Cyber Incident Response – Cyber Security Helpdesk Limited – UK Cyber Incident Reponse Specialists

Preparedness for cyberattacks should consist of prevention (secure procedures and systems) and a plan for what happens if, a successful attack occurs.

UK Government Communications Headquarters (GCHQ) cyber security guidance recommends that organisations:

• Establish an incident response and disaster recovery capability that addresses the full range of incidents that can occur.

• Test incident management plans regularly (GCHQ: Cyber security guidance for businesses).

The internal and external consultants that should form the response team are dealt with further below. Organisations should prepare and circulate contact details of who to contact internally in the event of an attack.

The contact details of trusted external advisers – such as Cyber Security Helpdesk Limited! – in respect of IT, legal and PR matters (we can assist with all of the above!) who are likely to form part of the response team should similarly be kept and updated in a form which can be accessed and circulated following discovery of a breach.

Where incident response policies and procedures are documented, they should be available in formats that would not be inaccessible due to the attack (for example, policies may be inaccessible if encrypted by a virus on a compromised shared drive).

In assessing risks, consider the extent to which the operation of each aspect of the business would be affected by different forms of attack and prepare accordingly.

According to insurance industry surveys, take-up of cyber insurance remains low, with only around 10% of large businesses having any form of cyber insurance. Policies may cover loss and damage to digital assets, organisation interruption, notification expenses, theft of money or assets and even reputational damage.

In the absence of a cyber-specific policy, a comprehensive crime insurance policy or other, more general insurance policy may also cover cybercrime, but this should be confirmed in advance.

As vehicles get smarter, cyber security in the automotive industry is becoming an increasing concern. Whether we’re turning cars into wifi connected hotspots or equipping them with millions of lines of code to create fully autonomous vehicles, cars are more vulnerable than ever to hacking and data theft.

The Department for Transport and Centre for the Protection of National Infrastructure have issued joint guidance setting out how the automotive sector can make sure cyber security is properly considered at every level, from designers and engineers, through to suppliers and senior level executives.

The key principles of vehicle cyber security for connected and automated vehicles – some of which apply to many other businesses and industries – include: that security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain; that the security of all software is managed throughout its lifetime; and that the storage and transmission of data is secure and can be controlled.

The eight principles are:

Principle 1 – organisational security is owned, governed and promoted at board level

Principle 2 – security risks are assessed and managed appropriately and proportionately, including those specific to the supply chain

Principle 3 – organisations need product aftercare and incident response to ensure systems are secure over their lifetime

Principle 4 – all organisations, including sub-contractors, suppliers and potential 3rd parties, work together to enhance the security of the system

Principle 5 – systems are designed using a defence-in-depth approach

Principle 6 – the security of all software is managed throughout its lifetime

Principle 7 – the storage and transmission of data is secure and can be controlled

Principle 8 – the system is designed to be resilient to attacks and respond appropriately when its defences or sensors fail

From an incident response perspective, principles 3.1 to 3.4 are particularly pertinent and relevant to Cyber Security Helpdesk’s work responding to Cyber and Data breaches.

Principle 3.1 – Organisations plan for how to maintain security over the lifetime of their systems, including any necessary after-sales support services.

Principle 3.2 – Incident response plans are in place. Organisations plan for how to respond to potential compromise of safety critical assets, non-safety critical assets, and system malfunctions, and how to return affected systems to a safe and secure state.

Principle 3.3 – There is an active programme in place to identify critical vulnerabilities and appropriate systems in place to mitigate them in a proportionate manner.

Principle 3.4 – Organisations ensure their systems are able to support data forensics and the recovery of forensically robust, uniquely identifiable data. This may be used to identify the cause of any cyber, or other, incident.

The full text can be found at this URL: https://www.gov.uk/government/publications/principles-of-cyber-security-for-connected-and-automated-vehicles/the-key-principles-of-vehicle-cyber-security-for-connected-and-automated-vehicles