| | DECEMBER 20219CIOReview2. Include a cyber component with all trainings and exercises, no matter how big or how small, and plan for the "cyber incident within the incident".The Internet of Things continues to advance the interconnectedness of the world, driving these connections to a much more granular level. More of our devices, and as a result more of our daily processes and procedures, rely on connected technologies. As the thread of cyber security now weaves through most aspects of our lives,there are more points of failure and more vulnerability to consider as we plan, prepare and train for crises. The increasing complexity of systems also means that the potential size and scope of failure grows with the increased prevalence. Keep this in mind during your trainings and exercises, because it happens today in the real world during a response to crisis. For example, during the COVID-19 pandemic we have seen hospitals and health systems become the target of advanced phishing attempts (https://us-cert.cisa.gov/ncas/alerts/aa20-099a).Bad actors are counting on you to be distracted during a crisis and exploit your vulnerabilities. Practicing for the "cyber incident within an incident" helps prepare you for the unexpected. Plus, it's better to make mistakes like downloading fake malware from a phishing email in a no consequence exercise environment than in the middle of a crisis. 3. Manage a cyber security incident with the same processes, support, and considerations you would a physical critical infrastructure incident.I'm not just talking about impacts to the servers, cables, power supplies, and other equipment that make up your physical network infrastructure, I'm talking about the information itself- all the zeros and ones that flow across the system. Just because you can't "see" it doesn't mean it isn't important. Like electricity and water, that information, that data, is a core utility, and emergency managers should treat it as such. I often say that coordination, communication, and command and control are the three-legged stool that enable successful crisis management. Without any one of those three you can still succeed, but it's a delicate balancing act. Without two of them you're destined to fail. Data- information- and its movement is at the heart of each of those legs of the stool, so keeping it intact and operating is critical to success. Furthermore, many cyber incidents quickly cascade into impacting physical infrastructure. Take for instance the case of recent ransomware attacks in cities like New Orleans and Baltimore. In both cases, thousands of hardware devices, servers, computers, tablets, and more, all had to be reimaged or replaced. Managing the incident from the beginning according to your Emergency Operations Plan in an manner consistent with the principals outlined in FEMA's Comprehensive Preparedness Guide (CPG) 101 ensures, among other things, unity of effort, appropriate resource tracking and allocation, and an organized approach to coordinating the chaos. In the end, there will always be much more to do, but these three core tenants should serve as a solid foundation to support the valuable work of CIOs and CISOs. If anything, it will also allow you to better understand the ever evolving and complex situations our partners often face. Afterall, that's what emergency management is all about:creating partnerships, tools, plans, and procedures that link functions, leverage capabilities and authorities, and create better outcomes during crisis.
< Page 8 | Page 10 >