210 likes | 457 Views
Cyber Incident Communications Planning May 6, 2019. Siobhan Gorman Partner, Brunswick Group. Chris Farley Deployment Manager, Expanse.
E N D
Cyber Incident Communications Planning May 6, 2019
Siobhan GormanPartner, Brunswick Group Chris FarleyDeployment Manager, Expanse
In today’s dynamic political and data environment, every election official should assume you will have to respond to a cyber incident at some point, and that response is central to preserving public trust.
To lead confidently, you need to prepare, train for, and test your response ahead of time.
Cyber-Incident Preparedness Near-term Longer-term Determine internal roles and responsibilities. Make sure there is a clear escalation process and the right teams are talking to each other in the event of a cyber incident. Plan your response to a cyber crisis in advance with a communications playbook, including a decision-making protocol, leak strategy, holding statement, key messages, and Q&A. Assess the current crisis communications plan, and determine whether to augment the current plan to address cyber crises or if a separate cyber plan is needed. Ensure the incident response is part of the operational continuity plan. Make sure there is a backup communications plan and system in place.
Cyber-Incident Preparedness Near-term Longer-term Conduct crisis simulation exercises coordinated with legal, technical, and outside advisors, including key senior leaders across the organization. Map stakeholders and conduct a reputational risk analysis to understand risks to trust in the election system, priority stakeholders, and how to reach stakeholders to address key concerns. Educate the media through background meetings and events on the resiliency of the election system, and the current work to mitigate cyber threats. Engage the public through online channels and public events on the resiliency of the election system and the current work to mitigate cyber threats.
Gain control by focusing on actions to secure data and preserve system integrity Provide context • Use the right digital and traditional tools Learn from the incident Be visual Be transparent but careful Communications Response - Best Practices
Public Communications & Media Relations Best Practices Public Make your communications aboutyour most important stakeholder—the public Speak plainly Demonstrate transparency by communicating with the public on a regular basis Avoid legalese, which signals an inward focus and creates distrust Media Establish the facts, and double-check them Develop a simple, accurate, short counter-message Respond quickly Be transparent Engage on all platforms Avoid repeating false information and focus your message on the response—not the incident or rumors Social Media Evaluate planned social media activities Use social media reactively and sparingly Watch your tone Promote your posts, if necessary
Lessons Learned: Cyber Crises “Industry analysts say HBO has done a good job in responding quickly with public and internal messaging.” – Variety “U.S. Indicts 7 Iranians in Cyberattacks on Banks and a Dam” – The New York Times “OPM HACK WORSE THAN PREVIOUSLY THOUGHT (AGAIN)” - Newsweek
Playbook Components Strategy, Missionand Objectives Best Practices Established Communications Process Holding Statement Key Messages and Q&A Digital Strategy Checklists Scenario-based Planning
General Tips for Scenario Planning 1. 2. Develop a diverse range of scenarios • Don’t anticipate every outcome 3. 4. • Use the scenarios for: • Internal planning and exercises • Template statements touse in a real incident • Think short term: first 24-72 hours
Holding statement Key messages • Peer email (if appropriate) Q&A Sample tweet / other social media Scenario description Scenario Planning Materials
Some Likely Questions • Given what happened in the 2016 election, how could you let this happen? • What type of systems were affected? • Do you know if this is a result of a malicious cyber attack? • Are the malicious actors out of the system? • Who is responsible forthis incident? • Can this problem affect other states? • Do you have confidence in the results of the election? • What preparations did you make before Election Day?
Scenario Planning 1. 2. 3. • False rumors of unfair election conduct, possibly including allegations from campaigns involved, circulate on social media • Limited number of election systems are compromised with likely no election outcome impact • Incident affects election night reporting 6. 4. 5. • Cyber incident in one state, unsuccessful attempts in other states • Incident affects national vote outcome • Incident impedes voting process/operations
Scenario discussion: Election night reporting Malicious actors gain access to the online platform that [JURISDICTION’S] election officials use to report real-time vote totals to the public on Election Day. As polls close, the malicious actors begin manipulating the results on the site to favor one of the [presidential] candidates. Before the issue can be corrected, television networks and other election trackers use the results to forecast which candidate is expected to win the state. • What key points would you include an initial statement? • Which questions would you expect to get from press? How would you respond? • What are some potential pitfalls in responding to this type of incident?
Q&A SIOBHAN GORMANsgorman@brunswickgroup.com CHRIS FARLEYchrisfarley@d3p.org