Cyber Mayday and the Day After. Daniel Lohrmann
Goes Off; and Part III: The Day After: Recovering from Cyber Emergencies.
Part I presents the gift of a time machine, seeking hindsight from top industry leaders around the globe and things we can do differently before having to go through any cyber emergencies. We cover playbooks from cyber disruption to risk transfer options, and explore the power of “perfect practice.” We also unpack a handbook specifically for leaders at the top, and the keys of proactive leadership.
Part II is when Cyber Mayday hits! We walk through real-life cyber emergency incidents and what actually happens when the alarm goes off. In that split second when the virtual walls are crumbling down, what are the most important steps to take and where to go? Who are the players you should be working with in times of crisis and immense pressure? And, in the midst of your Mayday, what can go right?
The chapters in Part III address critical issues when you finally have some breathing space. This is the opportune time to be intentional and reflect on what went wrong, how to recover, and how to level up in your strategy.
This comprehensive exploration of tales, woes, and lessons of leaders is a gift of hindsight and insights, which will enable and position current and next-generation business leaders with the required foresight to continue leading at the frontline. We hope you gain lots of invaluable takeaways from your time spent with us; enjoy.
NOTES
1 1. President Joe Biden speech, quoted in Maggie Miller, “Biden: US Taking ‘Urgent” Steps to Improve Cybersecurity,” The Hill, February 4, 2021, https://thehill.com/policy/cybersecurity/537436-biden-says-administration-launching-urgent-initiative-to-improve-nations.
2 2. “Jerome Powell: Full 2021 60 Minutes Interview Transcript,” 60 Minutes, April 11, 2021, https://www.cbsnews.com/news/jerome-powell-full-2021-60-minutes-interview-transcript/.
3 3. “Prepared Statement of Kevin Mandia, CEO of FireEye, Inc. before the United States Senate Select Committee on Intelligence,” February 23, 2021, https://www.intelligence.senate.gov/sites/default/files/documents/os-kmandia-022321.pdf.
4 4. “Testimony of Microsoft President Brad Smith before the United States Senate Select Committee on Intelligence,” February 23, 2021, https://www.intelligence.senate.gov/sites/default/files/documents/os-bsmith-022321.pdf.
5 5. “Written Testimony of Sudhakar Ramakrishna, Chief Executive Office, SolarWinds Inc. before the United States Senate Select Committee on Intelligence,” February 23, 2021, https://www.intelligence.senate.gov/sites/default/files/documents/os-sramakrishna-022321.pdf.
6 6. “Testimony of the Federal Chief Information Security Officer Christopher J. DeRusha, United States Senate Homeland Security and Governmental Affairs,” March 18, 2021, https://www.hsgac.senate.gov/imo/media/doc/Testimony-DeRusha-2021-03-18.pdf.
7 7. Gloria Gonzalez, Ben Lefebvre, and Eric Geller, “‘Jugular’ of the U.S. Fuel Pipeline System Shuts Down after Cyberattack,” Politico, May 8, 2021, https://www.politico.com/news/2021/05/08/colonial-pipeline-cyber-attack-485984.
CHAPTER 1 If I Had a Time Machine
The real trick in life is to turn hindsight into foresight that reveals insight.
—Robin Sharma
Imagine going back in time to watch and listen and change things.
Where would you go? And to what point in time?
Do you have the knowledge, tools, and influence to change things for the better? If so, who would you interact with to alter the specific outcome(s)? What one (or perhaps two or three) things would you do differently, and why?
Yes, you can ponder these questions about virtually any area of life. However, this book specifically addresses cybersecurity incidents or other emergency situations that contain significant cyber components that have in the past, or are in the present, or will in the future, impact global organizations in substantial ways.
Stretching further, society is growing even more reliant on resilient infrastructures that demand functioning cyber protections that involve people, process, and technology components. If we fail, the consequences will be dramatic in real life.
This journey must start with the lessons from the past. We can learn from stories from global cyber leaders and practitioners who have been through cyberattacks and come out stronger. Along the way, we will point to frameworks, checklists, standards, protocols, white papers, and other helpful materials.
If we are going to be equipped for the inevitable cyber storms that are coming in the decades ahead, we must learn from each other and improve faster than the bad actors who are causing such online destruction. In doing so, we first explore what works and is repeatable regarding cyber incident response.
STARTING WITH THE UNKNOWNS – OR NOT?
“I don't want to know, and I don't care to know. If I don't know about it, it does not exist.” Shocking, but in fact, there are many business leaders who think this way.
The truth is that sometimes, some data takes only a minimal effort to discover, and when you realize the type of information that is available out there and accessible to anyone (including malicious actors), then you will have no choice but to care. As the chief growth officer at Privasec (a Sekuro company), a top-tier and agnostic cybersecurity firm, Shamane leads the security outreach strategy team, spearheading industry awareness initiatives while working closely with the CISOs (chief information security officers) in bridging their business gaps. She met Todd Carroll, a former 20-year FBI cyber intelligence leader, virtually, in a cyber security summit she organized, where he shared an intriguing story. Todd walked through one of the real-world findings that CybelAngel's data leak detection technology came across a few years ago.1 CybelAngel detects exposed data, devices, and services outside the enterprise's perimeter, enabling remediation before the exposure is weaponized. In this instance, it detected several pieces of information that exposed a bigger issue involving several airports, their ecosystem, and exposure of their data.
The thing is, data is always being shared. The aviation industry, like other industries, works with third parties.