Talk Title: The Power of Incident Response Tabletops

Talk Abstract:
Industrial organizations are too often hit with a reality check when they find themselves unprepared for handling a cybersecurity incident. While Incident Response (IR) tabletops are not a new concept, not all organizations have regular exercises scheduled and some are not performed effectively. Industrial Control System (ICS) IR presents additional challenges as compared to a typical IT IR, since it requires involvement from multiple business units and teams, and can have physical impacts (e.g. safety of people, environmental impacts, or damage to equipment).

Attendees will be exposed to a flexible strategy that can be applied to their organizations and operations, along with important elements to focus on to have an effective and powerful IR tabletop. This includes the scenario selection and technical elements, but also delves into the critical realities like psychological states. The ability to self-regulate and lead through a crisis is paramount. Self-regulation drives effective decision-making, communication, and collaboration. Part of this presentation will dive deeper into the neuroscience of stress.

Another critical facet is the backbone of the IR plan, structure, roles and responsibilities, and interfaces with other business units. A free resource (IACS Cyber Security Incident Response Playbook) will also be introduced that BBA developed by receiving funding from Natural Resources Canada’s Cyber Security and Critical Energy Infrastructure Program (CCEIP). This framework can be used for both IT and ICS.

This presentation highlights just how powerful IR tabletops can be in terms of mitigating business risk and operational impacts. This knowledge is shared based on experience gained in preparing and facilitating IR tabletops for clients, ranging from small to large organizations.