Incident Response Lead

Background:
Acting as a computer security incident response team leader of a nuclear facility in the United States of America. This facility contains sensitive industrial control systems that are connected to a network and is working on researching various nuclear reactions for commercial nuclear power use. There has been unusual activity going on within the last few weeks with some of the centrifuges mysteriously failing. Today there was unusual traffic patterns occurring on the network and servers containing sensitive information is sending traffic outside of the internal network.

Instructions:
Explain each step of the incident response process from preparation to lessons learned on how to handle this event. Be aware that this needs to follow within the context of the Nuclear Regulatory Committees framework for incident response and therefore it is important to mention which outside agencies may need to be contacted if this event is an incident. Also write up any vulnerabilities that may be discovered during the incident and include recommendations on how to address them.

In addition to the criteria above, provide a vulnerability framework and explain how built-in security versus that of bolt-on security could help increase the security posture of the nuclear facility against attacks. Pleas cite reputable sources.