How Your Business Can Avoid Being Collateral Damage In A Cyber War

Larry Dietz talks to Richard Power about critical infrastructure and how businesses should think about digital conflict

1 2 Page 2
Page 2 of 2

A common operating picture in this context means the ability to see across the IT infrastructure to understand what possible attacks have been launched against the organization, how effective they have been and best practices concerning defense and mitigation. It would also be useful to know what other organizations have done from the same perspectives. This combined knowledge would help to optimize the organizations' actions to secure its personnel and assets.

Lastly the legal consequences are critical here. If the attack is a nation state then the organization will have a forced working relationship with its country's defense department. If the attacker is a non-state actor, especially a terrorist, this is likely to mean a protracted relationship with the nation's federal and possibly state or provincial law enforcement and judicial systems.

Long-term relationships within the judicial system, especially those involving criminal prosecution will result in extensive discovery. Organizations need to be zealous and out front so as to protect their intellectual property from exposure and to safeguard the brand against degradation due to governmental interaction and cooperation.

Let's go through some of the elements of the Mind Map, and the issues involved and/or any recommendations you might offer, specifically for commercial sector organizations: Outside Resources and Partners Agreements? Common Operating Picture? Global Situational Awareness?

Dietz: In the event of a serious cyber incident most organizations will not have the organic resources they need to cope with the incident, minimize the harm, absorb the lessons learned to apply going forward and defensively prepare for legal actions as a result of the incident.

Partners who will likely figure into the picture include: federal, state/provincial and potentially law enforcement; outside law firms; data forensics experts; IT recover resources beyond those already contracted for to deal with potential natural disasters; investigators; security management, executive protection, etc.

Other partners might include hot/cold sites; decontamination (cyber and physical) teams/resources; managed service providers; alternative sources of various goods and services should be considered and if possible negotiated ahead of time. The exact nature of the needed goods and services depends on the organization, the likely threats, geographic location, etc.

Yet one more set of partners are those who might be called upon to deal with the legal after math of cyber incidents. Outside specialty counsel, government prosecutors and e-discovery vendors are potential partners for these endeavors.

Evidence Protection and Collection?

Dietz: This is a particularly tricky one. The classic lawyerly answer is "it depends". It depends on the nature of the attacker, the gravity of harm caused and who will be prosecuting for what. Federal prosecutors seeking to prosecute for treason, terrorist acts, war crimes and the like will be particularly aggressive and intrusive.

Resource poor local prosecutors, especially those with no track record in computer crimes will likely be less of a challenge.

General Counsel can provide insight as to the level of care and detail the organization needs to consider when planning its evidence collection and data forensics strategy.

Combat forensics will likely be the order of the day during the initial phases of an attack when it is unclear who the attacker is and what legal courses of action are likely to occur once the immediacy of the attack is over and dealt with.

Organizations may opt for expediency in data forensics to help determine the nature and source of the attack that may be vital to mitigating its effects and deterring similar attacks in the future.

Given the lack of precedent it is difficult to predict what level of data forensics and evidence preservation the federal government will require where they suspect a nation state or terrorist attack. ##

Critical Infrastructure Sectors:

  • Information and communication
  • Banking and Finance
  • Water Supply
  • Transportation (Aviation, Highway, Mass Transit, Pipelines, Rail, Waterborne Commerce)
  • Emergency Law Enforcement
  • Emergency Fire Services, Continuity of Government
  • Electric Power, oil and gas production and storage
  • Public Health Services

Source: CRITICAL INFRASTRUCTURE PROTECTION

Significant Challenges in Developing National Capabilities

http://www.gao.gov/new.items/d01323.pdf; page 28

Richard Power is a Distinguished Fellow at Carnegie Mellon CyLab and a frequent contributor to CSO Magazine. He writes, speaks and consults on security, risk and intelligence issues. He has conducted executive briefings and led professional training in forty countries. Power is the author of five books. Prior to joining Carnegie Mellon, Power served as Director of Security Management and Security Intelligence for the Global Security Office (GSO) of Deloitte Touche Tomatsu and Editorial Director of the Computer Security Institute.

Copyright © 2010 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Get the best of CSO ... delivered. Sign up for our FREE email newsletters!