“People don’t do shit about cybersecurity until they have to,” Tarah Wheeler, a Fulbright scholar and CEO at Red Queen Dynamics, Inc., remarked during her panel at Black Hat.
She’s right. A 2021 study from IBM(Opens in a new window) found that less than half of respondents said their organizations had a cybersecurity incident response plan. And if organizations don’t take the time to investigate how cybersecurity incidents happen, they could be doomed to repeat history.
Learning a New Playbook
That’s the conundrum that Wheeler—along with Victoria Ontiveros, a Harvard researcher, and Adam Shostack, a threat modeling expert—sought to address. Their answer: the Major Cyber Incident Investigations Playbook.
The document contains a guide for creating independent review boards at organizations, from deciding who should be on the board to presenting investigation results to interested parties. These groups would be tasked with gathering the facts about cybersecurity incidents, and then sharing that information with the wider cybersecurity community online, so they can avoid the same missteps in the future.
In a 2021 report(Opens in a new window) from Wheeler, Shostack, and Robert Knake(Opens in a new window) released by Harvard’s Belfer Center, the trio said the playbook effort could be like a “Cyber NTSB.” The National Transportation Safety Board (NTSB) investigates all major transportation incidents, and its reports are available to the public, which helps the transportation industry avoid future incidents. At Black Hat, the researchers argued that this strategy should also be applied to cyber-incident investigations.
The feds are already doing something similar. In February, the Homeland Security Department created the Cyber Safety Review Board (CSRB). The group’s mission is to build a bridge between the corporate cybersecurity community and US government agencies. The board’s first report(Opens in a new window), released last month, focused on the Log4j vulnerabilities discovered in late 2021 and included 19 recommendations for organizations to follow to avoid future incidents.
Recommended by Our Editors
But given the massive number of cybersecurity incidents, the private sector can’t rely on the CSRB alone, the researchers argued at Black Hat. They need to do the work themselves.
The research team is looking for a permanent home for their review board creation guide, and they expressed interest in making it available for public library patrons. Currently, the document is available on GitHub(Opens in a new window).
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Hits: 0
