As some people may have seen in the media Harvard was hit with a larger than usual cyber intrusion (see http://security.harvard.edu/cyber-alert ). I am not going to go into non-public details of the incident, but I will mention a few things that may be of use to some folks out there. I have studied, and taught on the topic of information security for a while now, yet this was the first large scale intrusion I had been involved in navigating.
Things that made a difference:
- Being prepared
It sure makes a big difference when you have established processes and practices for Major Incidents and Crisis. And it also helps if you have had the opportunity to practice them in simulations or in the context of other smaller events. We had, and that made navigating the incident much easier.
- Well briefed leadership
We quickly established regular briefings and “right sized” the level of language used in briefings to keep things simple, yet concise, and approachable to non technical people. The ability to keep everyone involved connected and understanding of what was going on was critical to navigating this whole situation.
- Having a team that truly understands all aspects of information security
It’s not all about bits! From deep info sec skills to user experience and communications folks, we had a wide array of perspective involved. It made it possible for us to have a better and more comprehensive approach.
- Having a great community to tap into
As part of our remediation plan we ended up needing a large number of volunteers. It was amazing that with just two hours notice, we were able to mobilize a few hundred people to come and help. Amazing!
- Leveraging the right partners
We also benefited from great third party partners from federal government partners, to third party technology and information security partners.
- Knowing this is just one battle
This was just one battle, the same people or others will be back, with similar or different tricks, tomorrow, two weeks from now, next year, etc.
- Zen – being both urgent and patient
Finally, it was important (albeit not new news) to realize that in navigating such situations you need to keep a balance between those times when you need to be urgent and act very quickly, and those times when it is important not to act, or at least not act quickly and take the time to observe, and absorb the situation to gain insight and make better decisions.