Incident response is usually a deeply technical forensic investigation and mitigation for an individual organization. But for incidents that are not merely cyber crime but truly national security events, such as large-scale disruptive attacks that could be acts of war by another nation, the process is completely dissimilar, needing a different kind of thinking.
This talk will discuss exactly how, detailing the flow of national security incident response in the United States using the scenario of a major attack on the finance sector. The response starts at individual banks and exchanges, through the public-private sector information sharing processes (like FS-ISAC). Treasury handles the financial side of the crisis while DHS tackles the technical. If needed, the incident can be escalated to the military and president especially if the incident becomes especially disruptive or destructive. The talk examines this flow and the actions and decisions within the national security apparatus, concluding with the pros and cons of this approach and comparing it to the process in other key countries.
Jason Healey is the Director of the Cyber Statecraft Initiative of the Atlantic Council, focusing on international cooperation, competition and conflict in cyberspace. Previously he has worked cyber issues since the 1990s as a policy director at the White House, executive director at Goldman Sachs Asia, and a US Air Force intelligence officer. As a widely published on cyber conflict and statecraft, he is a board member of Cyber Conflict Studies Association, lecturer in cyber policy at Georgetown University and editor for the first book on cyber conflict history (due 2013).