Paper
How to Stand Up a Major Cyber Incident Investigations Board
A Guide for Independent Organizations and State and Local Governments to Develop a Sustainable Mechanism for Investigating and Drawing Lessons-Learned from Cyber Incidents Both in the Immediate Aftermath of a Cyber Incident and Long-Term
Introduction
The goal of this document is to provide guidance for any organization that wishes to set up an independent cyber incident review board. The document serves as a blueprint for an independent review board which may be needed by private or public organizations, such as municipalities, counties, hospitals, utilities, or other organizations that anticipate experiencing cyberattacks and wish to maximize their learning from them. We offer considerations and analysis throughout the document to present alternative options and insights. An organization such as a think tank, local or federal government agency, university, or other non-profit organization may also set up a MCIIB. Such a Board would conduct investigations of major cybersecurity incidents and deliver a report outlining the sequence of events, contributing factors, and recommendations for security practices.
There are three major stages of an investigation: Opening, Technical Investigation, and Board Review.
This document explains how to stand up a board, the tradeoffs which can be made, and the effects of those tradeoffs. We are also aware that investigations are often triggered by crises, and thread guidance for that scenario throughout the document.
See the attached PDF for the complete paper.
For more information on this publication:
Belfer Communications Office
For Academic Citation:
Ontiveros, Victoria, Tarah Wheeler and Adam Shostack. “How to Stand Up a Major Cyber Incident Investigations Board.” Paper, June 2022.
The Authors
Victoria Ontiveros
- Belfer Summer Research Assistant, Cyber Project
Tarah Wheeler
- Former Non-Resident Fellow, Cyber Project
Expertise:
- Conflict & Conflict Resolution
- Economics & Global Affairs
- Trade
- International cooperation
- European studies
- International Relations
- U.S. foreign policy
- United Nations
- NATO
- Globalization
- International Security & Defense
- Security Strategy
- Science & Technology
- Cyber Security
- Information technology
- Science & Technology Policy
- Recommended
- In the Spotlight
- Most Viewed
Recommended
Analysis & Opinions
- WIRED
Nervous About ChatGPT? Try ChatGPT With a Hammer
Analysis & Opinions
- Georgetown Journal of International Affairs
GPTs, Software Engineering, and a New Age of Hacking
In the Spotlight
Most Viewed
Analysis & Opinions
- Belfer Center for Science and International Affairs, Harvard Kennedy School
The Impact of Henry Kissinger
Analysis & Opinions
- Belfer Center for Science and International Affairs, Harvard Kennedy School
The Real-Life Events of "Oppenheimer"
Analysis & Opinions
- Foreign Affairs
Why Israel Slept
Introduction
The goal of this document is to provide guidance for any organization that wishes to set up an independent cyber incident review board. The document serves as a blueprint for an independent review board which may be needed by private or public organizations, such as municipalities, counties, hospitals, utilities, or other organizations that anticipate experiencing cyberattacks and wish to maximize their learning from them. We offer considerations and analysis throughout the document to present alternative options and insights. An organization such as a think tank, local or federal government agency, university, or other non-profit organization may also set up a MCIIB. Such a Board would conduct investigations of major cybersecurity incidents and deliver a report outlining the sequence of events, contributing factors, and recommendations for security practices.
There are three major stages of an investigation: Opening, Technical Investigation, and Board Review.
This document explains how to stand up a board, the tradeoffs which can be made, and the effects of those tradeoffs. We are also aware that investigations are often triggered by crises, and thread guidance for that scenario throughout the document.
See the attached PDF for the complete paper.
The Authors
Victoria Ontiveros
- Belfer Summer Research Assistant, Cyber Project
Tarah Wheeler
- Former Non-Resident Fellow, Cyber Project
- Conflict & Conflict Resolution
- Economics & Global Affairs
- Trade
- International cooperation
- European studies
- International Relations
- U.S. foreign policy
- United Nations
- NATO
- Globalization
- International Security & Defense
- Security Strategy
- Science & Technology
- Cyber Security
- Information technology
- Science & Technology Policy
- Recommended
- In the Spotlight
- Most Viewed
Recommended
Analysis & Opinions - WIRED
Nervous About ChatGPT? Try ChatGPT With a Hammer
Analysis & Opinions - Georgetown Journal of International Affairs
GPTs, Software Engineering, and a New Age of Hacking
In the Spotlight
Most Viewed
Analysis & Opinions - Belfer Center for Science and International Affairs, Harvard Kennedy School
The Impact of Henry Kissinger
Analysis & Opinions - Belfer Center for Science and International Affairs, Harvard Kennedy School
The Real-Life Events of "Oppenheimer"
Analysis & Opinions - Foreign Affairs
Why Israel Slept
