Communication is key when responding to a cybersecurity incident. There’s an old joke that goes something like this: “To err is human, but to really screw things up you’ll need a computer.”
Of course, it’s funny, but as we all know computers just do what they’re told (or programmed) to do. They’ll do it to the letter, time and time again, without thinking.
And if someone hasn’t had the foresight to predict every situation that a computer program may encounter (unexpected end of a file, divide by zero, too much data to fit into the space allotted for it) then things might go wrong.
In short, it’s probably fairer to say:
“To err is human, but to really screw up you’ll need a human to program a computer.”
which is when an effective communication takes place. The point is that even the most carefully thought through systems and processes might contain bugs and unexpected wrinkles which only come to light when something disastrous happens.
Earlier this month something bad happened in Hawaii. A mistake by a human operator saw a computer system send a terrifying message to residents of Hawaii, warning that a missile was about to strike:
“Ballistic missile threat inbounds to Hawaii. Seek immediate shelter. This is not a drill.”
Thankfully, the message turned out to be a false alarm. But it took a full 38 minutes for the follow-up “Don’t panic” message to be sent to citizens who had been scurrying to find shelter or reach loved ones.
There has been much said about how it was possible for an incorrect missile warning message to be sent, but I’m actually more interested in why it took so long to communicate the truth to a petrified public. which is why Communication is key when responding to a cybersecurity incident.
One issue seems to have been that although there were processes in place for sending out missile warnings, there weren’t such smoothly-run systems for releasing corrections rapidly.
Furthermore, the office of Hawaii’s governor David Ige knew that it was a false alarm just two minutes after the alert had been sent state-wide to mobile phones. And yet it took Ige 17 minutes to send a tweet saying there was no missile threat.
The reason? The Governor of Hawaii had a simple explanation. He forgot how to log into Twitter:
“I have to confess that I don’t know my Twitter account log-on and the passwords, so certainly that’s one of the changes that I’ve made. I’ve been putting that on my phone so that we can access the social media directly.”
Clearly, he wasn’t following the example set by some of the staff at Hawaii’s missile alert agency, who were keeping their passwords on Post-it notes.
On reflection, it’s clear that human error, compounded by poor user interface design, caused the bogus missile alert to be sent out. Such things shouldn’t happen, but – unfortunately – sometimes they do happen.
Most Popular Training Courses at Indian Cyber Security Solutions