A high performance computing cluster under attack: the Titan incident

2015 
At the University of Oslo (UiO), CERT manager Margrete Raaum learned of a network attack on Titan, a high-performance computing cluster that supported research conducted by scientists at CERT and other research institutions across Europe. The case describes the incident response, investigation, and clarification of the information security events that took place. As soon as Raaum learned of the attack, she ordered that the system be disconnected from the Internet to contain the damage. Next, she launched an investigation, which over a few days pieced together logs from previous weeks to identify suspicious activity and locate the attack vector. Raaum hopes to soon return Titan to its prior safe condition. In order to do so, she must decide what tasks still need to be completed to validate the systems and determine if it is safe to reconnect it to the Internet. She must also consider further steps to improve her team’s ability to prevent, detect, and respond to similar incidents in the future. This case is designed for an undergraduate or graduate information security (infosec) class that includes students with varied technical and business backgrounds. The case supports discussion of technical and managerial infosec issues in inter-organizational systems – a topic that is currently underrepresented in major case collections.
    • Correction
    • Source
    • Cite
    • Save
    • Machine Reading By IdeaReader
    0
    References
    1
    Citations
    NaN
    KQI
    []