Kelly Engineering Analysis Scenario

Kelly Engineering Analysis

Global Engineering Analysis

for the

High Technology Industry


This scenario is designed to explore the issues of response technology for information networks. The main goal of the scenario is to explore the space of possibilities for response for a fairly typical medium-sized computer network. This is done in several phases to reflect situations of different intensity and to stress various aspects of the response space. Time is limited in each move to foster idea generation - at the expense of in-depth analysis - and to get people thinking in terms of a real-world situation rather than abstract concepts.


The Kelly Group

The Kelly group's core business is engineering analysis for high tech industry. From bridge design verification to circuit simulation to molecular analysis, Kelly provides world-class analytical capabilities. Over the past 25 years, Kelly has grown from a small start-up to a 25 billion dollar firm with satellite offices in 25 countries and more than 20,000 users.

Kelly's main information operations consist largely of feeding huge design files from client systems into about 200 centralized design verification systems. Collected data is analyzed by a set of major interlinked data centers in the U.S. - primarily to find design flaws and assess limitations of designs. There is also a substantial quantity of video and computer aided design (CAD) conferencing with client designers, and many small joint ventures with major clients and competitors are connected to the Kelly network. Results of analysis are typically passed back to clients as lists of flaws, and this normally takes far less time and space than the collection and analysis process.

Kelly's global network consists largely of legacy systems collected over the past 25 years. This includes just about every sort of technology from its time. Large portions of the Kelly network are poorly documented, and cost limits equipment upgrades, overhead for support, and so forth. Big aging mainframe computers run age-old analysis code that was custom built for those machines in their heyday, while new servers have been added over time for all manner of functions - each a special case.

Almost every version of every operating system is in use at Kelly, and because of the high cost, these systems are not updated for security holes on an ongoing basis. It is all Kelly can do to keep most of it working most of the time.

Kelly has a Network Operations Center (NOC) that provides network control via off-the-shelf router control tools. There are about 2,500 routers, switches, hubs, and similar pieces of networking equipment in use throughout the world in Kelly. While the NOC is tasked with controlling the network and its switching and routing components, servers are managed by ‘business unit owners and other nodes are run by individual users. There is no central response process, but reports can be made to the NOC and will be forwarded by the NOC as they see fit. All manner of telecommunications systems are in use, with a wide variety of CPUs, embedded systems, networks, and generally any other information technology that has ever been used is somewhere in Kelly. There is even a small PDP-8 shop still running in Pittsburgh, and rumor has it that card punches are still used for data entry in some countries.

Cyber-Threats to Kelly

As a result of a story in the Wall Street Journal about attacks on computer networks, top management at Kelly recently sponsored a threat assessment by a start-up corporate intelligence firm with several ex-Air Force officers as principals. They found the following elements of a threat environment:

The 1998 Vulnerability Study

A vulnerability study was done using another small startup firm run by a guy who claims not to be an expert in information security (his honesty was a large part of the reason he was chosen). This top-level assessment showed the following results:

A strong desire was expressed by this firm to do a more in-depth analysis because they suspected that there was ongoing criminal activity within Kelly, but management decided not to do the follow-up because the proposed cost was on the order of several hundred thousand dollars, and because they did not really believe that any of Kelly's 20,000 global employees could be disloyal to the company.

The Consequences of Attacks

An internal committee was asked to identify the possible negative consequences of attacks against Kelly's information systems without regard to the threats or the likelihood of events, and taking into account everything from major global collapse (e.g., Y2K problems) to local attacks by hackers from the Internet. They came up with the following major concerns.

Some Detected Incidents

Over the past year or two, the following incidents have been detected within Kelly, essentially as a result of individual effort by select systems administrators and, in some cases, by dumb luck.

Some Additional Information

The following additional information has been provided by the internal security committee at Kelly:

Things to keep in mind

A major question to be addressed is how Kelly can cost effectively respond to attacks rather than try to prevent them.

And then...

Specific scenario details associated with this background are unpublished until the start of the strategic simulation/game.