
What is the Florida Water Treatment Plant Hit?
Concept that relates to keeping your systems in a state such that data and/or services are always accessible by authorized users.
What is availabilty?
A perpetrator positions himself in a conversation between a user and an application—either to eavesdrop, impersonate, or steal information.
What is a Man-In-The-Middle Attack (MITM)?
Computer mechanisms or resources should not be shared among among users or groups.
What is Least Common Mechanism?
Four of Sandia National Labs main job sites.
What is lab sites in Albuquerque, NM and Livermore, CA, and test sites at Tonopah Test Range, NV and the Kauai Test Facility, HI?
In January 2023, T-Mobile announced that a bad actor had gained access to some customer data through this.
What was a vulnerable API?
Overly complicated systems aren't always the best option because they are difficult to work on and have many points of failure. This concept aims at creating systems without all of the complication.
What is Keep it Simple?
Form of attack used to manipulate people into divulging sensitive data about themselves to the attackers.
What is social engineering?
A user, application, or service should only be given privileges necessary to complete its task.
What is Least Privilege?
The number of Tech Areas at Sandia, and the Tech Area in which most cybersecurity employees work?
What is 5 Tech Areas, and Tech Area 1.
The first major cyber attack on the internet came courtesy by whom and in this specific year.
Who is Robert Morris (the Morris Worm) in 1988?
Concept that is meant to make you think about a problem from the malicious user’s perspective.
What is Think like an Adversary?
30-50% of all data loss due to the people already within the organization.
What is an insider threat?
Multiple conditions must be met in order to grant privilege or access.
What is separation of privilege?
The CCD penguin was modeled after this mascot.
Who is “Tux” the official mascot of the Linux kernel.