Emergency Response after Harvey
By Seth Jaffe.
In the wake of Harvey here in Houston, I took a few minutes to pull up FEMA’s Emergency Management Guide to see how it compares with #incidentresponse. Originally penned in 1993, the Guide offers a number of lessons for the average cyber incident response plan. For example, it begins with review of internal plans and policies and suggests meeting with outside groups such as law enforcement. Next step is to collate applicable codes and regulations and then identify critical operations and systems. Do an insurance review, list potential emergencies, and estimate their probability and the subsequent impact. At this point, you’re ready to develop the plan.
The Guide is well worth a read if you are involved in incident response. It talks about training, governance, team organization, and routine updating of the plan. One of my favorite sections is on emergency response procedures, where the Guide recommends specific procedures for different situations. In my view, this is exactly how a good cyber incident response program should work, breaking the plan into procedures that can be executed situationally.
FEMA, the American Red Cross, Baker-Ripley, and all of the emergency response entities have their work cut out for them in the coming weeks. Pitch in where you can, and hopefully, we can learn a thing or two in the process.
Seth is our official rocket scientist in residence. Hailing from NASA’s Mission Control Center, Seth brings a unique perspective to incident response, applying aspects of one of the world’s preeminent emergency operations platforms to cyber response. In addition to twenty-plus years’ of technical experience, Seth was previously a member of the data protection task force at a large law firm, and served as the lead Legal team member of an incident response team at a major U.S. airline. Seth is a certified business continuity professional, and he holds a juris doctorate, which is why he also wears the General Counsel hat at LEO.