{"id":3455,"date":"2020-03-10T11:01:00","date_gmt":"2020-03-10T15:01:00","guid":{"rendered":"http:\/\/gsablogs.gsa.gov\/technology\/?p=3455"},"modified":"2024-01-11T18:16:43","modified_gmt":"2024-01-11T23:16:43","slug":"incident-response-protecting-your-agency-before-and-after-a-cyber-attack","status":"publish","type":"post","link":"https:\/\/gsablogs.gsa.gov\/technology\/2020\/03\/10\/incident-response-protecting-your-agency-before-and-after-a-cyber-attack\/","title":{"rendered":"Incident Response: Protecting Your Agency Before and After a Cyberattack"},"content":{"rendered":"\n<p>As cyberattacks increase in size and frequency, it is important for every agency to protect its network from incidents that can jeopardize the confidentiality, integrity, or availability of an information system. The Office of Management and Budget and the Department of Homeland Security determined that 74 percent of federal agencies participating in their <a rel=\"noreferrer noopener\" aria-label=\"2018 assessment (opens in a new tab)\" href=\"https:\/\/www.whitehouse.gov\/wp-content\/uploads\/2018\/05\/Cybersecurity-Risk-Determination-Report-FINAL_May-2018-Release.pdf\" target=\"_blank\">2018 assessment<\/a> had cybersecurity programs that were either at risk or high risk.<\/p>\n\n\n\n<p>While an agency can take proactive measures to prevent cyberattacks, an incident may still occur. When a cyberattack or other damaging incident occurs in an agency\u2019s network, reactive measures such as incident response must be taken to preserve the integrity of the information system. <\/p>\n\n\n\n<p>Incident response is the methodology an organization uses to respond to and manage a cyberattack. A data breach or cyberattack can wreak havoc and potentially affect employee security, intellectual property, and agency time and resources. Incident response protocol aims to reduce this damage and recover as quickly as possible.<\/p>\n\n\n\n<p>Incident response protects organizations against four common types of incidents:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"937\" height=\"590\" src=\"http:\/\/gsablogs.gsa.gov\/technology\/files\/2020\/03\/incident-response-infographic-4.1.jpg\" alt=\"\" class=\"wp-image-3460\" srcset=\"https:\/\/gsablogs.gsa.gov\/technology\/files\/2020\/03\/incident-response-infographic-4.1.jpg 937w, https:\/\/gsablogs.gsa.gov\/technology\/files\/2020\/03\/incident-response-infographic-4.1-300x189.jpg 300w, https:\/\/gsablogs.gsa.gov\/technology\/files\/2020\/03\/incident-response-infographic-4.1-768x484.jpg 768w\" sizes=\"auto, (max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" \/><\/figure>\n\n\n\n<p>GSA\u2019s <a href=\"https:\/\/www.gsa.gov\/technology\/technology-products-services\/it-security\/highly-adaptive-cybersecurity-services-hacs\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Highly Adaptive Cybersecurity Services (opens in a new tab)\">Highly Adaptive Cybersecurity Services<\/a> (HACS) Special Item Number (SIN) offers incident response services to help organizations with compromised systems. These services help to determine the extent of the incident, remove the adversary from systems, and restore networks to a more secure state. <\/p>\n\n\n\n<p>HACS incident response services can also be used to proactively plan for future attacks. The benefits of preparing and maintaining an incident response plan helps agencies handle cybersecurity events and minimizes the impact of potential threats while strengthening an agency\u2019s defenses against any future incidents.<\/p>\n\n\n\n<p>Below is an example of an incident response plan: <\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"\"><tbody><tr><td class=\"has-text-align-left\" data-align=\"left\"><strong>Incident Response Step<\/strong><\/td><td><strong>Action Taken<\/strong><\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">Preparation&nbsp;<\/td><td>Create an asset list and system baseline.<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">Detection and Analysis<\/td><td>Analyze events to determine whether they constitute an incident.<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">Containment, Eradication, and Recovery<\/td><td>Prevent further damage from an incident, and determine the cause of an incident so that the system can be returned to the previously known neutral state. Restore compromised system to operational status.<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">Post-Incident Activity<\/td><td>Provide final report of the incident identifying current procedures for efficacy and whether those procedures were followed properly.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Another benefit of the HACS SIN is that the vendors included under the <a href=\"https:\/\/www.gsaelibrary.gsa.gov\/ElibMain\/sinDetails.do?executeQuery=YES&amp;scheduleNumber=70&amp;flag=&amp;filter=&amp;specialItemNumber=132+45&amp;subcategoryCode=132454\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"incident response subcategory (opens in a new tab)\">incident response subcategory<\/a> have passed a technical evaluation and can provide individualized incident response plans. If an agency already has an incident response plan, vendors can evaluate the plan and provide services that adapt to that individualized plan. Vendors use qualified resources to minimize the impact of cyber-attacks and avoid future incidents. Incident response services can also augment agency resources during a large scale incident.<\/p>\n\n\n\n<p>For more information on incident response and how GSA\u2019s HACS SIN can provide your agency with incident response services, please visit the <a href=\"https:\/\/www.gsa.gov\/technology\/technology-products-services\/it-security\/highly-adaptive-cybersecurity-services-hacs\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"HACS Homepage (opens in a new tab)\">HACS Homepage<\/a>.<\/p>\n\n\n\n<p>To learn more about the additional services the HACS SIN provides, watch our <a rel=\"noreferrer noopener\" aria-label=\"HACS Overview Video (opens in a new tab)\" href=\"https:\/\/www.youtube.com\/watch?v=n2YlNXGZdxA\" target=\"_blank\">HACS Overview Video<\/a>.<\/p>\n\n\n\n<p>Please follow us on Twitter <a href=\"https:\/\/twitter.com\/GSA_ITC\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"@GSA_ITC (opens in a new tab)\">@GSA_ITC<\/a> and <a href=\"https:\/\/www.linkedin.com\/showcase\/office-of-information-technology-category-itc-\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"LinkedIn (opens in a new tab)\">LinkedIn<\/a> to join our ongoing conversations about government IT.<\/p>\n\n\n\n<p>To get updates for this blog, please sign up on the right-hand side of the page where it says <a href=\"https:\/\/www.gsa.gov\/technology\/technology-programs\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Sign up for Blog Updates (opens in a new tab)\">Sign up for Blog Updates<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As cyberattacks increase in size and frequency, it is important for every agency to protect its network from incidents that can jeopardize the confidentiality, integrity, or availability of an information system. The Office of Management and Budget and the Department of Homeland Security determined that 74 percent of federal agencies participating in their 2018 assessment &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/gsablogs.gsa.gov\/technology\/2020\/03\/10\/incident-response-protecting-your-agency-before-and-after-a-cyber-attack\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Incident Response: Protecting Your Agency Before and After a Cyberattack&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1138,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[19152],"tags":[135],"class_list":["post-3455","post","type-post","status-publish","format-standard","hentry","category-it-security","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/gsablogs.gsa.gov\/technology\/wp-json\/wp\/v2\/posts\/3455","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gsablogs.gsa.gov\/technology\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gsablogs.gsa.gov\/technology\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gsablogs.gsa.gov\/technology\/wp-json\/wp\/v2\/users\/1138"}],"replies":[{"embeddable":true,"href":"https:\/\/gsablogs.gsa.gov\/technology\/wp-json\/wp\/v2\/comments?post=3455"}],"version-history":[{"count":14,"href":"https:\/\/gsablogs.gsa.gov\/technology\/wp-json\/wp\/v2\/posts\/3455\/revisions"}],"predecessor-version":[{"id":3471,"href":"https:\/\/gsablogs.gsa.gov\/technology\/wp-json\/wp\/v2\/posts\/3455\/revisions\/3471"}],"wp:attachment":[{"href":"https:\/\/gsablogs.gsa.gov\/technology\/wp-json\/wp\/v2\/media?parent=3455"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gsablogs.gsa.gov\/technology\/wp-json\/wp\/v2\/categories?post=3455"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gsablogs.gsa.gov\/technology\/wp-json\/wp\/v2\/tags?post=3455"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}