On Oct. 13 Booz Allen and the FC2 held a cybersecurity wargame simulation for senior officials in the public and private sectors at the University of South Florida, the home of the Florida Center.
With more than 60 senior leaders from government, the military, academia, and private industry playing the game, one finding was clear: cybersecurity has changed from a â€˜backroom’ issue where IT and cybersecurity professionals protect an organization’s networks and data to an area of strategic responsibility for the C-Suite and the boardroom.
Among the lessons learned: leaders must be concerned about impacts more broadly than just IT; strong internal communications are essential; and coordination with government officials and others in industry is critical.
During the game, participants took on the roles of Chief Information Security Officers, Chief Risk Officers, Directors of Operations, Public Relations or Human Resources, General Counsels, and other positions critical to responding to a significant, multi-dimensional cyber breach drawn straight from today’s headlines.
The wargame also underscored key lessons that help organizations more effectively prepare and respond to cyber breach incidents:
Planning is Not Enough – Every organization needs a cyber threat response plan â€“ and this needs to encompass more than the Systems Operations Center (the organization that would handle a breach). It must cover the C-Suite, business unit leaders, and heads of corporate functions like HR and public relations. All involved need to practice that plan. While all plans will need to evolve as a crisis unfolds, planning and exercising before an incident occurs can be vital to an organization’s successful response to the real thing.
Instinctually, corporate leaders often focus their response efforts on the technical problems. They concentrate on finding and removing the intruders as quickly as possible, while also ensuring that business operations continue with little disruption. Though these activities are vitally important, the impact of a cyber breach can reverberate far beyond a company’s networks and business operations. Consider the preparation for a wide range of internal and external challenges. This becomes an intellectual capital problem, a customer problem, a legal problem, an operations problem, a policy problem, a lost-revenue problem, and a communications, public relations, and brand problem.
Place equal value on internal communications – Crisis communications are just as critical as planning and exercising, and while most organizations emphasize the external component, timely and effective internal communicationsâ€”vertically and horizontally across the organizationâ€”are a “must do.â€ Indeed, external communications often depend on internal understanding and information, and impediments to the latter can have serious consequences. Poor internal communication can also lead to unforeseen leaks as well as inconsistent external messages, both of which can cause damage to the organization’s brand or increase its liabilities.
Engage your stakeholders and foster public-private collaboration – An effective response to a cyber attack requires collaboration between the affected organization and Federal, state, and local government agencies, as well as other industry partners. It takes a â€˜village’ to respond, and those relationships are best developed in advance â€“ perhaps as part of a wargame. A collaborative approach to cybersecurity exponentially increases an organization’s defense and mitigation strategies, its access to information, and ability to leverage the resources and expertise of other vested stakeholders.
These observations are consistent with many of the critical priorities for advancing cybersecurity awareness and prevention capabilities that Booz Allen has centered its Cyber Security Awareness Month efforts around. Dr. Ron Sanders, former US Intelligence Community Associate Director of National Intelligence, and current Booz Allen Vice President, helped to facilitate the wargame and observed that “a cyber attack can threaten the very existence of an organization, yet many C-Suite officers leave the response to an attack to their technical experts. We’ve foundâ€”and the wargame we just completed at USF underscored thisâ€”that senior leaders need to be much more â€˜cyber-aware’ as they make business decisions, and even more importantly, when an attack comes, they need to better understand the strategic business implications of their response options. Ultimately, this can be as or even more critical than the organization’s technical response to an attack.”
Vice Admiral Mike McConnell (USN, retired), the former Director of National Intelligence as well as the former Director of the National Security Agency, and current Booz Allen Hamilton Senior Executive Advisor, also helped to facilitate the wargame. Mr. McConnell has observed dozens of wargame exercises, and has managed real-world incident response events. He noted: “These exercises are invaluable for senior executives because they not only simulate the multi-faceted, complex dimensions of a cybersecurity crisis but also the unprecedented speed at which these incidents occur” said McConnell. “Simply put, practice makes perfect in this new landscape.â€