NIST finalizes cyberattack recovery guidance

NIST finalizes cyberattack recovery guidance

Preventing all cyberattacks is a good, but unrealistic, goal. That’s why preparing for recovery from a cyber incident can be just as important as prevention, according to the National Institute of Standards and Technology. The agency’s Guide for Cybersecurity Event Recovery provides a single resource to help organizations develop strategies to contain an opponent and restore operations quickly.

“Organizations used to focus their information security efforts on cyber event protection, but adversaries have modified their attack techniques to make protection much more difficult, including taking advantage of weaknesses in processes and people as well as technologies,” the publication says. “The number of cyber events continues to increase sharply every year leading to a widespread recognition that some cyber events cannot be stopped.”

The publication was in its now-final form. The technology-neutral advice provides 10 recommendations for planning for recovering from an attack and includes example scenarios with step-by-step instructions for execution. The guidance is targeted at federal agencies, but NIST says the advice would be helpful to “any organization in any industry sector.”

The publication says it is important that an organization has its recovery plan in place before an attack. The plan should include details on who is authorized to implement the plan, communication strategies, information on off-site data storage, documented system details and a list of hardware, software and infrastructure.

Once the plan is in place, the training for attack recovery should be done on a regular basis, the publication recommends.  “The plans, policies, and procedures created for recovery should be continually improved by addressing lessons learned during recovery efforts and by periodically validating the recovery capabilities themselves,” the publication reads.

About the Author

Matt Leonard is a reporter/producer at GCN.

Before joining GCN, Leonard worked as a local reporter for The Smithfield Times in southeastern Virginia. In his time there he wrote about town council meetings, local crime and what to do if a beaver dam floods your back yard. Over the last few years, he has spent time at The Commonwealth Times, The Denver Post and WTVR-CBS 6. He is a graduate of Virginia Commonwealth University, where he received the faculty award for print and online journalism.

Leonard can be contacted at or follow him on Twitter @Matt_Lnrd.

Click here for previous articles by Leonard.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.