This year marks the 21st celebration of Cybersecurity Awareness Month, which was established in 2004 to raise awareness about the importance of cybersecurity in both public and private sectors. The Cybersecurity and Infrastructure Security Agency (CISA) established this year’s theme, “Secure Our World,” which emphasizes the importance of taking daily action to reduce risks when online. Staying vigilant is important for both individuals and cyber professionals, as actions by a person or organization can impact the security of people, businesses, and even national security in some cases.
Mistakes still happen, however, and the cyber industry has to be prepared to address them quickly and efficiently. For example, when CrowdStrike’s software update caused a widespread IT outage in summer 2024, cybersecurity experts had to understand how to deal with the technological disaster.
Earlier this year, University of Maryland Global Campus (UMGC) presented a webinar about the importance of technological disaster resilience. The webinar was hosted by Tina Williams-Koroma, founder and CEO of TCecure and CyDeploy, and Loyce Pailen, DM, senior director of the Center for Cybersecurity Studies at UMGC.
Williams-Koroma and Pailen covered the various approaches organizations can take to ensure their resilience in the face of any future cyber fiascos, such as ransomware attacks.
“We all hope that nothing bad happens in life, and the same is true for our personal and business systems. However, disasters happen, some big, some small,” Pailen said during the webinar. “The best way to mitigate the fallout of a disaster is to not only have a plan, but to test the plan.”
What Is Technological Disaster Resilience?
As Williams-Koroma explained in the webinar, technological disaster resilience has been researched and defined by the National Institute of Standards and Technology (NIST), an agency of the U.S. Department of Commerce that promotes innovation and industrial competitiveness.
“Technological disaster resilience is defined as the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruption,” said Williams-Koroma. “Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.”
Cyber failures can take many different forms, and can cause immense damage both in person and online.
“It's important to understand that when we're thinking about disasters, it's not just natural disasters or storms. It could be something that impacts a power outage which may or may not be a natural disaster. It could be something that was a mistake or equipment needs that weren't properly assessed,” Williams-Koroma said. "When you're looking at resilience, you're looking at the ability to not only survive from it or recover, but also to thrive and continue during that particular mishap or disaster.”
How Do You Achieve Technological Disaster Resilience?
Methods of achieving technological disaster resilience vary by industry and organization. It is important for organizations to develop a plan focusing on what to do when an emergency strikes.
“When you think about a disaster, recovery, and business continuity, it really starts with the policies that an organization has. These policies are a bedrock of governance for the organization,” said Williams-Koroma. “It's important that organizations spend ample time, resources and attention on establishing a specific disaster, recovery and business continuity policies.”
The NIST has discussed multiple types of plans involved with contingency and continuity for organizations:
- Continuity of Operations Plan (COOP): a plan for sustaining an organization’s mission essential functions (MEFs) through an alternate site and performing these functions for up to 30 days before returning to normal operations
- Business Continuity Plan (BCP): sustains business processes and the information systems that support these processes during and after a disruption
- Critical Infrastructure Protection (CIP) Plan: a set of policies and procedures that protect and recover components from a disaster that are deemed so vital, their loss would have a debilitating impact on the safety, security, economy, and/or health of the United States
- Disaster Recovery Plan (DRP): an information system-focused plan designed to restore operability at an alternate site after a major disruption, usually causing physical damage to the original data center
- Information System Contingency Plan (ISCP): provides recovery procedures for a single information system from disruptions that may not require relocation to an alternate site
- Cyber Incident Response Plan (CIRP): a procedure that enables security personnel to identify, mitigate, and recover from cyber attacks against an organization’s information system
- Occupant Emergency Plan (OEP): provides directions for facility occupants to follow in the event of an emergency that threatens the health and safety of the personnel, environment, or property
To achieve disaster resilience, Williams-Koroma primarily recommends testing a plan before a real disaster strikes. Testing can include disaster testing, recovery testing, and functional testing of your organization and its information systems.
“Testing helps you really to see how interconnected your systems are. What systems do your organizations have? What are your systems talking to both internally and externally?” said Williams-Koroma. “Understanding from a functional perspective is something that can really help to mitigate devastating and long-lasting effects from a disaster or an attack.”
What are the Best Practices for Technological Disaster Resilience?
Regardless of which methods your organization chooses to implement, certain best practices can increase disaster resilience. When developing a cyber emergency plan, organizations should include clear details about roles and responsibilities assigned to specific people, branches, or departments.
“When there is a disaster, there are a lot of moving parts, individuals, and departments that are required to participate in ensuring an organization is resilient and continues to thrive even during a disaster,” said Williams-Koroma. “A disaster recovery plan is essentially a roadmap through disaster, and it's important to establish what the roles and responsibilities are throughout the organization and have those clearly captured within a plan.”
Williams-Koroma explained how testing is important when it comes to a plan development, and that it is imperative for team members of an organization to exercise and practice their roles in a disaster plan before the plan is needed in real life. This strategy minimizes confusion during a crisis and helps the plan run smoothly with correct coordination. Williams-Koroma also suggests creating backup procedures for data to achieve business continuity and to ensure the organization can continue to operate and share important information.
“Even during a technological disaster, data may still need to be available to certain stakeholders at certain times,” said Williams-Koroma. “It's important to have backup procedures for your data that are created and can accommodate operational requirements and comply with standards.”
Establishing recovery time objectives (RTO) and recovery point objectives (RPO) is important for different departments within the organization to understand the technology systems. Departments need to be able to address who is impacted, how systems can be recovered in an emergency, and how long an organization can afford for systems to be compromised. Organizations should prioritize recovering systems based on how critical they are to the mission of the organization, as well as create and maintain an accurate asset inventory.
“Asset inventory isn't always seen as a clear security or technology practice, but it is something that is so vital, especially when you have a cyber incident or disaster. Do you know what you're protecting? Do you know all the components of what you're protecting?” said Williams-Koroma. “For example, you may have this server on your network and you're not clear on the value or the role that server plays, but you find out during a disaster that it’s critical to the organization. So, maintaining an asset inventory that accounts for all systems on your network is vital to being able to be resilient during a disaster.”
UMGC’s Dedication to Cybersecurity
At UMGC, the Center for Security Studies is dedicated to helping students and the community learn more about different aspects of cybersecurity. The center promotes cybersecurity awareness and provides educational resources, networking, and career training opportunities for students pursuing security studies.
“We are involved in a major effort to encourage all Americans to take proactive steps to enable lasting positive cybersecurity and behavioral change not only at work, but also at home,” said Pailen. “We hope to continue to work on these projects to protect against cyber threats and to promote cybersecurity awareness across the nation.”
UMGC offers a variety of degrees in cybersecurity including cloud computing, cyber operations, and cybersecurity management and policy that help teach the skills to be successful in the field. The university has also been designated as a National Center of Academic Excellence in Cyber Defense (CAE-CD) by the National Security Agency and as a Center of Digital Forensics Academic Excellence (CDFAE) by the DC3 Academic Cyber Curriculum Alliance.
Reference on this webpage to any third-party entity or product does not constitute or imply endorsement by UMGC nor does it constitute or imply endorsement of UMGC by the third party.
/blog-umgc-crowdstrike-outage-cybersecurity-linklist-shutterstock-2491319607.jpg)
Share This