Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Ideology-based Threats in Response to Civil Unrest
January 13, 2021
As we move toward the inauguration (and beyond), it’s important to focus on potential digital and physical threats to organizations and identify areas of opportunity for preparation and response.
In the aftermath of the storming of the U.S. Capitol, news reports are suggesting the potential for armed protests in Washington D.C. and all 50 states leading up to President-elect Biden’s inauguration on January 20th. Based on credible threats in the National Capital Region (NCR), President Trump has declared a State of Emergency to allow for enhanced security including local and federal law enforcement and the National Guard. Even though physical threats remain a high possibility, we will concentrate our focus on the digital realm and identify some recommendations.
There are several different cyber threat scenarios organizations and elected or public officials should consider. In response to broadcast and online news coverage of the incident at the Capitol and continuing coverage leading up to the inauguration, major media and local affiliates, as well as elected and public officials of both political parties, are probable targets for ideologically motivated attacks. The most-likely attack scenarios:
The deplatforming of President Trump, private citizens and competing social media companies (ie Parler) has increased the potential for ideologically motivated actors to target Big Tech (beyond the current calls for boycotts). While these organizations have robust security in place to prevent attacks, they should still be prepared. Additionally, it’s likely that more advanced adversaries – potentially sponsored by nation-states – may seek to use these tactics as diversions for more sophisticated attacks, especially while many organizations continue remediation efforts stemming from the SolarWinds compromise.
Using Threat Intelligence
When approaching a potential “known threat” scenario where information is flowing from credible sources, organizations should begin conducting estimative intelligence analysis to prepare decision makers across lines of business with most-likely and most-dangerous threat courses of action. (Estimative intelligence is predictive, and is used to prepare decision makers for future threats and events.) News media organizations also can and should prepare for the most-likely threats: ideologically motivated actors conducting low-risk social media account hijacking, doxxing of news media personalities and/or web-site defacement. A most-dangerous course of action should be assessed: the combination of the most-likely course of action by both ideologically motivated adversaries or insider threats, plus a simultaneous Distributed Denial of Service (DDoS) and physical assault of field reporters and staff or physical incursion of company property.
The potential for these scenarios should be analyzed by both information and physical security staff for their likelihood per geographical location. News agency and local law enforcement communication and cooperation is essential. A report with associated policies should be distributed to key decision makers within the organization to promote awareness and support incident response (IR).
Enacting Incident Response
Given the immediacy of these potential threats, it’s unlikely that other best practices can be enacted between now and the inauguration. However, future events may require organizations to expand their IR playbooks to include the planning for similar scenarios. Additionally, organizations are encouraged to conduct internal exercises (such as tabletop exercises or readiness assessments) to account for and document best-practice responses in case of a real-world incident.
In the event of a major incident involving both physical and cyber-based attacks, organizations should rely on the Incident Command System (ICS) to conduct their response. The ICS is a standardized structure that coordinates managers and leaders across multiple organizations or lines of business in responding to a major incident. Government organizations rely on ICS for incidents ranging from national disasters to pandemic response (for instance, Hurricane Harvey or the onset of COVID-19).
Each section in the ICS plays a specific role in the event of a major incident and using ICS allows for designated roles and responsibilities, integrated communications, common language and terminology usage, quick coordination of resources and planning.
For further information and a tutorial on ICS, readers should visit the National Service Knowledge Network Online Learning Center.
While the ongoing events are concerning, organizations have the tools at their disposal to identify, prepare for and respond to any potential threats posed by the unrest. Leaders need to coordinate and prepare their decision makers for any potential attack, either digital or physical. A prepared leader is an equipped leader and will significantly enhance protection of the organization’s most important assets.
Organizations that have offices and personnel near the NCR or in the vicinity of U.S. state capitals should enact policies to allow further remote work, if this isn’t already in place due to COVID-19 safeguards. In addition, to deter potential physical damage of office space in these regions, these organizations should ensure their physical security team(s) have access to threat information and publicly available bulletins produced by local and federal law enforcement and plan for scenarios of escalated public presence and the potential for violence, theft, and property damage. Organizations that face the potential for physical threats should contact experts in that space.
September 17, 2020
Information security strategies often overlook the threats posed by weaknesses in its physical security posture.
Let us know what you need, and we will have an Optiv professional contact you shortly.