I was watching the 60 Minutes interview with Captain Sullenberger and his flight crew on Sunday. If you haven’t seen it, please take a few minutes to watch the interview below:
CBS 60 Min Interview with Capt. Sullenberger
Introduction
I was struck by the professionalism and the calmness of the flight crew and especially Capt. Sullenberger. During the interview, I kept thinking about how this could be applied to the information security industry, and especially to my CISO counterparts. What are some lessons for handling our emergencies, security incidents, that we should learn from this near tragedy?
No matter how well designed the Airbus A320 that was used by US Air Flight 1549, problems can arise that are outside of the control of the plane designers and their flight crew. In Flight 1549’s case, these problems were not design flaws but a flock of birds. Equate that to our world of information security. We have designed networks. We have purchased firewalls, intrusion prevention systems, and various other types of technologies to secure the companies that employ us. Yet there are times that we still have security breaches. How can we take the lessons of Capt. Sullenberger and his crew and apply them to our industry?
Training
The first thing that I noticed from the interview was how Capt. Sullenberger immediately took over the plane’s climb out from Jeffrey B. Skiles, his First Officer. There was an obvious protocol for transition. The flight team’s training was obvious. They immediately began checking down through various protocols, attempting to restart the engines, calling an emergency all the while attempting to glide the disabled plane to safety.
Is there a clear and defined process for handling your security incidents at your company? Have ALL of your IT and information security employees been trained on those procedures and know their responsibilities? If your organization does not have a documented Incident Response policy and procedures, you should immediately develop one. I would say that many companies do have an Incident Response Policy and Procedures. However, most companies do not provide adequate training for those procedures. Make sure that your IT and Security staff are not only aware of the Incident Response policy and procedures but have yearly training so that they are familiar with them.
Testing
When listening to Capt. Sullenberger describe his background, his experience in handling emergency procedures was clear. Capt. Sullenberger obviously had used simulators and role playing in his safety consulting practice and accident investigations.
Training and clearly written procedures are absolutely critical in the handling of security incidents. One of the most obvious omissions is the TESTING of those procedures. Running a periodic test of the incident handling procedures not only provides a training vehicle, but also helps refine the process for when the real emergency occurs. Test your Incident Procedures at least yearly to ensure this process works smoothly when you need it.
Teamwork
During the interview you heard Capt. Sullenberger say several times that he trusted in his flight crew as professionals. He mentioned that he heard the flight attendants in the main cabin quickly understand and prepare the cabin with his very terse phrase, “Brace for impact,” while he and First Officer Skiles were gliding the plane and quickly assessing a landing area. Capt. Sullenberger had faith that his crew knew what to do and didn’t second guess them. His crew had faith in Capt. Sullenberger and that he would keep them safe.
Ensuring that we have the right members of the Incident Response team is critical. Do we have a PR person identified? Can we retrieve emergency backups if necessary? All these team members are critical to a successful incident response procedure. Ensure that your team is in place and is prepared.
Calmness
Finally, I noticed that during the entire 3.5 minutes that Capt. Sullenberger had to land that airplane, his demeanor was always professional and calm. The entire crew and even the passengers noticed that trait.
I have seen many IT and security organizations panic when an incident is identified. It interrupts daily operations, business and can take away focus from other important items in a company. Keeping calm in an emergency can help focus your team. It keeps your co-executives from being uneasy and helps to ensure your success.
Remember these lessons from the Captain Sullenberger and his crew. His lessons are very useful for us all. From my heart and the families of the passengers of Flight 1549:
Thank You!
Do you have an opinion? I’d love to hear it!
- Using Analytics to Measure InfoSec Success Introduction As today's companies become leaner and meaner, I see the use of performance metrics...
- Cheapest, Easiest and Most Effective Security - Security Awareness Training In my career I have been asked hundreds of times what single item is the...
- Ensuring your SaaS Vendor is Secure /caption] Cloud computing and Software as a Service (Saas) are quickly replacing software vendors in...
Related Websites
