|what can one learn from fire departments?|
|whenever a fire alarm is in progress, the system works like a well oiled machine. Fire marshall and team, emergency vehicles and staff all know what they have to do.|
|Fir departments demonstrate how well tried and tested procedures can help safe lives, why can we not do the same for cyberspace.|
We have addressed this important issue previously here:7 lessons learnt from the Estonian attacks
Below we outline some of the procedural and policy issues for any state that wants to prepare itself for fighting off a cyber attack with some success.
As example we chose to use Estonia and the insights we have gained there.
PROCEDURES – what worked and what could be improved upon
- preparedness – what to do when there is an alarm, step 1, step 2?
- tried and true – were the emergency procedures used according to best practice?
- early warning – how to warn each other – channels?
- manpower – who is available for what kind of work/help?
- coordination – how can tasks be handled most effectively – division of labor, etc.?
- communication with international partners – secure and formalized channels do not exist, hence using of ad-hoc channels worked but is it the best way to respond?
- media work – who keeps media informed – making sure media understands instead of generating hype with limited substance (e.g., Wired story)?
NATIONAL POLICY - changes and improvements
- goverment support (national strategy, who is responsible for what exactly, budget that can be drawn upon in a crisis?)
- crisis management plan (fixed plan that spells out the procedures that will have to be followed)
- early warning system (how do we know that we speak the same language – risk level 1 must be defined so it means the same for all involved – otherwise confusion and wasting of time)
- national CERT (who coordinates all efforts national and acts as a contact with the international community?)
- national coordination body (private sector, policy makers, law enforcement, CERTs do we need one or can the national CERT do it and if so how?)
- Involvement of international CERT community
- communication plan (how does one communicate effectively with different stakeholders and when?)
- regular exercises – similar to a firedrill we need exercises both nationally and internationally – budget must be put in place
CyTRAP Labs’ take on the issue
The above indicates that preparation is important and can be improved upon but, as importantly, post mortem analysis of an event is critical. If the national structure for dealing with such an event needs improvement, such work must be done quickly to avoid a disaster down the road.
As well, if various groups (e.g., ISPs, infrastructure providers, government agencies) need coordination, the necessary work must be done to assure that collaboration between various parties is assured.
We keep you posted on some of the issues regarding further policy, cross-national efforts and the European Union’s regulatory efforts to improve our countries’ cyber security level.
Like a fire department, cyber defense requires a tried and tested plan, with the necessary procedures than have withstood the test over time.
Tried and tested represents the core of every successful plan and procedure.