Cybersecurity breach simulation demonstrates need for today’s leaders to embrace an active defense, improve enterprise-level incident response capabilities

Booz Allen 112As cybersecurity breaches continue to make headlines, Booz Allen Hamilton of McLean, VA and the universities that are served by the new Florida Center for Cybersecurity (FC2) are giving senior leaders the means to shift the balance of power back in their favor. On October 13, during the height of National Cyber Security Awareness Month, Booz Allen and the FC2 held a cybersecurity “wargame” simulation for senior officials in the public and private sectors at the University of South Florida, the ‘home’ of the Florida Center.

With more than 60 senior leaders from government, the military, academia, and private industry playing the game, one finding was clear: cybersecurity has changed from a ‘backroom’ issue where IT and cybersecurity professionals protect an organization’s networks and data to an area of strategic responsibility for the C-Suite and the boardroom. Among the lessons learned: leaders must be concerned about impacts more broadly than just IT; strong internal communications are essential; and coordination with government officials and others in industry is critical.

By invitation only, the FC2 wargame educated senior leaders (especially those with non-IT responsibilities) on the strategic threats and risks associated with cybersecurity. Based on “lessons learned” from hundreds of real-world cyber incidents, it required participants to play fictional roles as teams of company officials in Financial Services, Healthcare, Retail, and Technology sectors, as well as those in Critical Infrastructure industries (like power companies, etc.). During the game, participants took on the roles of Chief Information Security Officers, Chief Risk Officers, Directors of Operations, Public Relations or Human Resources, General Counsels, and other positions critical to responding to a significant, multi-dimensional cyber breach drawn straight from today’s headlines.

In addition to helping senior leaders become acutely aware of the cyber threats to their organizations and giving them some life-like practice actually responding to those threats, the wargame also underscored key lessons that help organizations more effectively prepare and respond to cyber breach incidents:

  • Planning is Not Enough –Every organization needs a cyber threat response plan – and this needs to encompass more than the Systems Operations Center (the organization that would handle a breach). It must cover the C-Suite, business unit leaders, and heads of corporate functions like HR and public relations. All involved need to practice that plan. While all plans will need to evolve as a crisis unfolds, planning and exercising before an incident occurs can be vital to an organization’s successful response to the real thing.

    Instinctually, corporate leaders often focus their response efforts on the technical problems. They concentrate on finding and removing the intruders as quickly as possible, while also ensuring that business operations continue with little disruption. Though these activities are vitally important, the impact of a cyber breach can reverberate far beyond a company’s networks and business operations. Consider the preparation for a wide range of internal and external challenges. This becomes an intellectual capital problem, a customer problem, a legal problem, an operations problem, a policy problem, a lost-revenue problem, and a communications, public relations, and brand problem.

  • Place Equal Value on Internal Communications –Crisis communications are just as critical as planning and exercising, and while most organizations emphasize the external component, timely and effective internal communications—vertically and horizontally across the organization—are a “must do.” Indeed, external communications often depend on internal understanding and information, and impediments to the latter can have serious consequences. Poor internal communication can also lead to unforeseen leaks as well as inconsistent external messages, both of which can cause damage to the organization’s brand or increase its liabilities.
  • Engage Your Stakeholders and Foster Public-Private Collaboration –An effective response to a cyber attack requires collaboration between the affected organization and Federal, state, and local government agencies, as well as other industry partners. It takes a ‘village’ to respond, and those relationships are best developed in advance – perhaps as part of a wargame. A collaborative approach to cybersecurity exponentially increases an organization’s defense and mitigation strategies, its access to information, and ability to leverage the resources and expertise of other vested stakeholders.

These observations are consistent with many of the critical priorities for advancing cybersecurity awareness and prevention capabilities that Booz Allen has centered its Cyber Security Awareness Month efforts around. Dr. Ron Sanders, former US Intelligence Community Associate Director of National Intelligence, and current Booz Allen Vice President, helped to facilitate the wargame and observed that “a cyber attack can threaten the very existence of an organization, yet many C-Suite officers leave the response to an attack to their technical experts. We’ve found—and the wargame we just completed at USF underscored this—that senior leaders need to be much more ‘cyber-aware’ as they make business decisions, and even more importantly, when an attack comes, they need to better understand the strategic business implications of their response options. Ultimately, this can be as or even more critical than the organization’s technical response to an attack.”

Vice Admiral Mike McConnell (USN, retired), the former Director of National Intelligence as well as the former Director of the National Security Agency, and current Booz Allen Hamilton Senior Executive Advisor, also helped to facilitate the wargame. Mr. McConnell has observed dozens of wargame exercises, and has managed real-world incident response events. He noted: “These exercises are invaluable for senior executives because they not only simulate the multi-faceted, complex dimensions of a cybersecurity crisis but also the unprecedented speed at which these incidents occur,” said McConnell. “Simply put, practice makes perfect in this new landscape.”

Booz Allen has conducted more than 50 cyber wargames and exercises since 2010.

Sri Sridharan, Managing Director & Chief Operating Officer of FC2 expressed appreciation to Booz Allen Hamilton and shared these observations: “Offering this wargame exercise as part of our cybersecurity conference gave us an opportunity to immerse participants in a realistic crisis that tested their abilities to think strategically and act quickly. For the players, the dynamics of the exercise forced them to formulate a plan, adjust quickly, and think about strategies, outcomes and leadership roles when dealing with crisis. For many, it was a high-stress and eye-opening experience that will likely impact how they react when faced with a real crisis. We can’t thank Booz Allen Hamilton enough for facilitating this exercise.”

Source: Booz Allen Hamilton