WTF Just Happened? Why Your Org Needs a Cybersecurity Incident Review Board

pcmag.com:

"People don't do shit about cybersecurity until they have to," Tarah Wheeler, a Fulbright scholar and CEO at Red Queen Dynamics, Inc., remarked during her panel at Black Hat.

She's right. A 2021 study from IBM(Opens in a new window) found that less than half of respondents said their organizations had a cybersecurity incident response plan. And if organizations don't take the time to investigate how cybersecurity incidents happen, they could be doomed to repeat history.

That's the conundrum that Wheeler—along with Victoria Ontiveros, a Harvard researcher, and Adam Shostack, a threat modeling expert—sought to address. Their answer: the Major Cyber Incident Investigations Playbook.

The document contains a guide for creating independent review boards at organizations, from deciding who should be on the board to presenting investigation results to interested parties. These groups would be tasked with gathering the facts about cybersecurity incidents, and then sharing that information with the wider cybersecurity community online, so they can avoid the same missteps in the future.

In a 2021 report(Opens in a new window) from Wheeler, Shostack, and Robert Knake(Opens in a new window) released by Harvard's Belfer Center, the trio said the playbook effort could be like a "Cyber NTSB." The National Transportation Safety Board (NTSB) investigates all major transportation incidents, and its reports are available to the public, which helps the transportation industry avoid future incidents. At Black Hat, the researchers argued that this strategy should also be applied to cyber-incident investigations.

The feds are already doing something similar. In February, the Homeland Security Department created the Cyber Safety Review Board