Incident Response Planning for Critical Infrastructure
Summary
Ravinn was engaged by a Critical Infrastructure company specilising in Utilities, to review their Cyber security Incident Response Plan (CSIRP) and update it to align with ACSC and SOCI requirements as well as being fit for purpose for the organisation. The Ravinn team conducted a gap analysis against the existing CSIRP with the ACSC requirements, which provided the foundation for a detailed list of recommendations and improvements to their plan. The end result was an updated CSIRP that aligned strongly to industry best practice (ACSC and SOCI) whilst still being tailored to the unique environment that the company operates in.
Key Outputs
Two of Ravinn’s security consultants, experienced in Incident response planning and cyber threat intelligence (CTI), worked with the client to ensure that the CSIRP was updated and upgraded whilst being tailored to their unique need and obligations. This included:
- Detailed Review. A detailed review of the existing CSIRP, supporting playbooks and relevant artefacts (including emergency / crisis management plans, BCPs, DRPs etc) to identify where there are gaps and what elements required updated.
- Gap Analysis. A gap analysis of the existing CSIRP against the ACSC requirements to provide detailed recommendations for improvement.
- Updated CSIRP. Updating the CSIRP to align with best practice and the relevant standards including ACSC incident response planning guidance, and the SOCI Act Enhanced Cyber Security Obligations for Systems of National Significance (SoNS).
- Future Recommendations. Identification of further improvements or refinements of plans, playbooks and procedures that can be achieved by the company to effectively response to all future cyber security incidents.
Challenge
The development of this CSIRP was not a challenge, but it is the effects of the clients’ operating environment and the tailoring of this plan to mitigate those that adds complexity.
Creating an effective CSIRP involves several significant challenges, including keeping up with the rapidly evolving and sophisticated threat landscape, managing resource constraints, and ensuring seamless coordination and communication both internally and externally. Additionally, utilities companies must navigate diverse regulatory requirements and legal implications, conduct realistic and regular testing and updates of the IRP, and efficiently manage multiple stakeholders during an incident.
The complexity of their operating environment, which involves multiple locations, systems, and technologies, further complicates the development and implementation of a cohesive IRP. Cultural and organisational challenges, such as ensuring employee awareness and training, and maintaining executive support, also play a crucial role.
Ravinn was able to update and provide a comprehensive CSIRP with supporting artefacts that will provide sufficient guidance and direction to the company in the instance of a cyber security incident. The supporting templates provided allows for a structured response and effective documentation of the incident and flow on effects.
Choosing Ravinn
Ravinn has proven experience in Cyber security Incident Response throughout multiple industries and critical infrastructure sectors, specifically having been involved in the development of CSIRPs for organisations within the transport sector, energy sector, water sector and healthcare sector. Our Incident Response Approaches are:
- Risk cased and threat lead. Every organisation is different, understanding your unique operating environment and those real and relevant threats specific to your organisation should set the context by which your target security levels are estimated and met. Our intelligence team begin every engagement with a tailored threat assessment against your organisation which provides us with a deep understanding of the specific threats, actors, and their techniques that threaten you and your provision of services. Every organisation faces different threats, and we ensure that our incident response plans reflect those nuances and offer the best response strategy for you.
- Relevant. The threats that you face will be different to others and the way you respond to those will subsequently also be different – we understand this. Our depth of experience across defence, incident response planning, and intelligence analysis provides us the foundation to deliver a plan that is relevant to your specific organisation and allows you to respond to incidents in an effective and efficient way. Ravinn understands that a critical understanding of your people, your processes and your ability to response should all be taken into consideration when building a plan that works for you.
- Industry standardised. Our team are experienced in the Critical Infrastructure space and understand your requirements under the SOCI Act to uplift your CSIRP in line with the detailed requirements. Our understanding of ACSC requirements and ‘best practice recommendations’ will ensure that your plans align with this.