Protected Voices: Incident Response
The FBI’s Protected Voices initiative provides cybersecurity recommendations to political campaigns on multiple topics, including incident response, to help mitigate the risk of cyber influence operations targeting U.S. elections.
No matter how strong your cyber defenses may be, you cannot block every possible attack on your computer network. How can you prepare for the worst-case scenario—a successful cyber attack on your campaign’s network?
Hello, I’m Hadley, a special agent with the FBI. I’m here to share some recommendations for drafting an incident response plan.
Creating a plan to respond to incidents on your network is just as important as preventing them. If you can design and execute a thoughtful response, you may be able to lessen the damage done, and even avoid damage altogether.
Before you make an incident response plan, identify what’s at risk. What are the most important pieces of your campaign that could be affected by a cyber attack? How could a successful cyber attack impact your campaign? Different functions or different kinds of information in a campaign might be of different urgency or value. Knowing what really matters to your campaign’s ability to function will be critical in designing the best way to respond to an attack.
There are three main components to an incident response plan: technical, legal, and managerial. As part of your plan, designate specific, skilled people who are best positioned to cover those functions. What information does each component need? What should you expect from each component? What’s the chain of command? To whom does the team report? Who has the authority to make judgment calls as to when the campaign’s computer networks will be taken down, quarantined, or put back online?
After identifying your team, find a way for the team members can communicate that does not rely on compromised systems. If your incident response team talks on a channel where the attacker is listening, you’ve created more problems.
Develop a playbook to address the most likely incidents. Various types of incidents might require different kinds of responses, depending on which systems are affected and to what extent. Each response should include these elements: whom to notify in the campaign, what information to collect, when and how to contact law enforcement, how to preserve evidence, whether other potential victims should be warned which facts a decision-maker will use to decide how to treat affected systems.
Your plan should cover these basic steps: Assess the attack and potential damage; contain the attack to prevent additional damage; collect information about the attack to inform decision-makers, law enforcement and other victims; notify your internal command chain and outside partners to address all aspects of the attack, especially to remediate any damage.
As part of your planning process, consider contacting law enforcement and private IT/security partners who may be involved in your incident response. You can ask for guidance from these partners ahead of time to fine-tune your plan.
Ensure your legal, technical, and management experts approve of your incident response plan. And make sure your response team regularly reviews and practices the plan.
Drafting an incident response plan can be intimidating if you’ve never done it. There are several free resources online, including guides published by the Department of Justice and by the U.S. Election Assistance Commission.
Stay a step ahead of attackers by anticipating how you will respond to their attacks. You will save your campaign valuable time in responding to attacks, and your prep work might minimize the damage from a successful attack.
Remember, your voice matters, so protect it.
- 05.28.2020 — Inside the FBI Podcast: IC3 Turns 20
- 05.21.2020 — FBI Phoenix Joins Arizona Law Enforcement Leaders in Honoring the Fallen
- 05.21.2020 — FBI Sacramento SAC Congratulates Fairfield Police Chief
- 05.18.2020 — 2020 Police Week FBI Chicago Candlelight Vigil
- 05.15.2020 — FBI Dallas Honors Fallen Agents in National Police Week Message
- 05.15.2020 — FBI Honolulu COVID-19 Public Service Announcement
- 05.15.2020 — FBI San Diego Honors Fallen Officers During National Police Week
- 05.15.2020 — FBI New Orleans Recognizes Peace Officers Memorial Day
- 05.14.2020 — 2020 FBI Wall of Honor Memorial Service
- 05.14.2020 — Director Wray Honors Law Enforcement Partners During National Police Week
- 05.11.2020 — Minneapolis FBI Honors Fallen Agents in National Police Week Message
- 05.08.2020 — Jacksonville SAC Congratulates High School Graduates
- 05.08.2020 — Seattle FBI Recognizes Fallen Officers in Police Week Message
- 05.04.2020 — FBI Dallas COVID-19 Public Service Announcement
- 04.30.2020 — Inside the FBI Podcast Trailer: FBI Top Ten List Turns 70
- 04.30.2020 — FBI Jacksonville Honors Director's Community Leadership Award Recipient
- 04.29.2020 — FBI Volunteers Assist Families in Philadelphia
- 04.22.2020 — FBI San Francisco COVID-19 Public Service Announcement
- 04.21.2020 — New Orleans Special Agent in Charge Remarks on FBI During Coronavirus
- 04.21.2020 — El Paso Special Agent in Charge Remarks on FBI During Coronavirus Emergency