Protected Voices: Incident Response

Protected Voices: Incident Response


No matter how strong your cyber defenses may
be, you cannot block every possible attack on your computer network. How can you prepare for the worst-case scenario—a
successful cyber attack on your campaign’s network? Hello, I’m Hadley, a special agent with
the FBI. I’m here to share some recommendations for
drafting an incident response plan. Creating a plan to respond to incidents on
your network is just as important as preventing them. If you can design and execute a thoughtful
response, you may be able to lessen the damage done, and even avoid damage altogether. Before you make an incident response plan,
identify what’s at risk. What are the most important pieces of your
campaign that could be affected by a cyber attack? How could a successful cyber attack impact
your campaign? Different functions or different kinds of
information in a campaign might be of different urgency or value. Knowing what really matters to your campaign’s
ability to function will be critical in designing the best way to respond to an attack. There are three main components to an incident
response plan: technical, legal, and managerial. As part of your plan, designate specific,
skilled people who are best positioned to cover those functions. What information does each component need? What should you expect from each component? What’s the chain of command? To whom does the team report? Who has the authority to make judgment calls
as to when the campaign’s computer networks will be taken down, quarantined, or put back
online? After identifying your team, find a way for
the team members can communicate that does not rely on compromised systems. If your incident response team talks on a
channel where the attacker is listening, you’ve created more problems. Develop a playbook to address the most likely
incidents. Various types of incidents might require different
kinds of responses, depending on which systems are affected and to what extent. Each response should include these elements:
whom to notify in the campaign, what information to collect, when and how to contact law enforcement,
how to preserve evidence, whether other potential victims should be warned which facts a decision-maker
will use to decide how to treat affected systems. Your plan should cover these basic steps:
Assess the attack and potential damage; contain the attack to prevent additional damage; collect
information about the attack to inform decision-makers, law enforcement and other victims; notify
your internal command chain and outside partners to address all aspects of the attack, especially
to remediate any damage. As part of your planning process, consider
contacting law enforcement and private IT/security partners who may be involved in your incident
response. You can ask for guidance from these partners
ahead of time to fine-tune your plan. Ensure your legal, technical, and management
experts approve of your incident response plan. And make sure your response team regularly
reviews and practices the plan. Drafting an incident response plan can be
intimidating if you’ve never done it. There are several free resources online, including
guides published by the Department of Justice and by the U.S. Election Assistance Commission. Stay a step ahead of attackers by anticipating
how you will respond to their attacks. You will save your campaign valuable time
in responding to attacks, and your prep work might minimize the damage from a successful
attack. Remember, your voice matters, so protect it.

Leave a Reply

Your email address will not be published. Required fields are marked *