Home > United Nations Online Network in Public Administration and Finance (UNPAN)
1. Global
Global
2. Africa
Africa
3. Arab States
Arab States
4. Asia & Pacific
Asia & Pacific
5. Europe
Europe
6. Latin America & Caribbean
Latin America & Caribbean
7. North America
North America
UNPAN North America
Public Administration News  
Share
U.S.: How to Recover from Cyber Incidents in Government
Source: http://www.govtech.com/
Source Date: Monday, November 13, 2017
Focus: Citizen Engagement, Internet Governance
Country: United States
Created: Nov 13, 2017


Public and private sector organizations have experienced numerous major incidents related to cybersecurity over the past few years. Indeed, many experts claim it is just a matter of time before everyone experiences a data breach or significant cyber event such as a widespread ransomware infection.

So how can the public sector prepare for cybersecurity events that have the potential to disrupt their critical operations?  Governments are known for their actions using Federal Emergency Management Agency (FEMA) response and recovery guidance for natural disaster situations such as in Hurricane Harvey, but cybersecurity incidents are certainly different in many respects. How should organizations prepare now to recover when events happen?

In many state and local governments this topic has been on the front burner for several years, leading the National Association of State CIOs (NASCIO) to create a Cybersecurity Disruption Response Planning Guide last year, that includes best practices from many jurisdictions.

States like Michigan are now on their second version of their cyber disruption response plans. The Michigan actions include involvement from public and private entities that are involved in protecting critical infrastructure at the local, state and national levels. I covered more details on this state-specific cyber planning efforts several years ago.

Michigan even brings in their Cyber Civilian Corp if the Governor declares a cyber emergency, and these mechanisms are now written into law. However, the training, planning and preparation for these events come well before any cyber emergency. States like Michigan even hold annual cyber tabletop exercises to practice for potential disruption scenarios.

Federal Government Cyber Event Planning

But what about national guidance on planning for cyber incidents for the federal government and others? Most public and private sector organizations look to the National Institute of Standards & Technology (NIST) to do the required research to provide guidance and direction, in the same way that they developed, released and updated the Cybersecurity Framework.

Fortunately, I have some good news for you.

Back in mid-October, I sat on the ransomware panel at CyberMaryland in Baltimore, and I sat next to Michael (Mike) Bartock on the panel from NIST.

Mr. Bartock is an IT specialist in the Computer Security Division in the Information Technology Laboratory at the National Institute of Standards and Technology. He performs applied cybersecurity research specializing in hardware roots of trust to enforce policy-based cloud workload migration, LTE backhaul protection, and derived PIV credentials. His work focuses on collaborating with industry partners to build and implement proof of concept reference architectures. He has experience in managing virtualized environment, cloud computing, software development, cryptography, derived PIV credentials, and LTE security for public safety networks. He received his Bachelor's in Mathematics from the University of Maryland.

Many of Mike’s answers on ransomware and other cyber incidents referenced NIST SP 800-184, which is a guide that came out in December 2016 regarding cybersecurity event response and recovery. The title of the document is: “Guide for Cybersecurity Event Recovery.”

“The purpose of this document is to support organizations in a technology-neutral way in improving their cyber event recovery plans, processes, and procedures, with the goal of resuming normal operations more quickly. This document extends, and does not replace, existing federal guidelines regarding incident response by providing actionable information specifically on preparing for cyber event recovery and achieving continuous improvement of recovery capabilities. It points readers to existing guidance for recovery of information technology.”

Here’s how the NIST introduces this cybersecurity topic at their website: “Defense! Defense!” may be the rallying cry from cybersecurity teams working to thwart cybersecurity attacks, but perhaps they should be shouting “Recover! Recover!” instead.

The helpful NIST Guide offers sections including an executive summary, purpose and scope, planning for cyber event recovery, continuous improvement, recovery metrics, building a playbook, some example scenarios and several appendix checklists for your playbooks – including references. Note: You can see the outline for the table of contents at the end of this blog.

I was very impressed with Mike’s panel answers, so I asked him if he would be willing to be interviewed for my blog. He agreed, so I offer that exclusive interview to you below.

(BY DAN LOHRMANN)
News Home

 Tag This
 Tell A Friend
del.icio.us digg this Slashdot
Rate:
0 ratings
Views: 20

Comments: 0 Bookmarked: 0 Tagged: 0



0 Comments | Login to add comment

Site map | FAQs | Terms and Privacy | Contact Us
Copyright 2008-2010 by UNPAN - United Nations Public Administration Network