Federal Guidelines for Responding to Cyberattacks - International Law Office

"Internet Attacks on the Rise" reported on the dramatic increase in online attacks and the vulnerability of the Internet. In view of this situation, companies may wish to consider federal guidelines published in February this year, entitled “CIO Cyberthreat Response & Reporting Guidelines”, in assessing how to respond to a cyberattack. The better prepared an organization is to respond quickly and effectively to a cyberattack – be it an intrusion, virus, worm, denial of service or other attack – the better chance it has of minimizing the damage.

The 12-page guidelines were drafted by the Federal Bureau of Investigation (FBI) and the Secret Service in conjunction with private security experts brought together by CIO magazine, a trade publication for IT executives. The guidelines attempt to balance the government’s need for information in order to investigate attacks with the reluctance of commercial victims to publicize cyberattacks out of concern that they will scare away customers looking for secure transactions. The guidelines provide contact information and outline practices advocated by the FBI and the Secret Service. More specifically, the guidelines provide a framework and starting point for addressing a cyberattack by:

• developing an incident response plan;
  
  
• identifying the individuals and contact information necessary to implement the plan;
  
  
• testing the plan and developing contingency plans;
  
  
• determining what cybersecurity events to report to law enforcement agencies; and
  
  
• determining when and how to report an incident.

The guidelines are a useful source in formulating a proactive and responsive strategy and collating contact information. Businesses should review them to determine whether they are appropriate for implementation given a company’s individual circumstances.

For further information on this topic please contact Alan Raul at Sidley Austin Brown & Wood LLP by telephone (+1 202 736 8477) or by fax (+1 202 736 8711) or by email (araul@sidley.com). The Sidley Austin Brown & Wood website can be accessed at www.sidley.com and the firm's CyberLaw website is located at www.sidley.com/cyberlaw.