Expert advice: How to handle a cyber disruption

  • 16-Jun-2017 05:27 EDT
Brian Balow.jpg

Response and recovery should be done with face-to-face meetings and phone calls, advises Brian Balow. (Dawda, Mann, Mulcahy & Sadler image)



The essence of automotive cybersecurity's current state of capability: It’s possible to thwart most—but not all—cyber incidents.

“You can put in place all the preventive medicine that you want, but a cyber disruption is going to happen. The relevant question for an organization is ‘how will you respond?’” said Bill Hardin, Vice President of Forensic & Cyber Investigations at Charles River Assoc.

Hardin and other cyber security experts who recently spoke with Automotive Engineering stress the importance of developing a response plan for online attacks. A company’s general counsel, chief information security officer and outside legal counsel typically are involved in assembling such a plan.

“It can be just a one-pager that states the response team’s quarterback, the things that need to be done and the folks who need to get involved,” Hardin said.

Whether it’s a virus, a ransomware demand, or another type of cyber attack, the disruption requires immediate attention. And the unfolding situation needs to be handled in a coordinated manner.

Brian Balow, a member of the law firm Dawda, Mann, Mulcahy & Sadler PLC, advises clients dealing with a cyber situation to avoid communicating via emails and texts.

“While deliberating the incident, the response and recovery should be done with face-to-face meetings and phone calls,” he said. “After you’ve made decisions about what to do, then you can document those decisions in writing.”

It’s important to keep the information technology landscape intact after a cyber hack. “Preserve the IT environment if you can. If you do not have a system backup, you may be required to reconstruct the databases. And doing that reconstruction means you’ve lost a lot of the server log information,” Balow noted. “That historical information can be used to help understand what happened and understand how many individuals were affected.”

The impulse to shut down a computer and restart it could further complicate a cyber situation, according to Brian Warszona, Vice President, Cyber Specialist for Willis Towers Watson. “You really don’t want to do something when you’re not even sure what it is. It could just be a computer glitch,” he said. “Don’t panic; consult with your company’s designated response-plan quarterback.”

A rush to judgment can be pointless, especially since not all cyber incidents trace back to hackers. “How did the bad guys get into the system? Did they even get into it? Was it a misconfiguration of code? It comes down to how quickly we can make a determination, preserve the evidence and do what’s necessary to limit the operational impact on the organization,” Hardin said.

Meanwhile, cyber-attack 'rehearsals' can good practice to stay prepared. “Let’s say a company is concerned about a ransomware demand. The response team, along with outside legal counsel, could do a few tabletop exercises to see if there are any vulnerabilities in the process,” suggested Warszona.

Having procedures and policies in place before a cyber disruption is just as important as training the workforce on the cybersecurity action plan. Observed Balow, “A data security protocol is not ‘nice-to-have’ anymore, it’s must-have.”

HTML for Linking to Page
Page URL
Rate It
4.80 Avg. Rating

Read More Articles On

Focused on the near-term safety-improvement potential underlying autonomous-driving technology, Toyota - counter to much of the auto industry - sees real promise in developing SAE Level 2-3 systems.
Connectivity spawns need for security designed-in from the beginning, a complex issue that spans many disciplines.
If there’s any doubt that connectivity is the next wave for advanced features and functions, it should dissipate after CES 2017. A multitude of advances in over the air updates and security will be shown in Las Vegas in January, setting the stage for much of the auto industry’s technology rollouts throughout the year.
Emerging markets and technologies are both creating openings for Taiwanese suppliers. China’s burgeoning automotive market is a primary target for companies that focus on OEM sales, while emerging technologies like LEDs and head-up displays (HUD) are also providing opportunities.

Related Items

Training / Education