Developing a Cyber Incident Communication Management Exercise for CI Stakeholders

Existing cyber security training programs for Critical Infrastructures (CI) place much emphasis on technical aspects, often related to a specific sector/expertise, overlooking the importance of communication (i.e. the ability of a stakeholder to gather and provide relevant information). We hypothesise that the achievement of a secure and resilient society requires a shared protocol among CI stakeholders, that would facilitate communication and cooperation. In order to validate our hypothesis and explore effective communication structures while facing a cyber incident and during recovery, we developed a discussion-based exercise using an Industrial Control System (ICS) incident scenario, and implemented it in pilot workshops where a total of 91 experts participated. Results suggest there are three possible incident communication structures centered around the IT department, the production department, and management, respectively. In future, these structures can be used as the framework to build an ICS-Security Incident Response Team (ICS-SIRT), which would strengthen cooperation among CI stakeholders.

[1]  Karlene H. Roberts,et al.  The Incident Command System : High Reliability Organizing for Complex and Volatile Task , 2007 .

[2]  David Woods,et al.  Challenges to adversarial interplay under high uncertainty: staged-world study of a cyber security event , 2011 .

[3]  Jonas Borell,et al.  Learning effectiveness of discussion-based crisis management exercises , 2013 .

[4]  Kenji Watanabe,et al.  Developing public–private partnership based business continuity management for increased community resilience , 2009 .

[5]  Y. Sheffi,et al.  A supply chain view of the resilient enterprise , 2005 .

[6]  Rayford B. Vaughn,et al.  The Power of Hands-On Exercises in SCADA Cyber Security Education , 2013, World Conference on Information Security Education.

[7]  Ernest Foo,et al.  A Proposed Australian Industrial Control System Security Curriculum , 2013, 2013 46th Hawaii International Conference on System Sciences.

[8]  Tomomi Aoyama,et al.  A unified framework for safety and security assessment in critical infrastructures , 2013 .

[9]  Tomomi Aoyama,et al.  How Management Goes Wrong? – The Human Factor Lessons Learned from a Cyber Incident Handling Exercise , 2015 .

[10]  J. Mathieu,et al.  The influence of shared mental models on team process and performance. , 2000, The Journal of applied psychology.

[11]  E. Salas,et al.  Shared mental models in expert team decision making. , 1993 .

[12]  Tomomi Aoyama,et al.  Studying resilient cyber incident management from large-scale cyber security training , 2015, 2015 10th Asian Control Conference (ASCC).

[13]  Ichiro Koshijima,et al.  Strategic security protection for industrial control systems , 2015, 2015 54th Annual Conference of the Society of Instrument and Control Engineers of Japan (SICE).