In February, members of both the CNYRIC and OCM BOCES teams took part in a tabletop cybersecurity exercise that was designed to walk participants through a simulated cyber incident and test how they would respond in a real-world scenario. The primary goal of the exercise wasn’t to “catch mistakes,” but rather to strengthen coordination, decision-making, and preparedness among both teams.
During the exercise, participants worked on identifying suspicious activity, determining who and what may have been impacted, and deciding when and how to respond. The scenario required teams to balance speed, accuracy, and critical communication while dealing with incomplete information; just like they would in a real incident.
The team(s) demonstrated strong collaboration and a thoughtful approach to incident response. Participants were able to successfully identify potential compromised accounts, assess affected systems, and discuss appropriate containment actions such as securing access and increasing monitoring. Perhaps most critically, the group actively avoided rushing to conclusions, and instead focused on evidence-based decision-making.
And while the tabletop highlighted the team’s strengths in particular aspects of the simulation, there’s always room for improvement, especially as cyberthreats continue to increase in both frequency and sophistication. The post-scenario review identified that both the clarity of what was being communicated and speed at which that occurred were areas that could see some continued improvement. It also emphasized the importance of having the right information easily accessible to quickly understand the scope and impact of this kind of attack. The exercise also reinforced the need to involve the appropriate stakeholders early when sensitive data may be affected.
Those who work with the CNYRIC know that we strive to be equal part leader and liaison when it comes to best practices for incident response, navigating the rules set forth by New York State and making sure we help districts adhere to them, while also having a firm understanding of how to handle apply them internally as well. But a critical part of facilitating both roles is partaking in scenarios such as these, which serve to strengthen our processes, improve our communication, and help protect the systems and data our organization(s) depend on.
"We'll continue using insights from this exercise to refine our response plans, improve coordination, and strengthen our overall cybersecurity posture,” said CNYRIC Director Chantal Corbin.
Special thanks go out to TALAS Security for helping conduct and moderate this simulation!
