CISA Cybersecurity Public–Private Partnerships: A Model for Disaster Recovery

January 11th, 2022
A glance at the “Significant Cyber Incidents” posted on the Center for Strategic & International Studies (CSIS) website says it all. There were seven of these “incidents” in December 2021 alone. They ranged from a cyberattack on the Belgium Ministry of Defence that exploited the Log4j vulnerability—forcing part of its computer network to shut down for several days—to a breach of four U.S. defense and technology firms by Chinese hackers. To help fight back, the Cybersecurity & Infrastructure Security Agency (CISA) is developing critical infrastructure partnerships to test emergency response plans. CISA’s Partnership and Engagement branch serves as CISA’s focal point for strategic and customer engagement with state, local, tribal, and territorial governments, and private sector customers.

CISA Incident Response Exercise: A Model for Public and Private Sectors

Last fall, CISA, in coordination with public and private sector partners, held an exercise in Tulsa, Oklahoma, to test emergency response plans. The exercise brought together multiple agencies and stakeholders to gauge prevention, response, recovery, and overall business continuity capabilities. If you’re an IT pro working in the private sector, state or local government, education, or nearly any other industry, CISA’s approach is a great model for ensuring your organization is prepared to respond and recover from any disaster, whether it’s a hurricane, data breach, or ransomware attack. Here are some key takeaways and resources we want to highlight:

Develop Your Disaster Recovery Plan

Obviously, the stakeholders had to develop those emergency response plans before they could be tested. It would be best if you did the same. Bring together the key stakeholders and partners within your organization to identify mission-critical systems, applications, and data. Develop a comprehensive business continuity plan that includes a business impacts analysis and recovery strategies, then test your plan to make sure it meets your objectives. The U.S. government’s Ready.gov website offers a great starting point for developing your plan.

Build In Effective IT Disaster Recovery Strategies

Your business continuity plan must include an IT disaster recovery plan. Here, another Ready.gov IT web page can help you kickstart your planning process. Your recovery strategies are the most crucial elements of your plan, so they should address all of your IT systems, applications, and data. That includes networks, servers, desktops, laptops, wireless devices, data, applications, and connectivity. You need to prepare for the loss of any of these system components and make sure the recovery strategy you develop can meet your RPOs and RTOs. Some organizations that can’t tolerate any downtime choose to use two data centers—each capable of handling all their data processing needs—running in parallel, with data mirrored or synchronized between the two centers. That’s a very complex, expensive strategy. A better approach is to choose a disaster recovery solution that can meet your needs without breaking your IT budget. Backup and disaster recovery as a service (BaaS/DRaaS) should be part of that discussion.

Test Your Plan and Train Your People

As we noted above, the key to successful disaster recovery is preparation. Sponsored by the Department of Homeland Security (DHS), the National Institute of Standards and Technology (NIST) offers a tremendous resource for this purpose, the “Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities.” This in-depth guide covers every aspect of IT disaster recovery plan testing and training, including tabletop exercises, functional exercises, and test scope.

Leverage CISA Service Offerings

CISA’s Cybersecurity Quality Services Management Office (Cyber QSMO) Marketplace is another excellent resource. This online platform offers high-quality, cost-efficient cybersecurity services from CISA, the Department of Health & Human Services, the Department of Justice, and the Department of Transportation. Cyber QSMO’s initial list of offerings ranges from anomaly and event detection service to supply chain risk management tools and services. CISA also provides a catalog of known exploited vulnerabilities to reduce these significant risks to organizations further.

Fight Back Against Ransomware

We want to share one last resource: CISA’s Stop Ransomware website. The site offers resources, news, alerts, and how to report a ransomware attack so others can benefit from your experience, good or bad. On the subject of ransomware protection, we recommend a proactive, multi-layered approach that prevents, protects, and immunizes your backup data from cyberattacks using immutable backup storage. You can learn more here.

Be Ready to Recover

While these resources are valuable, the ultimate key to IT disaster recovery is choosing the right solution for your organization. That’s why we suggest you talk to an Arcserve backup and disaster recovery expert to find out which options may work best for you. You may also want to consider our Arcserve Continuous Availability software free trial for Windows, Linux, and UNIX environments.