Expert Advice: How to Handle a Cyber Disruption
The essence of automotive cybersecurity's current state of capability: It’s possible to thwart most—but not all—cyber incidents.
“You can put in place all the preventive medicine that you want, but a cyber disruption is going to happen. The relevant question for an organization is ‘how will you respond?’” said Bill Hardin, Vice President of Forensic & Cyber Investigations at Charles River Assoc.
Hardin and other cyber security experts who recently spoke with Automotive Engineering stress the importance of developing a response plan for online attacks. A company’s general counsel, chief information security officer and outside legal counsel typically are involved in assembling such a plan.
“It can be just a one-pager that states the response team’s quarterback, the things that need to be done and the folks who need to get involved,” Hardin said.
Whether it’s a virus, a ransomware demand, or another type of cyber attack, the disruption requires immediate attention. And the unfolding situation needs to be handled in a coordinated manner.
Brian Balow, a member of the law firm Dawda, Mann, Mulcahy & Sadler PLC, advises clients dealing with a cyber situation to avoid communicating via emails and texts.
“While deliberating the incident, the response and recovery should be done with face-to-face meetings and phone calls,” he said. “After you’ve made decisions about what to do, then you can document those decisions in writing.”
It’s important to keep the information technology landscape intact after a cyber hack. “Preserve the IT environment if you can. If you do not have a system backup, you may be required to reconstruct the databases. And doing that reconstruction means you’ve lost a lot of the server log information,” Balow noted. “That historical information can be used to help understand what happened and understand how many individuals were affected.”
The impulse to shut down a computer and restart it could further complicate a cyber situation, according to Brian Warszona, Vice President, Cyber Specialist for Willis Towers Watson. “You really don’t want to do something when you’re not even sure what it is. It could just be a computer glitch,” he said. “Don’t panic; consult with your company’s designated response-plan quarterback.”
A rush to judgment can be pointless, especially since not all cyber incidents trace back to hackers. “How did the bad guys get into the system? Did they even get into it? Was it a misconfiguration of code? It comes down to how quickly we can make a determination, preserve the evidence and do what’s necessary to limit the operational impact on the organization,” Hardin said.
Meanwhile, cyber-attack 'rehearsals' can good practice to stay prepared. “Let’s say a company is concerned about a ransomware demand. The response team, along with outside legal counsel, could do a few tabletop exercises to see if there are any vulnerabilities in the process,” suggested Warszona.
Having procedures and policies in place before a cyber disruption is just as important as training the workforce on the cybersecurity action plan. Observed Balow, “A data security protocol is not ‘nice-to-have’ anymore, it’s must-have.”
Top Stories
INSIDERManufacturing & Prototyping
Boeing to End 767 Production, Reduce Workforce Amid Ongoing Union Strike
INSIDERMechanical & Fluid Systems
Army Receives New Robot Combat Vehicle Prototypes
INSIDERDesign
Are Boeing 737 Rudder Control Systems at Risk of Malfunctioning?
INSIDERMechanical & Fluid Systems
Army Evaluates 3D Printing for Bradley Fighting Vehicle's Transmission Mount
INSIDERAerospace
Army Seeks to Expand 3D Printing to the Tactical Edge
ArticlesRegulations/Standards
Cummins New X15 Engine Meets Upcoming Regs While Boosting Efficiency
Webcasts
Defense
Maximize Asset Availability in the Aerospace and Defense Industry
Aerospace
The Inside Story on Space Grade Silicones
Transportation
The Rise of Software-Defined Commercial Vehicles
Test & Measurement
Avoiding Risk Analysis Pitfalls: Implementing Linked DFMEA, HARA,...
Automotive
A Quick Guide to Multi-Axis Simulation and Component Testing
Aerospace
Best Practices for Developing Safe and Secure Modular Software
Similar Stories
NewsElectronics & Computers
Connected Vehicles Will Be Hackers' Trophy
NewsRF & Microwave Electronics
Security Issues Are Quickly Becoming a Central Aspect of Vehicle Design
NewsElectronics & Computers
WCX17: Cybersecurity Fears Soar as Connectivity Escalates
NewsElectronics & Computers
Cybersecurity Experts Confess Their Greatest Worries
NewsElectronics & Computers
New Auto "ISAC" Is Framework for Improved Cybersecurity