FEATURE: DISASTER RECOVERY
//////////////////////////////////////////////////////////////////////////
ONE OF THE PRIMARY GOALS AFTER
ANY INCIDENT IS TO RETURN TO A
NORMAL OPERATING STEADY STATE.
Worst-case scenario planning
One of the primary goals after any incident
is to return to a normal operating steady
state. The criteria may include remediating
systems, restoring backups, and preserving
logs and files suspected to have been
manipulated during an incident. The human
factor for role playing is time dependent.
Based on a catastrophic incident as
the worst-case scenario, teams need to
consider how long the restoration times
of services may take, including collecting
forensic information. Without an effective
role-playing implementation, an hour-long
meeting in a conference room to review an
incident response plan will never reveal the
true pain of an outage that could last days
if domain controllers, virtual instances and
infrastructure needs to be restored. The cost
to the business may dictate the need to
leverage disaster recovery procedures or high
availability options as a method to mitigate
lost revenue during an incident.
This practice exercise obviously touches more
team members outside of the core incident
response team and only emphasises the first
concern I discussed: roles and responsibilities.
Incidents may have associated outages and
then again, they may not. Planning, role
playing and practice exercises should consider
the worst case, just in case an environment
needs to be completely rebuilt. If you think
that is never possible, ask someone who has
ever had a domain controller compromised or
been a victim of ransomware.
Self-improvement
The final piece of any incident response plan
and practicing is self-improvement. Creating
a plan, never testing it and filing it away
so you can check the box on a regulatory
compliance form is just pathetic. We have
fire drills for a reason. We need to learn how
to survive when a life-threatening event
occurs and cybersecurity incidents can be
life-threatening to the business, your job and
depending on your line of work, the country
or well-being of others.
Please do not misunderstand my message.
I am not suggesting war games. I am
suggesting following your incident response
plan in a mock scenario and on a periodic
basis to ensure that people know what to do,
how to do it and what to say. Then, anything
that works, fails, or needs clarification gets
included back into the plan until the next
scheduled practice. This scheduled practice
should match up to existing policies for
penetration testing, cybersecurity awareness
training, and may involve red and blue teams
for the sake of realism.
Incident response plans need to evolve past
being a documented procedure. They need
to be a working part of any business and the
success of the plan should be measured with
appropriate metrics, from response time to loss
of services and revenue. While this might not
always be the case, and the incident may be
trivially minor, the potential for a catastrophic
incident can happen to any organisation.
Reading a manual for the first time when it
happens is never a good way to manage the
crisis. This is why we have fire drills. n
Securing the utility’s
most valuable resources
Managing crises when they hit is something that utility
companies have to deal with, according to Alessandro
Postiglioni, Head of IT Security Sales, BT in Africa.
A
dverse weather, natural disaster
or vandalism can all wreak havoc.
How a power company or utility
firms responds and recovers is critical to
their business continuity and reputation
management. However, as utilities – like
other companies across industries – look
to adopt leading digital technologies such
as cloud, mobility, data analysis, Internet
of Things (IoT) and artificial intelligence
54
INTELLIGENTCIO
(AI), threats to business continuity have
become compounded by cyberattacks and
cybercriminal acts.
From people, assets and data, security is a
top priority for utilities and an increasing
challenge with the growing risks. The risks
remain rife as many boards still struggle
to set the challenge in a business context,
demystify the complexities and move
beyond the jargon, to understand the real
risks of IT security in the digital and ‘totally
connected’ world. And, utilities need to have
a game plan.
Integrated security strategy
In this digital era, with global and dispersed
offices and mobile workers all connecting to
the business networks, security can no longer
www.intelligentcio.com