Paper
How to Stand Up a Major Cyber Incident Investigations Board
A Guide for Independent Organizations and State and Local Governments to Develop a Sustainable Mechanism for Investigating and Drawing Lessons-Learned from Cyber Incidents Both in the Immediate Aftermath of a Cyber Incident and Long-Term
Introduction
The goal of this document is to provide guidance for any organization that wishes to set up an independent cyber incident review board. The document serves as a blueprint for an independent review board which may be needed by private or public organizations, such as municipalities, counties, hospitals, utilities, or other organizations that anticipate experiencing cyberattacks and wish to maximize their learning from them. We offer considerations and analysis throughout the document to present alternative options and insights. An organization such as a think tank, local or federal government agency, university, or other non-profit organization may also set up a MCIIB. Such a Board would conduct investigations of major cybersecurity incidents and deliver a report outlining the sequence of events, contributing factors, and recommendations for security practices.
There are three major stages of an investigation: Opening, Technical Investigation, and Board Review.
This document explains how to stand up a board, the tradeoffs which can be made, and the effects of those tradeoffs. We are also aware that investigations are often triggered by crises, and thread guidance for that scenario throughout the document.
See the attached PDF for the complete paper.
For more information on this publication:
Belfer Communications Office
For Academic Citation:
Ontiveros, Victoria, Tarah Wheeler and Adam Shostack. “How to Stand Up a Major Cyber Incident Investigations Board.” Paper, June 2022.
The Authors
Victoria Ontiveros
- Belfer Summer Research Assistant, Cyber Project
Tarah Wheeler
- Former Non-Resident Fellow, Cyber Project
Expertise:
- Conflict & Conflict Resolution
- Economics & Global Affairs
- Trade
- International cooperation
- European studies
- International Relations
- U.S. foreign policy
- United Nations
- NATO
- Globalization
- International Security & Defense
- Security Strategy
- Science & Technology
- Cyber Security
- Information technology
- Science & Technology Policy
- Recommended
- In the Spotlight
- Most Viewed
Recommended
Paper
- Belfer Center for Science and International Affairs, Harvard Kennedy School
Addressing Russian and Chinese Cyber Threats: A Transatlantic Perspective on Threats to Ukraine and Beyond
Broadcast Appearance
- WGBH News
Legal Questions Surround Montana's TikTok Ban
Speech
- cyberscoop
Rethinking Democracy for the Age of AI
In the Spotlight
Most Viewed
Analysis & Opinions
US-China Relations: An Interview with Graham Allison
Paper
- Belfer Center for Science and International Affairs, Harvard Kennedy School
Addressing Russian and Chinese Cyber Threats: A Transatlantic Perspective on Threats to Ukraine and Beyond
Introduction
The goal of this document is to provide guidance for any organization that wishes to set up an independent cyber incident review board. The document serves as a blueprint for an independent review board which may be needed by private or public organizations, such as municipalities, counties, hospitals, utilities, or other organizations that anticipate experiencing cyberattacks and wish to maximize their learning from them. We offer considerations and analysis throughout the document to present alternative options and insights. An organization such as a think tank, local or federal government agency, university, or other non-profit organization may also set up a MCIIB. Such a Board would conduct investigations of major cybersecurity incidents and deliver a report outlining the sequence of events, contributing factors, and recommendations for security practices.
There are three major stages of an investigation: Opening, Technical Investigation, and Board Review.
This document explains how to stand up a board, the tradeoffs which can be made, and the effects of those tradeoffs. We are also aware that investigations are often triggered by crises, and thread guidance for that scenario throughout the document.
See the attached PDF for the complete paper.
The Authors
Victoria Ontiveros
- Belfer Summer Research Assistant, Cyber Project
Tarah Wheeler
- Former Non-Resident Fellow, Cyber Project
- Conflict & Conflict Resolution
- Economics & Global Affairs
- Trade
- International cooperation
- European studies
- International Relations
- U.S. foreign policy
- United Nations
- NATO
- Globalization
- International Security & Defense
- Security Strategy
- Science & Technology
- Cyber Security
- Information technology
- Science & Technology Policy
- Recommended
- In the Spotlight
- Most Viewed
Recommended
Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School
Addressing Russian and Chinese Cyber Threats: A Transatlantic Perspective on Threats to Ukraine and Beyond
Broadcast Appearance - WGBH News
Legal Questions Surround Montana's TikTok Ban
Speech - cyberscoop
Rethinking Democracy for the Age of AI
In the Spotlight
Most Viewed
Analysis & Opinions
US-China Relations: An Interview with Graham Allison
Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School
Addressing Russian and Chinese Cyber Threats: A Transatlantic Perspective on Threats to Ukraine and Beyond
