Cyber Attack and Business Continuity Simulation Changes Date to February 19, 2013 by Tom Jinks

The date for the Cyber Attack and Business Continuity Simulation has been changed to February 19, 2013. I’ve been asked “what we’ve learned” and “what we’ll do differently”. I thought this blog was a good place to address those questions.

What We’ve Learned

To a large extent we’ve learned that we are right, and we’ve been right from the beginning. We were right about “duty to share”. It is a cultural change from “need to know”. Cultural changes take time. More time than we allowed initially so we’ve given ourselves five more months by moving our event from September 2012 to February 2013.

We also learned getting observers is much easier than getting participants. Everyone is ready to watch our event and learn what they can from the safety of their seat. There is, however, a clear reluctance of C-Level executives and senior managers, or their controlling corporate communications departments, to share what they know. We have built Global News Network as a realistic, though fictional, framework yet there is a concern that the real facts about their own real companies will leak out.

The Chief Information Security Officers have also been quick to point out that they already know the information in our scenario – they already share informally with their fellow CISOs. They tell us that what we propose is a version of their regular jobs, but in a more public forum. They also tell us that with additional vetting of participants and observers that this could be a wonderful venue for additional sharing of information: the well-built GNN scenario provides a solid framework and we could definitely generate sharing of enterprise security and continuity information. We counter-point that there are hundreds of private, secure venues that provide threat and vulnerability sharing among CISO and other security practitioners and that we don’t want to be just one more. We are aiming at the C-Level and our plan is to make the C-Level executive more aware of security risks such as the next generation of botnets and the risks posed by electromagnetic pulse weapons as well as making business continuity planning a bigger part of their thinking. Awareness of threats and vulnerabilities and business continuity planning are a part of the twenty first century Chief Executive Officer and C-Level executive skill set and we aim to play a part in developing those skills.

We are, we think, pioneers. We are not an annual event for security people but, rather, the first event that packages security knowledge and awareness that C-Level Executives, senior managers, and security practitioners should share. The C-Level executive, and for that matter, the majority of the senior managers can get what they need from the two hour business continuity part of the exercise while there is a morning training session for the security practitioner.

What We’ll Do Differently

There are really two things that the date change will do for us. The extra time will allow us to better align with partners who share our vision, both other associations and vendors. We have had an overwhelmingly good response from each but with a call for “more time” to make sure their respective constituencies, and ours, get the full value from the simulation. The extra time will also allow us to further educate the prospective role players on what we are attempting to do and to recruit the best role players we possibly can.

The Way Ahead

We are not trying to change the “need to know” culture completely to a “duty to share” culture. We are trying to lead the way in duty to share, consistent with the law enforcement and homeland security visionaries of our country and in a leadership and vision role consistent with the direction of Technology Association of Georgia and the TAG InfoSec society. That is what we’ve learned, the things we’ll do differently and our way ahead. Join us as a participant, observer or sponsor: we have a joint destiny and a joint mission to reduce the impact on all enterprise operations of cybercrime and its attendant loss of our money and our resources.

Link for image: http://4.bp.blogspot.com/-1GlM36d4LoU/UATteBgdVPI/AAAAAAAAA6c/5PUJIlRgHCw/s1600/change-architect-sign-2.png