Disaster Discourse: The Hagerty Blog

Hagerty’s Cyber Nexus Approach — Building Better Cybersecurity

Cybersecurity is paramount for personal, organizational, and national security. Recent cyber incidents, such as the breach in San Diego Unified School District’s computer systems, have shown the growing imminence of cyber threats. Malicious attempts to disrupt networks and systems continue to grow in frequency, scale, and sophistication while those implementing protective measures are perpetually challenged to keep pace. Consider the statistics included in the graphic below.

Statistics from the past year demonstrate how cyber-attacks are becoming more frequent and causing more damage than ever before.

To help our clients address this vulnerability, Hagerty Consulting, Inc. (Hagerty) developed a programmatic approach to cyber incident management that leverages best practices from the National Institute of Standards and Technology (NIST), the Department of Homeland Security (DHS) and its National Cyber Incident Response Plan (NCIRP), the National Association of State Chief Information Officers (NASCIO),  and the National Governor’s Association (NGA). Key elements of our approach, Cyber Nexus Approach (CNA), are presented below to underscore the ways in which Hagerty is prepared to support a programmatic approach to cybersecurity.

Hagerty’s CNA: The double helix structure represents stakeholder collaboration across phases of an incident and leverages their combined technical expertise.

Integrate Emergency Management and Information Technology Expertise

CNA is a framework for public and private sector organizations and companies responsible for building a cybersecurity program that empowers its users by:

  • Bringing key cybersecurity stakeholders together to bridge knowledge gaps; and
  • Facilitating information-sharing and collaboration across areas of expertise while enabling each stakeholder to perform the tasks he or she does best.

By incorporating new stakeholders into what are conventionally considered information technology (IT) activities and exposing emergency managers to a novel approach to cybersecurity program management, CNA dissolves boundaries of individual roles to expand the responsibility of cyber preparedness across disciplines within an organization or jurisdiction. CNA provides a collaborative and task-oriented framework to unify efforts across unique areas of expertise (such as management and technical support or emergency management and IT).

Create a Cyber Disruption Team

To oversee the revisions and improvements to your jurisdiction or organization’s cybersecurity program, Hagerty recommends creating a Cyber Disruption Team (CDT). A CDT can be formed by identifying a core response team to assess and respond to incidents and partnering them with additional stakeholders to provide comprehensive support and expertise. Composed of experts from relevant technical and strategic entities within your institution, the CDT may be assigned responsibility for:

  • Facilitating operational coordination before, during, and after a cyber incident;
  • Conducting cyber risk management, cyber incident, and disruption response planning; and
  • Facilitating cyber-related training and exercise.

Building effective cyber plans requires insight from diverse stakeholders. Hagerty recommends including management, strategic, and technical experts in CDT membership. Some examples may include Chief Executive Officers (CEOs), elected officials, emergency managers, IT personnel, and fusion centers. Hagerty has engaged fusion centers as partners during cyber planning to better understand the flow of information to help define their responsibilities within plans. By expanding the network of players, CNA can empower the whole community to play a role in supporting cybersecurity.

Plan for Cyber Incidents

Plan development allows organizations to establish activation procedures, an organizational structure, and roles and responsibilities that can be immediately employed in the case of a cyber incident. Hagerty can help build capabilities that facilitate well-executed cyber response strategies through coordinated consequence management. Cyber disruption planning can help establish a vision of successful resolutions and facilitate bench-marking to support the future growth and development of cyber capabilities, in addition to providing a framework for key partners to assess severity, assign tasks, communicate, and perform after-action reporting (AAR).

One of the ways CNA effectively translates planning into action is by assigning the CDT responsibility to a common operating picture. To accomplish this, the CDT will convene before, during, and after an incident to:

  • Facilitate cross-functional communication and coordination;
  • Provide direction and assignments to relevant personnel; and
  • Create a venue for reporting progress on assigned tasks.

Establishing a common operating picture puts the core concepts developed in planning into practice. By building strong preparedness measures for a cyber incident, CNA contributes to the establishment of effective, robust cybersecurity programs.

Kayla Slater is a Managing Associate and Hagerty’s Cyber Portfolio Lead who primarily supports pre-disaster recovery planning and cybersecurity preparedness working in Washington, D.C. A graduate of Georgetown University’s Emergency and Disaster Management Program, Kayla enjoys helping clients develop innovative and practical plans and tools to support response and recovery. In her spare time, she bakes, reads, and bikes to donut shops. To learn more about how Hagerty can help your organization visit cyberthreatready.com or contact Kayla to learn about Hagerty’s approach to cybersecurity program management.