Protected Voices: Incident Response
The FBI’s Protected Voices initiative provides cybersecurity recommendations to political campaigns on multiple topics, including incident response, to help mitigate the risk of cyber influence operations targeting U.S. elections.
No matter how strong your cyber defenses may be, you cannot block every possible attack on your computer network. How can you prepare for the worst-case scenario—a successful cyber attack on your campaign’s network?
Hello, I’m Hadley, a special agent with the FBI. I’m here to share some recommendations for drafting an incident response plan.
Creating a plan to respond to incidents on your network is just as important as preventing them. If you can design and execute a thoughtful response, you may be able to lessen the damage done, and even avoid damage altogether.
Before you make an incident response plan, identify what’s at risk. What are the most important pieces of your campaign that could be affected by a cyber attack? How could a successful cyber attack impact your campaign? Different functions or different kinds of information in a campaign might be of different urgency or value. Knowing what really matters to your campaign’s ability to function will be critical in designing the best way to respond to an attack.
There are three main components to an incident response plan: technical, legal, and managerial. As part of your plan, designate specific, skilled people who are best positioned to cover those functions. What information does each component need? What should you expect from each component? What’s the chain of command? To whom does the team report? Who has the authority to make judgment calls as to when the campaign’s computer networks will be taken down, quarantined, or put back online?
After identifying your team, find a way for the team members can communicate that does not rely on compromised systems. If your incident response team talks on a channel where the attacker is listening, you’ve created more problems.
Develop a playbook to address the most likely incidents. Various types of incidents might require different kinds of responses, depending on which systems are affected and to what extent. Each response should include these elements: whom to notify in the campaign, what information to collect, when and how to contact law enforcement, how to preserve evidence, whether other potential victims should be warned which facts a decision-maker will use to decide how to treat affected systems.
Your plan should cover these basic steps: Assess the attack and potential damage; contain the attack to prevent additional damage; collect information about the attack to inform decision-makers, law enforcement and other victims; notify your internal command chain and outside partners to address all aspects of the attack, especially to remediate any damage.
As part of your planning process, consider contacting law enforcement and private IT/security partners who may be involved in your incident response. You can ask for guidance from these partners ahead of time to fine-tune your plan.
Ensure your legal, technical, and management experts approve of your incident response plan. And make sure your response team regularly reviews and practices the plan.
Drafting an incident response plan can be intimidating if you’ve never done it. There are several free resources online, including guides published by the Department of Justice and by the U.S. Election Assistance Commission.
Stay a step ahead of attackers by anticipating how you will respond to their attacks. You will save your campaign valuable time in responding to attacks, and your prep work might minimize the damage from a successful attack.
Remember, your voice matters, so protect it.
- 01.15.2021 — FBI San Francisco Field Office Message on Protecting Communities
- 01.12.2021 — Vodcast: Wanted by the FBI - Hung Tien Pham
- 12.31.2020 — FBI Washington Field Office Warns the Public About Reshipping Scams
- 12.31.2020 — FBI Washington Field Office Warns the Public About Work From Home Scams
- 12.31.2020 — FBI Washington Field Office Warns Consumers About Gift Card Scams
- 12.22.2020 — Be Aware of Online Shopping Scams this Holiday Season
- 12.21.2020 — FBI Special Agent in Charge Craig Fair announces reward in San Francisco church arson
- 12.16.2020 — FBI Pittsburgh Highlights Teen Academy
- 12.16.2020 — Luis Quesada: Felices Fiestas
- 12.16.2020 — FBI El Paso Holiday Message
- 12.09.2020 — Seeking Information on Man Who Fired Rifle at Chicago Metra Stop
- 12.03.2020 — FBI Omaha Offers Strategies to Beat Shopping Scams
- 12.03.2020 — FBI Omaha Offers Strategies to Beat Social Media Scams
- 12.03.2020 — FBI Omaha Offers Strategies to Beat Charity Scams
- 11.18.2020 — Highlights from Director Wray's Remarks at World Economic Forum Annual Meeting on Cybersecurity
- 11.18.2020 — FBI San Diego Thanksgiving Message
- 11.13.2020 — Remarks by Sanjay Virmani About IRGC Covert Influence Campaign
- 11.10.2020 — FBI Tampa Veterans Day Message
- 11.02.2020 — FBI Buffalo and U.S. Attorney Remarks on Integrity and Security of Elections
- 10.23.2020 — Zach Gusé: I Wanted to Let the Light In