CJ 682 - Milestone Two - 2
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
682
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
12
Uploaded by CountOctopus1696
Threat Assessment: Hanscom Air Force Base
Southern New Hampshire State University
Viktoria Prifti
CJ682: Threat Assessment – Milestone Two
Professor James Henderson
10-22-2023
HAFB
NAME 2
Vulnerability Identification
Hanscom Air Force Base is guided by the mission of “providing worldwide support for the Air
Force Life Cycle Management Center and outstanding quality-of-life opportunities for our
military personnel, their family members, and the many workers who are part of Team
Hanscom” [ CITATION Han232 \l 1033 ].
Overview of Property
Hanscom Air Force Base is located in the state of Massachusetts. The infrastructure is set
up on a land spanning 846 acres which contains at least 155 buildings. The topmost building is
the medical clinic, which serves the needs of the residents [ CITATION Han232 \l 1033 ].
Likewise, it houses auto skills, force aid, barber shop-exchange, base-exchange, and churches.
Most of the buildings in the area are 731 privatized family housing for current or former military
officers [ CITATION Han232 \l 1033 ]. Also, the base is home to numerous civilians from
divergent backgrounds. It has a surrounding perimeter wall, which is bordered by residential
properties.
Source: [ CITATION Han232 \l 1033 ]
HAFB
NAME 3
Source: [ CITATION Han232 \l 1033 ]
Operating Elements
The administrative operating element is managed by the Department of Transportation
and Homeland Security. The two agencies work together with the base commander to set up a
robust administrative structure that ensures operational efficiency [ CITATION Han232 \l 1033 ].
The base commander also liaises and collaborates with the Massachusetts Port Authority to
control the flow of civil airlines in the adjacent airport. The current base commander is Colonel
Taona Enriquez, who works with Major General Antony Genatempo to uphold security and
continued operations [ CITATION Han232 \l 1033 ].
The second functional element is the PEO C3I&N, which consists of command, control,
communications, and intelligence and networking systems. The system was set up at the base to
collect information that is shared with combatant commanders [ CITATION Han232 \l 1033 ].
The C3I&N is also responsible for coalition and joint cyberspace, as well as developing
cryptologic algorithms that safeguard military data. It connects various systems across the force
with the intention of sustaining war-winning capabilities.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
HAFB
NAME 4
People
The administrative element contains 5 leaders/executives, as shown in the figure below. Major
General Anthony Genatempo is the executive officer for the C3I&N and is flanked by Scott C.
Hardiman. The latter is the civilian director responsible for the NC3 and program execution.
Likewise, Steven Wert is the program executive officer (PEO) for the base's life cycle
management center. The base commander (Taona) works together with Chief Master Sergeant
Alan Weary to manage the facility’s operations.
Source: [ CITATION Han232 \l 1033 ]
The C3I&N has a total workforce of 10,306 employees. Out of the total, at least 899 are
active duty service men, with 400 working under the National Guard [ CITATION Han232 \l
1033 ]. Likewise, the LCMC and DOD civilians account for 1,743 and 555 employees compared
to non-DOD and non-appropriated fund civilians at 92 and 170, respectively [ CITATION
Han232 \l 1033 ]. There are 2,208 contractors, with the MIT Lincoln lab having 4058 employees.
Valuable and Critical Assets
The topmost valuable and critical asset at the facility is its cyber systems. These systems
(C3I&N) are responsible for the collection of intelligence information, which is shared with
combatant commanders to ensure decision-making. Subsequently, the Boston Logan
International Airport is critical to its operations with regard to the movement of goods and
people.
HAFB
NAME 5
Proprietary Information
The cyber technology systems contain proprietary files and data that can be targeted by
terrorists. Specifically, the C3I&N is used to collect intelligence information and protect the
nation's network infrastructure. It contains data regarding missions and America's security
posture, which can be detrimental if accessed by the wrong parties. Likewise, the adjacent
civilian airport has computer systems with personally identifiable information. Terrorists might
gain access to the systems and use the information for identity theft purposes in order to gain
entry into Hanscom Air Force base.
Reputation
Hanscom Air Force Base has a positive reputation in the area due to its operations and
security mechanisms. The C3I&N has, however, come under intense scrutiny as it collects
pertinent information about domestic and international operations. The data collection process is
often conducted without consent, which might violate citizen privacy. Nonetheless, the loss of
information can contribute to attacks and damaged organizational reputation.
Protection Justification
Both the C3I&N and Air Force base must be protected because of their two-pronged role
in warfighting and transportation. For instance, any disruptions to the former can contribute to
lost connection and communication between servicemen. The occurrence of an attack on the
latter will ultimately lead to disrupted transportation.
Common vulnerabilities
Hanscom Air Force base is faced with three different vulnerabilities which affect its
operational efficiency. The first vulnerability pertains to cybersecurity, with the facility lacking
the necessary software and measures to counteract attacks. The specific information used to
HAFB
NAME 6
identify this vulnerability was collected from the DHS's Sector Specific Plan
(Homeland
Security, 2015). The plan denotes that government facilities like the base have witnessed a surge
in reported malware or ransomware attacks. Even though Hansom has a robust cybersecurity
system, it still faces the likelihood of an attack, considering the fast-paced nature of technology.
The specific location that could be attacked is its communication systems. This scenario can
include hackers gaining access to communications and barring user privileges
(Arctic Wolf,
2022). They will likely use a ransomware method to exploit the vulnerability, as shown in the
case of JBS Foods. The actor will access this vulnerability through weak firewalls and open
ports.
Subsequently, the critical infrastructure has a physical security vulnerability. This is
confirmed by the recent Capitol Attacks, which saw people accessing government facilities
without authorization
(Byman, 2021). The base's operations offices will be attacked, thereby
undermining the movement of people in the airport. Furthermore, the likely potential attack
scenario will involve individuals using weapons like guns. The threat actors will access this
vulnerability through weak access control policies or systems.
The final vulnerability pertains to insider threats often launched by contractors or
employees. I identified this information based on the Snowden scandal, whereby a worker leaked
sensitive information about a federal government facility
(Satter, 2020). The specific location
that will be attacked is the facility's system. The employee or contractor can access this
vulnerability using their privileges. They will then maneuver through the systems by editing,
downloading, or deleting some of the information. The probable method of attack will involve
espionage, with the information being sold to the highest bidder, as shown by Edward Snowden.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
HAFB
NAME 7
U.S. Capitol Attack
Source: [ CITATION Was21 \l 1033 ]
Probable Vulnerabilities
At Hanscom Air Force Base, the common vulnerabilities include cybersecurity, with
attackers gaining access through the communication systems. The attacks will be launched on the
C3I&N, thereby leading to communication and data maintenance issues. Subsequently, the CI
faces the risk of physical security breaches, with attackers gaining access to the airport and key
buildings. They will likely use guns and capitalize on vulnerabilities such as weak access control
policies at the gate.
The final vulnerability is insider threats, with an employee or contractor
using their privileges to access the system. They will then move through the network with
malicious intentions predicated on downloading, editing, or deleting information.
HAFB
NAME 8
Vulnerability Assessment
Decision to target
The Air Force Base faces an imminent threat from the Taliban, which operates from the
Middle East. The group has grown substantially through recruitment and radicalization efforts
[ CITATION USD202 \l 1033 ]. It is largely motivated by ideological reasons as it perceives
Americans as infidels while criticizing the nation for its illegitimate activities in the region. It has
a high capability because of the various cells and networks affiliated with the main group
[ CITATION Dep151 \l 1033 ]. Furthermore, the Taliban uses primary tactics such as bombing
and shooting, which makes it a dangerous foe.
Vulnerabilities most likely to be exploited
Malicious actors and terrorist groups are likely to exploit the physical security
vulnerability. This is confirmed by recent happenings in 2017 when the base was closed due to a
truck with explosive residue. The truck was allowed entry into the critical infrastructure, with the
security not conducting the necessary checks. Furthermore, two vehicles were found outside the
gates, which contained explosive residue.
Vulnerability Level
A prescriptive review of the vulnerability level reveals that the Air Force Base has a raw
score of 17, which translates to an assessment rating of 6. This score was derived from various
factors, with the topmost being the level of visibility set at 3. The airbase has a medium visibility
since it is known locally. There is no information about its role or awareness of its operations in
the regional or national frontier. Nonetheless, it serves the local residents and airport by
providing transportation services.
HAFB
NAME 9
Subsequently, the criticality of the target to the jurisdiction is estimated at 4. The Air
Force base has a high usefulness since it manages a local airport serving various
airlines[ CITATION Han232 \l 1033 ].
The jurisdictional impact is set at 4 because the base has a high economic impact as it
facilitates the transportation of goods and people from the areas [ CITATION Hom15 \l 1033 ].
Likewise, it influences the locale’s security due to its nature and identity as a military
installation. Comparatively, the potential threat element’s level of access is at 1. Just like every
other military installation, Hanscom Air Force Base has a robust security infrastructure. The CI
has set up a 24/7 security patrol with vehicles and personnel being controlled in terms of entry.
Furthermore, each personnel has a designated parking, with unauthorized vehicles being banned
from parking within 300 feet [ CITATION CBS17 \l 1033 ].
Also, the base does not have any weapons of mass destruction, with a score of 1. This is
attributed to its recent shift from a military installation to one that runs the adjacent airport.
Therefore, the government has set up measures to limit any materials that might contribute to
destruction. Likewise, the scores for the potential site population capacity and collateral mass
casualties are set at 2. The Air Force Base is home to 1,917 people as per the 2021 population
census. This is a substantial decline from the 2119 reported in 2020, with white people
accounting for 49% of the populace. Furthermore, the Hispanic and Asian communities account
for 15% and 7.46% of the final tally[ CITATION Dat23 \l 1033 ]. Comparatively, the potential
for mass casualties is moderate due to the low number of people living within the 1-mile radius.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
HAFB
NAME 10
Appendix A
HAFB
NAME 11
References
Arctic Wolf. (2022, August 25).
10 Notable Cyber Attacks on Government Agencies
. Retrieved
from Arctic Wolf: https://arcticwolf.com/resources/blog/notable-cyber-attacks-on-
government-agencies/
Byman, D. (2021, January 19).
The assault on the U.S. Capitol opens a new chapter in domestic
terrorism
. Retrieved from Brookings: https://www.brookings.edu/blog/order-from-
chaos/2021/01/19/the-assault-on-the-u-s-capitol-opens-a-new-chapter-in-domestic-
terrorism/
CBS News. (2017, July 5).
U.S. Explosive material scare triggers evacuations at Hanscom Air
Force base
. Retrieved from CBS News: https://www.cbsnews.com/news/hanscom-air-
force-base-bomb-squad-massachusetts/
Data USA. (2023).
HANSCOM AFB, MA
. Retrieved from Data USA:
https://datausa.io/profile/geo/hanscom-afb-ma#:~:text=Hanscom%20AFB%2C%20MA
%20is%20home,any%20other%20race%20or%20ethnicity.
Department of Homeland Security. (2015).
Attacks on Federal Government: 2001-2013.
Hanscom Air Force Base. (2023).
About Us
. Retrieved from Hanscom:
https://www.hanscom.af.mil/
Homeland Security. (2015).
Government Facilities Sector-Specific Plan.
https://www.cisa.gov/sites/default/files/2023-03/nipp-ssp-government-facilities-2015-
508.pdf.
HAFB
NAME 12
Satter, R. (2020, September 3).
U.S. court: Mass surveillance program exposed by Snowden was
illegal
. Retrieved from Reuters: https://www.reuters.com/article/us-usa-nsa-spying-
idUSKBN25T3CK
Stunned. (2023).
Hanscom Air Force Base
. Retrieved from Stunned:
http://www.stunned.org/spook/spook/www.mitre.org/about/location/hafb.shtml.htm
U.S. Department of State Bureau of Counterterrorism. (2020).
Annex of Statistical Information
Country Reports on Terrorism 2019.
Development Services Group, Inc.
Washington Post. (2021, December 30).
Images from Jan.6 depict the U.S. Capitol under attack
.
Retrieved from Washington Post:
https://www.washingtonpost.com/photography/interactive/2021/january-6-photos/
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help