WARTIME PREPAREDNESS
WARTIME CYBER DEFENSE PREPAREDNESS
Taking our recommended “Assume Compromise” approach in your wartime planning implies that you will be responding to incidents upon detention or discovery. This means that the compromise is presumed active – you just need to find it. Your company may or may not have an incident response plan or test for cyber incidents. If you do not have such a plan or it has fallen out of date, you should immediately establish such a plan as you prepare for a wartime cyber defense transition and preparation testing. If you have not performed a tabletop exercise of your incident response plan to date, take this advisory into account, in its entirety, before revising, testing, or activating this plan for wartime.
CYBERWAR INCIDENT RESPONSE PLANNING
Are you ready to tabletop, test, or prepare for wartime cyber attacks? All Hazards planning may not be enough. Engage the Cyber Defense Center for a comprehensive non-profit assessment of your of your cyber defense force posture and readiness, during peacetime and/or wartime, are sufficient to protect your organization's critical infrastructure.
WARTIME PREPAREDNESS SELF READINESS GUIDE
PERFORM A WARTIME SELF TEST
To adequately prepare and respond to a wartime nation-state sponsored attack, your self preparedness actions should consider the following:
First, if you think your current incident response plan is ready to test for wartime, you should consider conducting a wartime test of your cyber incident response plan as soon as possible. This global geo-political threat can evolve or occur quickly. Therefore, the sooner you are able to test for wartime cyber defense, the more ready you and your company will be when the time comes. Preparation and testing advisement for the 10 scenarios outlined in our self planning guide is a good place to start. You may also want to consider testing your disaster recovery and business continuity plans in concert with this cyber incident response test due to the extensive and adverse impacts cyber warfare may pose to your company.
REVISE RESPONSE FOR WARTIME
LEVEL 4 PREPAREDNESS TESTING PROTOCOLS
Then, start setting or revising wartime testing protocols and activation criteria based on the advisory guidance we provide in this section. This is a list of protocol advisories for LEVEL 4 planning and preparedness. LEVEL 5 is also included below.
Test as soon as possible | Test for wartime | Use this advisory in your testing
LEVEL 4 TESTING PROTOCOL CONSIDERATIONS
PLAN FOR LOSS
PLAN FOR CASUALTIES
PLAN FOR CASUALTIES
Plan for loss of providers | Plan for loss of critical resources | Plan for loss of personnel | Plan for loss of life
PLAN FOR CASUALTIES
PLAN FOR CASUALTIES
PLAN FOR CASUALTIES
Plan for upstream outages and disruptions | Plan for casualties to your infrastructure | Plan to divert resources to help others
PLAN FOR MUTUAL AID
PLAN FOR CASUALTIES
PLAN FOR MUTUAL AID
Prepare for mutual aid | Prepare for government intervention | Join your ISAC today
LEVEL 5 TESTING PROTOCOL CONSIDERATIONS
PLAN FOR ISOLATION
PLAN TO STAND ALONE
PLAN FOR ISOLATION
Know what should be shut down first | Plan to isolate and quarantine resources | Plan to act early
PLAN TO DISCONNECT
PLAN TO STAND ALONE
PLAN FOR ISOLATION
What is possible may shock you | Plan to take cover | Plan to stop the attack | Plan to unplug
PLAN TO STAND ALONE
PLAN TO STAND ALONE
PLAN TO STAND ALONE
Plan for little to no assistance | Plan to coordinate prioritized response assistance early | Plan to potentially stand alone
PLAN TO JOIN THE EFFORT
PLAN FOR A HUMANITARIAN CRISIS
PLAN TO SUPPORT YOUR COUNTRY
Prepare a statement | Understand your position | Prepare to assist
PLAN TO SUPPORT YOUR COUNTRY
PLAN FOR A HUMANITARIAN CRISIS
PLAN TO SUPPORT YOUR COUNTRY
Plan for the worst and hope for the best | Plan for stability | Plan for compassion | Plan for the wellbeing of your community
PLAN FOR A HUMANITARIAN CRISIS
PLAN FOR A HUMANITARIAN CRISIS
PLAN FOR A HUMANITARIAN CRISIS
Plan for wartime | Plan to survive | Plan to thrive