2025-08-04 –, Copa
During a wildfire, tornado or hurricane, who is in charge? In the United States, the answer is the Incident Commander as defined by the National Incident Management System (NIMS). NIMS provides a method to herd cats for all types of hazards regardless of agency. While the information security community developed several incident response systems from Fortune 100 companies to MITRE, these frameworks generally address tactics of an incident, instead we present a better way. Come drink the Kool-Aid with us and bring IT into the 20th century of incident response.
We will be utilizing humor on our slides to ensure an enjoyable experience to what can be a dry concept.
A fire fighter from San Diego can travel across the country to New York to respond to a wildfire in a different jurisdiction and use the same language, organizational structures, and terminology. Why can’t information technology professionals make the same trip?
If cyber security professionals wish to strengthen operation capacity across the industry we need to start with speaking the same language. This will be an introduction on the language and tools of local, state, tribal and territorial governments in response to a disaster event. We will encourage information sector professionals to respond to significant events with a standardized method for organizing people and equipment. The Incident Command System is tested and utilized during disasters regardless of size, scale, or type. Police, Fire, Coastguard, Nuclear Power Plants, Hospitals, Governments, utility companies and more utilize this system to safely, flexibly, and effectively manage events of any scale. We present this system in a byte sized way to encourage investigation and discussion of this topic without getting bogged down in the details. This talk is intended to start the education process and open the discussion for those looking for a deeper way to respond to incidents.
The problems facing IT is a lack interoperability and staff safety.First, we start defining the problems of current information technology sector's response to events as the lack of interoperability, and staff safety.
Regarding interoperability, most IT professionals must learn new incident response tactics upon joining a new organization, additionally turn over between staff during an incident is stressful for everyone involved.
Staff Safety is not managed by organizations well causing mental and behavioral stress leading to burn out. The National incident Management System identifies roles required to support team members protecting staff and reducing stress.
We present the Incident Command System (ICS), a part of the National Incident Management System (NIMS) as a more resilient and safe option during crisis. This system improves interoperability of staff across various agencies and departments. We will describe overarching themes and concepts intended to spark interest.
The overarching themes and concepts include: Division of work into organizational structures of the Operations, Planning, Logistics, and Finance and Administration Sections, flexibility of the system to grow organically with incident complexity and scale, standardization of roles and responsibilities, and span of control defining the best supervisor worker ratios tested and proven in dangerous situations.
We then propose a work group to develop the Cyber Incident Command System (CICS) a simplified version that is compatible with the National Incident Management System enabling Information Technology teams to quickly adopt a command system for their unique situations.
We finish with a pointer to free online training in the subject for deeper investigation.
We will use clear, plain language keeping the entire talk at a level where nonpractitioners can approach the topics and understand what is discussed.
Scott has over a decade of experience in information security in offensive and defensive security teams. A majority of his experience comes from thinking like an adversary trying to infiltrate hospitals, warehouses, office buildings, and colleges. Scott has spent a considerable amount of effort developing exploits and thinking of ways to make devices do things they weren’t designed to do. He has also spent time building and maintaining defenses for hospitals, K-12, secondary education, and corporate networks.
Scott is an active volunteer at denhac, The Denver Hackerspace. He helps manage the local network and occasionally instructs classes on various information security topics and software defined radios. When he’s not sitting in front of a computer, he can commonly be found riding his adventure motorcycle in the mountains of Colorado, Utah and Arizona.
Blake Scott is the Public Health Emergency Preparedness Senior Planner for a local government. Working for 7 years in disaster related work for a rural community he experienced more than 14 local disaster declarations during his career. He's incredibly passionate about serving the public and improving scientific and operational disaster response and recovery from a sensible place. He serves as a steering committee member for his healthcare coalition and the Healthcare and Public Health Sector Coordinating Council Cyber Working Group as a public health member. He likes hiking, mountain biking, camping, and silly gadgets which have questionable usefulness.