NIST finalizes cyberattack recovery guidance
- By Matt Leonard
- Jan 03, 2017
Preventing all cyberattacks is a good, but unrealistic, goal. That’s why preparing for recovery from a cyber incident can be just as important as prevention, according to the National Institute of Standards and Technology. The agency’s Guide for Cybersecurity Event Recovery provides a single resource to help organizations develop strategies to contain an opponent and restore operations quickly.
“Organizations used to focus their information security efforts on cyber event protection, but adversaries have modified their attack techniques to make protection much more difficult, including taking advantage of weaknesses in processes and people as well as technologies,” the publication says. “The number of cyber events continues to increase sharply every year leading to a widespread recognition that some cyber events cannot be stopped.”
The publication was in its now-final form. The technology-neutral advice provides 10 recommendations for planning for recovering from an attack and includes example scenarios with step-by-step instructions for execution. The guidance is targeted at federal agencies, but NIST says the advice would be helpful to “any organization in any industry sector.”
The publication says it is important that an organization has its recovery plan in place before an attack. The plan should include details on who is authorized to implement the plan, communication strategies, information on off-site data storage, documented system details and a list of hardware, software and infrastructure.
Once the plan is in place, the training for attack recovery should be done on a regular basis, the publication recommends. “The plans, policies, and procedures created for recovery should be continually improved by addressing lessons learned during recovery efforts and by periodically validating the recovery capabilities themselves,” the publication reads.
Matt Leonard is a former reporter for GCN.