Using CPGs in Real Life – Develop and Exercise a Cyber Incident Response Plan

September 25th, 2024
Using CPGs in Real Life – Develop and Exercise a Cyber Incident Response Plan

You arrive at work tomorrow and are greeted by the news that a cyber-attack has compromised your district’s network, and the network is unavailable. What is the first thing you do? What is the second? When confronted by such alarming news, most people would be overwhelmed and unsure of the next steps. (Especially when questions from reporters, the Board, and parents follow soon after).

Developing the answers to these questions is the essence of CISA’s (Cybersecurity and Infrastructure Security Agency) fifth CPG, “Develop and Exercise a Cyber Incident Response Plan- (CPG 2.S)”.

In much the same way, you have a plan and practice for a physical emergency (fire, flood, tornado, etc.), but a cyber emergency also needs a plan. Going through the steps outlined in the linked CISA document and creating an Incident Response plan that outlines exactly what will happen, who will be involved, who will be notified, and what order containment and remediation steps will occur can bring much-needed clarity and focus to what is sure to be a stressful situation. Should a Cyber Emergency occur, many people within the school district would be involved, starting with the Superintendent. You certainly wouldn’t want anyone answering reporters or Law Enforcement questions that the Superintendent didn’t approve. That is why it is important for upper-level management, your Tech Director, and other operations stakeholders to work on this plan before anything happens—the time to identify who should be involved and in what way before the worst happens.

Helpful URL from CISA on guidance for Incident Response Planning:

Click to access Incident-Response-Plan-Basics_508c.pdf

This week’s suggestion:

Talk to your Superintendent and Tech Director about whether you have an Incident Response Plan (IRP), and if you do, do you schedule “tabletop exercises” to rehearse the plan

Are you still, feeling overwhelmed by the NIST Cybersecurity Framework and CPGs? Call CSI and ask how we can help you understand them and help mitigate your Cyber risk. We have a specific service to help you start the NIST CSF journey. Just contact Lisa MacDougall (lmacdougall@csiny.com) or 845.897.9480.