Taking our recommended “Assume Compromise” approach in your wartime planning implies that you will be responding to incidents upon detention or discovery. This means that the compromise is presumed active – you just need to find it. Your company may or may not have an incident response plan or test for cyber incidents. If you do not have such a plan or it has fallen out of date, you should immediately establish such a plan as you prepare for a wartime cyber defense transition and preparation testing. If you have not performed a tabletop exercise of your incident response plan to date, take this advisory into account, in its entirety, before revising, testing, or activating this plan for wartime.
Are you ready to tabletop, test, or prepare for wartime cyber attacks? All Hazards planning may not be enough. Engage the Cyber Defense Center for a comprehensive non-profit assessment of your of your cyber defense force posture and readiness, during peacetime and/or wartime, are sufficient to protect your organization's critical infrastructure.
To adequately prepare and respond to a wartime nation-state sponsored attack, your self preparedness actions should consider the following:
First, if you think your current incident response plan is ready to test for wartime, you should consider conducting a wartime test of your cyber incident response plan as soon as possible. This global geo-political threat can evolve or occur quickly. Therefore, the sooner you are able to test for wartime cyber defense, the more ready you and your company will be when the time comes. Preparation and testing advisement for the 10 scenarios outlined in our self planning guide is a good place to start. You may also want to consider testing your disaster recovery and business continuity plans in concert with this cyber incident response test due to the extensive and adverse impacts cyber warfare may pose to your company.
LEVEL 4 PREPAREDNESS TESTING PROTOCOLS
Then, start setting or revising wartime testing protocols and activation criteria based on the advisory guidance we provide in this section. This is a list of protocol advisories for LEVEL 4 planning and preparedness. LEVEL 5 is also included below.
Test as soon as possible | Test for wartime | Use this advisory in your testing
Plan for loss of providers | Plan for loss of critical resources | Plan for loss of personnel | Plan for loss of life
Plan for upstream outages and disruptions | Plan for casualties to your infrastructure | Plan to divert resources to help others
Prepare for mutual aid | Prepare for government intervention | Join your ISAC today
Know what should be shut down first | Plan to isolate and quarantine resources | Plan to act early
What is possible may shock you | Plan to take cover | Plan to stop the attack | Plan to unplug
Plan for little to no assistance | Plan to coordinate prioritized response assistance early | Plan to potentially stand alone
Prepare a statement | Understand your position | Prepare to assist
Plan for the worst and hope for the best | Plan for stability | Plan for compassion | Plan for the wellbeing of your community
Plan for wartime | Plan to survive | Plan to thrive
1931 North Liggett Road, Castle Rock, Colorado 80109, United States
PHONE: 800-381-3365 (DFN5) EMAIL: partner at cyberdefensecenter.org
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.