The New Jersey Police Chief Magazine | November 2022
The Time to Prepare and Consider How to Prepare for a Ransomware Event is NOW – Consider Ethics and Leveraging the ICS-100 – Availability of Free Resource
By Stan Mierzwa , NSA CAE-CD POC , Kean University Center for Cybersecurity Dr . James J . Drylie , Former Police Captain and Executive Director , Department of Criminal Justice , Kean University
Cochi Ho , Former Special Agent , FBI and current NJ InfraGard Board Member Dennis Bogdan , Former Police Detective , and Current Professor Criminal Justice , Kean University Kenneth Watson , Detective Lieutenant , and Current Professor Criminal Justice , Montclair State University Dennis Letts , Former Secret Service Special Agent , Chair Board Advisory , Kean University College of Business and Public Management
One figure often referred to by policymakers is that upwards of 80 % of the nation ’ s critical infrastructure can be found and is owned in the private sector . The importance of protecting our critical infrastructure has been elevated even further with the current requirements of the Cyber Incident Reporting for Critical Infrastructure Act ( CIRCIA ) of 2022 . CIRCIA was signed into law and aims to implement regulations for organizations to report a cyber-incident , such as ransomware , to the United States Cybersecurity and Infrastructure Security Agency ( CISA ). With this in mind , for those in leadership and ownership roles , in taking an ethical responsibility perspective , preparing for the potential of ransomware events should not be delayed .
Organizations of any type , regardless of the industry or sector they are categorized , need to plan for a cybersecurity malware attack in the form that may require the possibility of paying a ransom . Ransomware attacks have continued to evolve and grow in recent years as a form of cyber threat and need to be handled with a “ whole of community ” approach . It is advantageous to have a plan ahead of a ransomware incident rather than scramble since stress will be heightened depending on the level or spread of ransomware . Regarding law enforcement , an organization should be ready to understand when to contact them if a ransomware incident occurs and help determine when and if to pay such a ransom . The role of ethical considerations , detailed constraints , recovery preparations , leveraging of the Federal Emergency Management Agency ( FEMA ) Incident Command System ( ICS-100 ) with proposed amendments , and complementary response checklist are presented in a recently published manuscript in the Journal of Leadership , Accountability and Ethics . A goal of the effort is to provide an approachable framework that organizations , practitioners , and educators can utilize help with a cooperative , predesigned outline of key concept areas to focus on before the potential of such attacks . Overall , the product will inspire and help foster more significant and diverse involvement and awareness of the potential for ransomware with the ever-most important set of planning and incident response steps .
Recently Published Manuscript Outlining the Integration of Ethics and ICS-100 and Benefits Subject matter expert individuals provide the approaches and steps outlined in the manuscript with background experience and knowledge in cybersecurity , law enforcement , emergency management , incident command systems , and federal investigations . This varied background lends to a write-up that is understandable and easy to interpret for organizations . Each organization will approach or handle the planning for the possibility of a risk emerging from ransomware in differing ways . However , when unsure how to get started , it is valuable to gain knowledge and awareness of high-level sections that need to be approached , and the manuscript provides an excellent source for getting started .
The comprehensive and recently published manuscript ransomware preparedness product is based on a ( 2022 ) research paper originally envisioned at a New Jersey InfraGard conference held in October 2021 at Kean University . The InfraGard event allowed for cross-discipline , cross-sector , and public-private partnership
Continued on next page