Responding%20to%20a%20Cyber%20Crisis%20A%20Lesson%20in%20Preparedness.png?profile=RESIZE_710x

 

Handling crises, whether natural calamities or cyber emergencies, requires preparedness, agility, and resilience. In this blog post, we delve into real-life experiences shared by Dan, a seasoned security professional, highlighting pivotal moments and lessons learned from crisis management.

 

 

 

Here is the verbatim discussion:
 
o you kind of have the forming storming norming kind of thing and this was our storming phase so anyway one of the early things that happened this was um I was asked our security team I've hadan a security team of around 30 professionals and we were asked to put um wireless networks in all of the conference rooms in state government and so um at that time that was kind of a Cutting Edge issue now you know everyone has Wireless everywhere in their homes and in you know coffee shops and everything but the reality is um you call three-letter agencies in Washington so NSA CIA Dia FBI and and I had done my home homework and I knew that this was bad you know security you know we couldn't allow Wi-Fi in conference rooms because it was it was uh going to be a problem it was um it was not secure and there was stories in the papers there  lots of stories in the US papers about people pulling into Home Depot and Walmart I'm not Walmart but Home Depotand Lowe's and and different uh parking lots or car parks and and hacking into cash register because the Wi-Fi weren't secure so I had all these papers so basically Terry asked me to prepare we were in the staff meeting and it was like 10 of us in the staff meeting and we got to that agenda item and Terry says dan tell us how we're going to securely put Wi-Fi in all of our this project we're not going to do it we're not putting Wi-Fi in any of the conference rooms and Terry just lookedat me with this stunned look you know and and I have you know she asked everyone to leave the conference room but me so it was just me and Terry looking looking at each other and I've never seen a government agency meetingend so quickly in my life because you know this was an hourong meeting it was 15 minutes in and she just ended it an she looked me in the eye and she said Dan if that's your answer you cannot be the ciso in the state of Michigan basically I was worried I was gonna get fired and I said well wait a minute Terry know you don't understand let me explain I had all these white papers and this I was going to show her all my background materials about and articles and and books about why this was a bad idea and she says no stop I've read all those articles I know what you're gonna say I I know what your thing is but but she said um I've been to DAL Ford Chrysler and General Motors they all have Wi-Fi in their conference rooms what do they know that you don't know and so they're like telling so I'm like whoa she says I'm giving you one week to to figure this out and come back and give us a plan not to not to deliver it but to give us the plan to do it securely or you're fired so that was a real scary moment for meash it was scary I almost thought I was gonna lose my job I ran back to my interesting try yeah yeah I just one more quick thing I'll tell you I went back to my team they were like Did we tell them we're ging Wi-Fi and I said no we're doing Wi-Fi we've got to figure this out so two years later we win the award for top Wi-Fi security in the whole country we we but that really was a a ground a paradigm shift for me as a person you know that security needs to be enabling they need to be coming with Solutions and not just problems security Pros can't just say no can't do it you've got to come up with a solution that's going to do security on time on budget with the right level of security so that's my most embarrassing story how I almost got fired but it turned into a good thing Terry and I are still friends 20 years later actually well 18 years later and now bash I want to know what your most embarrassing moment in your career was sure sure I I I would be happy to but before that um so so did you manage to get fired no no I did I kep my but you tried but you tried I kept my job I did not I did not get fired and uh it ended up being real a paradigm shift for me because I started to think about security differently and I you know whenever I had a security challenge it's like who's doing this best who can we learn from look around um and you know state government is not known at that time certainly is one of the leaders in security and and like I said the private sector was doing that better than us and we learned from that and we actually improved we actually got better through that experience interesting very interesting learning I I I believe that there's a lot of interesting takeaway as well outside of uh a very entertaining story for sure so let me share mine yes so this is quite a long time back almost like couple of decades back and and as a kind of little bit Prelude to the story which is important I used to do a lot of magic shows I mean long time back and by magic shows I don't mean the rabbit out of the hat trick kind of magic shows but more like the David Blaine kind of stuff mentalism and um um closeup magic and those kind of stuff I I used to do on stage as well so I was doing like opening shows for college fests and closing shows for college Fest so I'm doing I was doing it at a pretty decent evel uh so and and also I started my first startup around that period we were doing this um automated penetration testing on the cloud so that was what we were working on so uh now I went for a visit to Paris to meet some partners and that that was like a slightly gloomy day and little bit of drizzles and I remember I was walking down the stairs um of um they call it Subway right yeah Subway yeah like the underground yeah they call it Subway yeah so or no they call it Metro oh the Metro I guess the Metro yeah yeah they call it the Metro the underground transport system so the US is the subway yeah us is the subway and London is the underground yeah so I was going down the stairs and there was a guy who looked like from east Europe he came and told me that I'd like to sell this um iPhone iPhone just go launched and would you like to buy and I was the Blackberry guy during those days yeah so I said no I'm happy with my phone so I was walking down and this guy still followed me and said you know what I need some money badly and my sister is at the hospital I need some money it'll be great help if you could buy this and the eventually came down like he started with somewhere around few hundred EUR and came down to some 20 and eventually he told me you know what I need it very very badly can you give it to me I mean I'll give it to you at €1 or something like that and here is the iPhone and I'm also going to give you this camera a small point and shoot Auto automatic camera and I took that phone and I swiped and everything was working fine and I thought this is interesting because at € 10 if you get a device which is working in worst case even if things are not perfect we can go open it up and look into and use it for hacking so I found that and I'm I think I became a little bit greedy I wouldn't say I tried to help that guy uh but I said okay here you go I gave the € 10 EUR he took this uh iPhone and the camera put it into a small brown bag and gave it to me and I took that and he started running up the stairs and I opened this brown bag and inside that there were two potatoes oh wow so right in front of me he did the classic switch which I I was pretty well trained to do wow he did that classic switch in front of me and that was probably the most expensive pair of potatoes I have still I mean I bought till date that's a great story that had been a pretty humbling experience being a security professional um I mean that reminds me to stay humble that's great great story so so Dan let's get started with some real crisis example today's topic is handling crisis um please share some some examples of some real crisis that you dealt with in the past well I've dealt with lots of them um you know when I was CSO for sure oneof the biggest ones was the blackout the Northeast blackout of um 2003 so you know we had just gone through the whole Y2K and I I I started in Michigan government in 97 and um you know i' come from an NSA kind of top secret background you know and Michigan Government was very different than that of course um not a lot of you know not a lot of um of very uh secure facilities but the whole Focus during those years from 97 to 2000 were was Y2K so we had prepared you know what if you know all the computers break and we had done a lot of good work to prepare for that um and that went kind of without a hitch but we were all sitting there in the Emergency Center you know and January or or actually you know December 31st January 1 of 2000 um but then three years later you know we had we had we had of course two years later we had 911 but not so much happened in Michigan but two years after that we had a large blackout in Michigan where uh the whole Northeast lost power for two days basically we lost power and it was basically a situation where um you know we had to all go to the emergency coordination Center and respond to um you know no computers no power no um you know huge issues a lot of people thought it was in the US thought it was another 911 they thought you know it was another terrorist attack and uh all the people at the emergency coordination Center uh we were there for four straight days and a bunker with you know a generator and um responding to all kinds of issues that you know the state parts of the state came back like 24 hours later other parts uh came back more like two days later and some came back three days later but it was a major emergency and and New York was without power for a couple of days a lot of things happened you know trying to get water from one side of the state to the other um some things you wouldn't necessarily think about like um it was a very hot day it was like 95 degrees Fahrenheit in the US and and restaurant were having to close there was no air conditioning but they were serving spoiled food and so like there there food um you know uh inspectors who were having to you know close restaurants because people were eating spoiled food in Detroit and uh and and they needed the technology to support that but they had no power so there was lots of things we had to do and during that time I met tons of people who ended up becoming leaders in Michigan Government over the next decade the person I worked closely with was um colonel ATU who was running the whole emergency for uh State Police in Michigan she ended up becoming the director of Michigan State Police so in those kind of emergencies if you're ready if you're prepared if you've got good plans in place um it can really strengthen your security organization to be prepared that was not a hacking attack although some people thought it was a hacking attack initially um uh and but you know we responded to that and that was a real life emergency we responded to that's interesting that veryinteresting so um I mean that happened due to more like a natural Calamity but that's something which I think all the all the nations today want to stay prepared for right so um Dan uh let's talk about some some some of the drills that you have done and um uh so any of these large scale cyber crisis drills that you conducted in the government y yeah so what what of the ones I I want to uh mention was a a um a series of drills that the US Department of Homeland Security does called cyberstorm that's cyb R storm s o RM and uh the what I'll tell you about the story I'm going to tell you is from cyberstorm one which was the first one but they're now up think cyberstorm 7 is coming they do this every two years and these are Global exercises so um you know they they do them in you know US states they use federal agencies in the US but know the United United Kingdom and France and Australia and New Zealand were all part of these exercises so thiswas a global exercise we were at the first one and my team had prepared this is a week long exercise it was an everyone our team obviously but it was a large group of people and um I tell people if you want to understand what cyberstorm one was like I'm thinking this is back in 2006 so this is going back to the first cyberstorm but there's a lot of really good lessons we learned from that um watch the movie Die Hard four Die Hard four with Bruce Willis um it's called live free and die hard where all the power goes out and bombs are going off and it's scary stuff um so we had a situation where um we you know the first day of this exercise you know was probably over the top and most cyber exercises today wouldn't start this way but they had bombs going off kind of like 911 again they blew up our data center they blew up um big parts of government um they hacked other parts of government and all of our services were down for two days and it was very very intense and we were like getting beat up we were like humbled our team was just like we were like done I mean we were really kind of overwhelmed by Thursday afternoon though this is what I want to tell you about by Thursday afternoon we were told there's one more thing you have to do in this exercise to train your team and we said okay what is that they said we have to get our bull Mainframe.

 

 

Highlights:

The Storming Phase: Dan recounts a pivotal moment during his tenure as a security professional where he was tasked with implementing Wi-Fi networks in state government conference rooms. Despite initial resistance due to security concerns, Dan's paradigm shift led to innovative solutions, ultimately earning accolades for top Wi-Fi security nationwide.

The Expensive Pair of Potatoes: A humbling experience shared by another professional underscores the importance of staying vigilant and humble in the face of unexpected challenges. In this case, a seemingly lucrative deal turned out to be a lesson in caution and awareness.

The Northeast Blackout of 2003: Dan's experience during the blackout sheds light on the importance of preparedness and collaboration in crisis management. Despite the initial chaos, effective coordination and leadership helped mitigate the impact and strengthen the security organization.

Cyberstorm Drills: Dan's participation in the Cyberstorm series of drills organized by the US Department of Homeland Security showcases the global effort in testing and enhancing cyber resilience. Lessons learned from these exercises, such as the importance of adaptability and teamwork, are invaluable in navigating modern cybersecurity challenges.

 

In navigating crises, whether natural or cyber-related, preparation, adaptability, and collaboration are paramount. Real-life experiences shared by security professionals like Dan offer invaluable insights into the complexities of crisis management and underscore the need for continuous learning and improvement in safeguarding critical infrastructure and information systems.

 

 

Speakers:

Dan Lohrmann is an esteemed cybersecurity expert and Field Chief Information Security Officer (CISO) for Presidio, celebrated for his impactful career across both public and private sectors. With beginnings at the National Security Agency and roles at Lockheed Martin and ManTech, he has been recognized as CSO of the Year among other accolades. Dan is also a prolific author and speaker, sharing insights on cybersecurity and technology modernization through his award-winning blog and publications.


https://twitter.com/govcso

https://www.linkedin.com/in/danlohrmann/


Bikash Barai
is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.

Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to the cloud.

 

https://twitter.com/bikashbarai1

https://www.linkedin.com/in/bikashbarai/ 

 

 
 
 
 

 

 

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform