Managing Response to Significant Cyber Incidents
Comparing Event Life Cycles and Incident Response Across Cyber and Non-Cyber Events
ResearchPublished May 12, 2022
The United States has a long history of preparing for and responding to large-scale incidents affecting public safety and homeland security. However, it does not have comparable experience in responding to cyber incidents. This report examines U.S. processes for non-cyber emergency management and whether U.S. officials can learn from these events to help public and private sector stakeholders improve preparations for response to cyber attacks.
Comparing Event Life Cycles and Incident Response Across Cyber and Non-Cyber Events
ResearchPublished May 12, 2022
Cyber incident response has evolved based on systems and processes developed for other types of incident response, such as response to natural hazards. Large-scale cyber incidents that would have an impact on the United States' national and homeland security, economic security, and public safety and welfare to date are rare. However, they may have additional complications that make them more complex to plan for, including challenges in distinguishing the early stages of a significant cyber incident from a more quotidian incident, and the diversity of stakeholders involved. In this report, RAND researchers compare and contrast incident response for cyber and other types of hazards, both human-caused and natural, to derive initial insights into their similarities and distinctions. The report suggests some ways to improve preparedness for cyber incident response and propose additional areas requiring further research. Recommendations include developing more rigorous and dynamic joint public-private exercises, conducting further analysis to identify how systems could fail through a cyber attack to inform early warning efforts, and developing decision mechanisms and shared understandings that will facilitate coordinated activation and execution of incident response plans.
This research was funded using internal funding generated from operations of the RAND Homeland Security and Defense Center (HSRD) and conducted by the Strategy, Policy and Operations Program.
This publication is part of the RAND research report series. Research reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND research reports undergo rigorous peer review to ensure high standards for research quality and objectivity.
This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.
RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.