THANK YOU FOR SUBSCRIBING
Gov CIO Outlook Weekly Brief
Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Gov CIO Outlook
Joe Moudy serves as the Director of the Office of Emergency Management (OEM) for the City of Lubbock, Texas. Before joining the City of Lubbock’s Office of Emergency Management, he worked for thirteen (13) years as a Lubbock Police Officer working in the Patrol, Investigations, and Administration divisions. He has coordinated response and recovery activities for COVID-19 and the February 2021 Winter Storm (Uri). He serves as the chair of the Texas Emergency Management Advisory Committee’s NIMS/ICS in EOC work group and as a vice chair of the Texas Emergency Management Advisory Committee’s Cyber Security Impacts work group, serves as the Chair of the South Plains Association of Government’s Emergency Responders Advisory Committee, and on other emergency management committees.
Joe Moudy, Director of Emergency Management, the City of Lubbock
Through this article, Moudy emphasizes the importance of preparing organizations for cyber incidents by addressing the risks posed by employee turnover, interconnected technologies, AI integration and the need for documented manual processes and alternative solutions to ensure continuity during technology failures.
Each of our organizations and departments is constantly on the lookout for the next emerging technology or solution that allows us to do more with less. These technological solutions typically offer additional data points and data analysis and allow our departments to streamline operations to make up for the gap caused by limited funding and staff. However, these solutions often are approached with a singular focus on the benefits without consideration for the unknown.
Almost weekly, if not daily, through various Information Sharing and Analysis Centers (ISACs), we are constantly reminded of the increasing impacts of cyber incidents and cyber-attacks. In speaking with different emergency managers and department heads, some common challenges are experienced by many different organizations.
Employee Turnover
With organizations experiencing turnover within departments, there is a strong likelihood that there will be fewer staff that are familiar with the “old ways” or manual processes that allow operations to continue when technology becomes unavailable. During a discussion, one department identified that they only had three employees, all eligible for retirement, who were familiar with manual timekeeping and payroll processes. All of the other employees in the department had joined the department within the past two years and had not experienced a manual process.
Interconnectivity of Technology
Our technology is interconnected with multiple systems. Multiple departments use the same software to complete different tasks and objectives. Many IT departments may seek to consolidate network and network paths. This allows IT departments to reduce costs and increase awareness and control over their systems but creates vulnerabilities as multiple systems and software become impacted during a cyber incident.
Devices such as VOIP phones have become more widely used, and some organizations may be using VOIP phones to daisy chain a computer ethernet connection.
“Every single department should have a run book on how to achieve organizational goals and objectives through a disaster. These processes should be well documented to provide Just-In-Time training for new employees who are on-boarded during a disaster.”
Inclusion of AI
With organizations leveraging AI, this places those systems and functions at a greater vulnerability to a cyber incident. The dependence on AI and other solutions reduces the familiarity of manual processes when those systems become unavailable. Additionally, you must consider where the data goes and is maintained that is accessible by AI. Improperly integrating AI can expose sensitive or critical information to the wrong person.
Often, AI can be added by users without their understanding of what is being added. One individual had unknowingly given AI full access to their calendar, which allowed the AI to join and record meetings with other organizations. This AI not only did a poor job of transcribing the meeting but also created public records containing false information from the meeting.
These challenges have made it more difficult, but not impossible, for organizations to prepare and plan for the unknown. Here are some tips to ensure that your organization is prepared for the unknown and the constantly evolving threat of cyber incidents and cyber-attacks.
Identify and inventory the devices throughout your organization.
You need to know what devices are in your organization, how they connect, and when the end-of-life date is for support and security updates.
Identify and inventory software used throughout your organization.
Document what software is used throughout the organization and how you can connect to it when your network is completely disabled if the software requires Active Directory or similar authentication, document processes to leverage alternate authentications. If your cloud-hosted solution requires connectivity to an internal DNS or domain server, identify processes to redirect it to another URL.
Provide alternative solutions early.
Many of our organizations are bound by legislative requirements on records retention or through security requirements on data. Our departments are very innovative and will develop alternative solutions when they are impacted by a disaster. Identify and provide alternative solutions such as secondary domain and email servers with processes supported by executive leadership. Get this developed early and before an incident occurs.
Document manual processes.
Every single department should have a run book on how to achieve organizational goals and objectives through a disaster. These processes should be well documented to provide Just-In-Time training for new employees who are on-boarded during a disaster.
Plan your cyber incident response with emergency management.
Emergency Managers are often the conduit in which outside resources are requested and managed. Your cyber incident response plans should include early notification and inclusion of the emergency managers for your organization. While they may not be an IT expert, they are often able to identify additional impacts and cascading effects of a cyber incident within your organization. They can also bring stakeholders together so that restoration priorities and resource needs are identified in the planning process. While IT understands the process of what devices must be brought back online in what order, IT may not understand how each department and each mission essential function impacts the organization and the community. Without the information from those stakeholders and emergency management, your recovery priorities may not be what is needed by your organization.
Exercise your plans and procedures regularly.
Each department should have a scheduled “down” day on technology on a regular basis. This allows each department to test and evaluate its manual processes, alternative solutions, and contingency or continuity plans. This may mean scheduling maintenance operations during normal business hours with plenty of planning so departments gain confidence that they can continue to operate during a disaster
Read Also
