Records |
Author |
Alexander Staves; Harry Balderstone; Benjamin Green; Antonios Gouglidis; David Hutchison |
Title |
A Framework to Support ICS Cyber Incident Response and Recovery |
Type |
Conference Article |
Year |
2020 |
Publication |
ISCRAM 2020 Conference Proceedings – 17th International Conference on Information Systems for Crisis Response and Management |
Abbreviated Journal |
Iscram 2020 |
Volume |
|
Issue |
|
Pages |
638-651 |
Keywords |
ICS; CNI; Cyber Incident; Guidance; Response and Recovery |
Abstract |
During the past decade there has been a steady increase in cyber attacks targeting Critical National Infrastructure. In order to better protect against an ever-expanding threat landscape, governments, standards bodies, and a plethora of industry experts have produced relevant guidance for operators in response to incidents. However, in a context where safety, reliability, and availability are key, combined with the industrial nature of operational systems, advice on the right practice remains a challenge. This is further compounded by the volume of available guidance, raising questions on where operators should start, which guidance set should be followed, and how confidence in the adopted approach can be established. In this paper, an analysis of existing guidance with a focus on cyber incident response and recovery is provided. From this, a work in progress framework is posited, to better support operators in the development of response and recovery operations. |
Address |
Lancaster University, UK; Lancaster University, UK; Lancaster University, UK; Lancaster University, UK; Lancaster University, UK |
Corporate Author |
|
Thesis |
|
Publisher |
Virginia Tech |
Place of Publication |
Blacksburg, VA (USA) |
Editor |
Amanda Hughes; Fiona McNeill; Christopher W. Zobel |
Language |
English |
Summary Language |
English |
Original Title |
|
Series Editor |
|
Series Title |
|
Abbreviated Series Title |
|
Series Volume |
|
Series Issue |
|
Edition |
|
ISSN |
978-1-949373-27-59 |
ISBN |
2411-3445 |
Medium |
|
Track |
Resilience in Critical Infrastructures |
Expedition |
|
Conference |
17th International Conference on Information Systems for Crisis Response and Management |
Notes |
a.staves@lancaster.ac.uk |
Approved |
no |
Call Number |
|
Serial |
2260 |
Share this record to Facebook |
|
|
|
Author |
Jelle Groenendaal; Ira Helsloot; Christian Reuter |
Title |
Towards More Insight into Cyber Incident Response Decision Making and its Implications for Cyber Crisis Management |
Type |
Conference Article |
Year |
2022 |
Publication |
ISCRAM 2022 Conference Proceedings – 19th International Conference on Information Systems for Crisis Response and Management |
Abbreviated Journal |
Iscram 2022 |
Volume |
|
Issue |
|
Pages |
1025-1036 |
Keywords |
Cyber Incident Response; Cyber Crisis Management; Naturalistic Decision-making |
Abstract |
Organizations affected by a cyber-attack usually rely on external Cyber Incident Response (CIR) consultants to conduct investigations and mitigate the impact. These CIR consultants need to make critical decisions that could have major impact on their clients. This preliminary investigation aims to get a better understanding of CIR decision -making and answers the following questions: (1.) To what extent do experienced CIR consultants use a Recognition-Primed Decision (RPD) Making strategy during their work? (2.) What are the implications for cyber crisis management as well as for training and decision -making? To answer these questions, we conducted a literature review and interviewed six experienced CIR consultants using the Critical Decision Method. Our analysis reveals that CIR consultants recognize situations based on past experiences and apply a course of action that has worked effectively in the past. This course of action is mainly aimed at collecting and evaluating more data. This finding differs from other operational domains, such as the military and fire department, where recognition is usually followed immediately by action. For cyber crisis management, this means that crisis management teams should decide to what extent and in what ways they want to mitigate the risk of responding belatedly to cyber events, which could potentially lead to unnecessary data theft and sustained business disruption. Another implication is that crisis management teams should consider whether additional forensic investigations outweigh the expected benefits throughout the response process. For instance, if the likely entry-point of the attacker has been discovered, how much effort should be devoted to exclude other potential entry-points. Reflecting on the status-quo, several implications for training and decision making are provided. |
Address |
Crisislab, The Netherlands; Science and Technology for Peace and Security (PEASEC), TU Darmstadt |
Corporate Author |
|
Thesis |
|
Publisher |
|
Place of Publication |
Tarbes, France |
Editor |
Rob Grace; Hossein Baharmand |
Language |
English |
Summary Language |
|
Original Title |
|
Series Editor |
|
Series Title |
|
Abbreviated Series Title |
|
Series Volume |
|
Series Issue |
|
Edition |
|
ISSN |
2411-3387 |
ISBN |
978-82-8427-099-9 |
Medium |
|
Track |
Open Track |
Expedition |
|
Conference |
|
Notes |
|
Approved |
no |
Call Number |
ISCRAM @ idladmin @ |
Serial |
2468 |
Share this record to Facebook |