Background: Attacks on critical infrastructure are likely to become the norm in cyber warfare and cyber espionage. Nation states and other hostile actors (e.g. terrorists) are likely to use these attacks to make a statement or further their interest in some fashion.

Consider the following:
Being in charge of information security for some nuclear facilities. Multiple sites are reporting strange behavior with their industrial control system and unusual traffic coming from IP addresses of a nation state known for cyber espionage; though traffic from these IPs are not usual since they attack daily trying to find a weakness with no success, this time, it coincides with other anomalous behaviors.

Instructions: Respond to the following questions
Explain how you would direct the team to respond to these events.
What would you have the team do, if they discover that nation state was not the actual attacker, but was used as a distraction by the real attackers?
What organizations as a member of the nuclear industry should you contact during this incident and seek assistance?
Besides the above, what else should one consider in handling such an event and why would you recommend it?
Discuss at least three things your team should do and why?
Support the statements with facts, statistics, testimonies, etc. from at least three scholarly sources.