NIST finalizes cyberattack recovery guidance

NIST finalizes cyberattack recovery guidance

Preventing all cyberattacks is a good, but unrealistic, goal. That’s why preparing for recovery from a cyber incident can be just as important as prevention, according to the National Institute of Standards and Technology. The agency’s Guide for Cybersecurity Event Recovery provides a single resource to help organizations develop strategies to contain an opponent and restore operations quickly.

“Organizations used to focus their information security efforts on cyber event protection, but adversaries have modified their attack techniques to make protection much more difficult, including taking advantage of weaknesses in processes and people as well as technologies,” the publication says. “The number of cyber events continues to increase sharply every year leading to a widespread recognition that some cyber events cannot be stopped.”

The publication was in its now-final form. The technology-neutral advice provides 10 recommendations for planning for recovering from an attack and includes example scenarios with step-by-step instructions for execution. The guidance is targeted at federal agencies, but NIST says the advice would be helpful to “any organization in any industry sector.”

The publication says it is important that an organization has its recovery plan in place before an attack. The plan should include details on who is authorized to implement the plan, communication strategies, information on off-site data storage, documented system details and a list of hardware, software and infrastructure.

Once the plan is in place, the training for attack recovery should be done on a regular basis, the publication recommends.  “The plans, policies, and procedures created for recovery should be continually improved by addressing lessons learned during recovery efforts and by periodically validating the recovery capabilities themselves,” the publication reads.

About the Author

Matt Leonard is a reporter/producer at GCN.

Before joining GCN, Leonard worked as a local reporter for The Smithfield Times in southeastern Virginia. In his time there he wrote about town council meetings, local crime and what to do if a beaver dam floods your back yard. Over the last few years, he has spent time at The Commonwealth Times, The Denver Post and WTVR-CBS 6. He is a graduate of Virginia Commonwealth University, where he received the faculty award for print and online journalism.

Leonard can be contacted at or follow him on Twitter @Matt_Lnrd.

Click here for previous articles by Leonard.

inside gcn

  • digital model of city (

    Why you need a digital twin

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group