For our interview, we spoke with Scott Carbee, who is the Information Security Officer at UVM. His job involves various information security practice including developing security policies, managing risk assessment, and ensuring compliance with cybersecurity regulations across the university here. He has also served as the CSO for the state of Vermont, and before that he was a network defense instructor for the army.
Because of his extensive experience in the field, Scott was able to provide us with a wealth of information about the role of a community mentor in a supposed incident such as our Dam Ransomware attack. He was able to provide us with a detailed description of what the community mentor’s role would be in real life if a cybersecurity incident like this happened.
In addition, because he had a lot of experience working on the government side of the field, he was able to provide us with a lot of information about the stakeholder interests that the community mentor would seek to protect if a cybersecurity incident like this happened. He also provided us with a lot of information about other actors the community mentor would likely work with if a cybersecurity incident like this happened. Finally, he was able to provide us with a lot of other information concerning the role that we found to be very helpful in understanding what would be expected of us if a cybersecurity incident like this happened.
Mr. Carbee explained that the role would be to provide guidance and support to the community in the event of a cybersecurity incident. This would involve working with the IT department to identify the source of the incident, working with the PR department to manage the public relations side of the incident, and working with the FBI to manage the legal side of the incident. The community mentor would also have to work with an independent cybersecurity firm to help with the technical side of the incident.
He highlighted a particular issue that organizations face when balancing competing interests during cybersecurity incidents. In both simulated exercises and real-world scenarios, Chief Information Security Officers must carefully follow a process of identification, assessment, and the prioritization of various stakeholder concerns to ensure appropriate response actions.
Mr. Carbee emphasized the importance of having a legal consultant nearby at all times. In real situations, you need to know not only what are your options as fast as possible, but also the legal implications of each of them. He made sure to underline that you shouldn’t use the legal expert to dictate your actions, but to inform them.
The other actors that would have to be contacted are a little more obvious. The IT department would have to be contacted to help with the technical side of the incident, and the PR department would have to be contacted to help with the public relations side of the incident. The FBI would also have to be contacted to help with the legal side of the incident.
There is also the option of working with an independent cybersecurity firm to help with the technical side of the incident. This would be a good idea if the IT department is not able to handle the incident on their own.
For the tabletop exercise, Mr. Carbee also gave us some advice that organizations should have predefined responses and contingency plans in place. He emphasized the importance of developing alternate communication methods and response protocols before an incident occurs. According to him, having these plans ready allows for more efficient and effective reactions during a crisis, reducing response time and potential damage. He also noted that regularly testing these plans through simulations helps identify weaknesses and ensures all team members understand their responsibilities when a real incident happens.