The North Eastern ICT Partnership (NEICT) has previously held 6 annual events looking at the relationship between information security and the business / operations of the region’s public service organisations.
This year’s event was organised as a workshop to bring together people in a range of roles within organisations with responsibilities under the Civil Contingencies Act 2004. These responsibilities include responding to cyber incidents. The objective was to network, share knowledge and experience and progress the civic cyber resilience conversation forward in the north east region.
The key messages and findings are applicable to all organisations:
- Turn the ‘cyber’ conversation from being about IT security towards being about operational risk. Discuss likely impact of a cyber incident.
- Talk with system owners, business managers and information asset owners. Involve colleagues from information security, information governance, information assurance, emergency planning / resilience, business continuity and business recovery. Don’t forget web teams and ‘digital’ sections.
- Cyber incidents need not be cybercrime, nor malicious.
- A cyber incident timeline consists of inter-related phases:
- Business as Usual – Incident (and levels of escalation) – Business Continuity – Business Recovery and New Norm
- Plan for common consequences rather than causes. For cyber these are:
- Loss of data and voice communications
- Loss of key line of business apps (including remote plant, boiler control etc.)
- Compromised data / systems (including remote plant, boiler control etc.)
- A Cyber Incident Response Plan should use the same framework as your other incident response plans. Think about:
- When to escalate an incident
- Who to alert (see https://neict.org/isnortheast/cyber-attack-reporting-guidance/)
- Key contact details (include your suppliers and key customers)
- Who is involved in each phase and what they’ll do
- Who can spend money
- Prioritised list of services / systems / data to restore
- Testing your Plan
- Think about potential vulnerabilities in your extended supply chain.
- Network with colleagues in other organisations – make contacts now for when you need them later.
- Participate in cyber resilience awareness and training.
- This is a developing narrative; don’t be afraid to join – you are where you are.