Paper
How to Stand Up a Major Cyber Incident Investigations Board
A Guide for Independent Organizations and State and Local Governments to Develop a Sustainable Mechanism for Investigating and Drawing Lessons-Learned from Cyber Incidents Both in the Immediate Aftermath of a Cyber Incident and Long-Term
Introduction
The goal of this document is to provide guidance for any organization that wishes to set up an independent cyber incident review board. The document serves as a blueprint for an independent review board which may be needed by private or public organizations, such as municipalities, counties, hospitals, utilities, or other organizations that anticipate experiencing cyberattacks and wish to maximize their learning from them. We offer considerations and analysis throughout the document to present alternative options and insights. An organization such as a think tank, local or federal government agency, university, or other non-profit organization may also set up a MCIIB. Such a Board would conduct investigations of major cybersecurity incidents and deliver a report outlining the sequence of events, contributing factors, and recommendations for security practices.
There are three major stages of an investigation: Opening, Technical Investigation, and Board Review.
This document explains how to stand up a board, the tradeoffs which can be made, and the effects of those tradeoffs. We are also aware that investigations are often triggered by crises, and thread guidance for that scenario throughout the document.
See the attached PDF for the complete paper.
For more information on this publication:
Belfer Communications Office
For Academic Citation:
Ontiveros, Victoria, Tarah Wheeler and Adam Shostack. “How to Stand Up a Major Cyber Incident Investigations Board.” Paper, June 2022.
The Authors
Victoria Ontiveros
- Belfer Summer Research Assistant, Cyber Project
Tarah Wheeler
- Former Non-Resident Fellow, Cyber Project
Expertise:
- Conflict & Conflict Resolution
- Economics & Global Affairs
- Trade
- International cooperation
- European studies
- International Relations
- U.S. foreign policy
- United Nations
- NATO
- Globalization
- International Security & Defense
- Security Strategy
- Science & Technology
- Cyber Security
- Information technology
- Science & Technology Policy
- Recommended
- In the Spotlight
- Most Viewed
Recommended
Paper
- Belfer Center for Science and International Affairs, Harvard Kennedy School
Advancing Cyber Norms Unilaterally: How the U.S. Can Meet its Paris Call Commitments
Analysis & Opinions
- The New York Times
How ChatGPT Hijacks Democracy
- Belfer Center for Science and International Affairs, Harvard Kennedy School
Series Explores AI and Algorithm Regulations and Practices
In the Spotlight
Most Viewed
Journal Article
- Research Policy
The Relationship Between Science and Technology
Paper
- Belfer Center for Science and International Affairs, Harvard Kennedy School
Ideal Qualities of a Successful Diplomat
Paper
India's Foreign Policy
Introduction
The goal of this document is to provide guidance for any organization that wishes to set up an independent cyber incident review board. The document serves as a blueprint for an independent review board which may be needed by private or public organizations, such as municipalities, counties, hospitals, utilities, or other organizations that anticipate experiencing cyberattacks and wish to maximize their learning from them. We offer considerations and analysis throughout the document to present alternative options and insights. An organization such as a think tank, local or federal government agency, university, or other non-profit organization may also set up a MCIIB. Such a Board would conduct investigations of major cybersecurity incidents and deliver a report outlining the sequence of events, contributing factors, and recommendations for security practices.
There are three major stages of an investigation: Opening, Technical Investigation, and Board Review.
This document explains how to stand up a board, the tradeoffs which can be made, and the effects of those tradeoffs. We are also aware that investigations are often triggered by crises, and thread guidance for that scenario throughout the document.
See the attached PDF for the complete paper.
The Authors
Victoria Ontiveros
- Belfer Summer Research Assistant, Cyber Project
Tarah Wheeler
- Former Non-Resident Fellow, Cyber Project
- Conflict & Conflict Resolution
- Economics & Global Affairs
- Trade
- International cooperation
- European studies
- International Relations
- U.S. foreign policy
- United Nations
- NATO
- Globalization
- International Security & Defense
- Security Strategy
- Science & Technology
- Cyber Security
- Information technology
- Science & Technology Policy
- Recommended
- In the Spotlight
- Most Viewed
Recommended
Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School
Advancing Cyber Norms Unilaterally: How the U.S. Can Meet its Paris Call Commitments
Analysis & Opinions - The New York Times
How ChatGPT Hijacks Democracy
- Belfer Center for Science and International Affairs, Harvard Kennedy School
Series Explores AI and Algorithm Regulations and Practices
In the Spotlight
Most Viewed
Journal Article - Research Policy
The Relationship Between Science and Technology
Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School
Ideal Qualities of a Successful Diplomat
Paper
India's Foreign Policy
