Event Recording

Building Resilience After a Major Incident

Log in and watch the full video!

This presentation will explore resilience measures to be taken immediately after a major incident.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
And it, when I think about this, it's often personal resilience in a security team is as important as the resilience of the organization when you're doing this every single day. And one of the things that, like we recognize is security at is a, is a global scale
Problem. That's really, really hard. We all recognize that, but it's in an individual moment when every single part of that global scale is tested, right? It's a phone call, it's an email, it's a, you know, a single vulnerability that you may or may not have seen before. What I wanted to do today was use a, a story in an example of something that we would all hopefully recognize to expose actually some of the challenges we face and some of the mistakes we continue to make every single day, every moment, every year. And to provoke us a little bit to thinking about, you know, actually how we can do something different. My assertion is that resilience of teams and of organizations and society has never been more critical.
We talked earlier on today about, you know, how vulnerable we are digitally, Actually, I think the better word to use is, is fragile. Use the word. If you describe something that's fragile, you treat it very carefully. Vulnerability can be sort of adapted, but if something is inherently fragile, then I think it, it changes how we approach the problem. And we've talked a little bit and we continue to feel how very volatile, uncertain, complex and ambiguous the world we live in today is, we touch on all of those kind of things. So you take a fragile thing and you place it in a very, very uncertain, ambiguous, and complex world. I think that's the world we live in. What I suggest we do for a minute though, is step back in time a little bit because we talk about the current levels of uncertainty in the world as being unprecedented. But actually if we go back to 1980, I would suggest that things were pretty volatile, uncertain and complex. Then
Inflation interest rates peaked over 20% in the US we're on the, on the verge of a global recession. We had a very uncertain partner in eastern Europe. It ran in Iraq, we're kicking off war. Prince Charles and Diana were married. You know, certain, just some very uncertain things were happening. You know, we had Terrorised attacks at the Octoberfest here in Germany. A number of big uncertain problems were playing out in the world, not dissimilar to what we're facing today. Oil prices spiking through the roof and a movie star was elected president of the United States. Now, who could imagine that, that a television or a celebrity could be elected? The, the, the, the, the president of the United States. And if you see what's been happening in the States last over the last evening, then anything could happen. But on the 70th day of Reagan's presidency, just after, just before three o'clock in the afternoon, he was leaving the Hilton Hotel in dc
He was shot and rushed to hospital. What played out before, during, and after that incident, which is, you know, it's been covered by all of us for an un understood, I think is a beautiful example of how resilience can both be challenged but also overcome. So as we see, he left the building at that point. He was surrounded by the standard diamond formation of secret service agents. And if anybody in the world is gonna protect a world leader or something of huge value, then I'd often put my money on the, the US Presidential Secret Service detail in this instance that was ineffective. What they'd done only a few weeks previously is reduced the cordon and the distance that the public were allowed to approach because President Reagan had won on a ticket of being popular and open and then every man, and he said, I want to be seen to be meeting people. This is my, sort of, my power is my connection to people reduce the accordance. So that can happen. They did. What I'd like to do with your permission is to play a very short video of what happened just after this photo was taken. And then we'll, we'll step through.
It's possibly better you don't hear the sound.
No matter how many times I watch that, I'm always struck by the immediate change from smiling, calm at to absolute chaos. And we know that's the moment within any of our organizations. When a, when a significant destructive cyber event happens, you go from calm, filling out templates, normal governance calls, you can predict what will happen in the next week of all the meetings and conversations you're gonna have to absolute chaos. Almost immediately. The Secret Service team sent this message over the radio. Raw Hyde was his Secret Service name based on his previous films. Crown was the White House. They said, Raw hde is, okay, we're going to crown, let's go straight back to the White House, the situation room to understand what was happening and take control of the situation. However, raw Hyde wasn't. Okay. As he was bundled into the car, he put his arm up to, to break his for cause a series of people pushing him into a, a bulletproof car.
One of the bullets of the six bullets from the shooter, Michael Henley ricocheted off a bulletproof car and entered into Reagan's lung relatively quickly, filling it with blood. As he got into the car, they said, Are you okay? He said, I think I've broken a rib. He took a, you know, a handkerchief and ded his lips. There's a little bit of blood there. So on the way they diverted, immediately leaving the rest of the protection detail to George Washington Hospital, he still felt and seen relatively okay. He stood up, got out the car, just as his waistband buttoned up his newly made suit and walked into the, the hospital, at which point he collapsed. He still retained for whatever his politics, a a level of humor. He complained as they were cutting off his suit, that it'd just been made in Beverly Hills and this was gonna cost a fortune.
He also asked, as he was wheeled into the, the operating theater, he said, I hope none of, none of you are Democrats worrying that the people operating on him to save his life as his lung filled with blood would, would be from the opposite political party. Meanwhile, three other people lost their lives. Six bullets were fired in total and their series of ever larger guns were pulled outta the pockets of secret service detail, local law enforcement and everybody else. What I think is interesting to note, however, is that just as our cyber incidents today, the whole thing was played out in front of the world's media. So not only what you see here are some fantastic facial hair, large amount of guns, but you see two or three television cameras and as always a sound man who just isn't interested in anything that's happening in the world. Look at this, look at his face, is there holding his sound booms, trying to get the best sound.
What also played out was almost everybody who was wearing a hat lost their hat apart from one gentleman who if you see down here in one hand was holding, holding his hat. We'll come back to him in a little while, but this was the scrum that was played out just as the car was about to drive off. Secret service agent lost his life. One of the local law enforcement and White House press secretary whole thing captured on film on audio from a number of different things. Streamed, live streamed broadcast live on CNN at the time that gentleman holding his hat in one hand also didn't drop the briefcase that was handcuffed to his other hand, which contained the nuclear codes. And we think we've got a level of heightened nuclear awareness between east and west at this point in time. You know, I think, you know, in the eighties it was absolutely significant. This was on the same day that Reagan was expecting to issue an ultimatum to the Kremlin about not invading Poland to put down civil unrest. At this point in the process, control of the nuclear deterrent and control of those codes was lost.
The status of the president was unknown. It didn't take long for this whole thing to get out. But if you think about the, the, the sort of the, the fragile nature of the chain and resilience of the most important things, this was one of those that again we'll come back to. And at the same time, a little while later, the then Secretary of State stood up in the White House situation, room a room, I suspect a little bit different to this, but similar, unable to answer any question that the press were asking, Has the president been hurt? What's happening? Where is he
I dunno, I can't talk about that. And that wasn't because he didn't, he didn't feel able to talk about it. It's because he didn't know. So the communication lines between different branches of government, even right in the heart of Washington, were broken. And it's some, that's something we feel, What should you say to the press? When should you say it and how should you say it? What he decided stood up on that lectin in the White House,
Not knowing whether this was an attack of a lone gunman who was trying to prove his love for Jody Foster, which he was, or a state sponsors action at that moment of heightened, you know, political military crisis between east and west, not knowing what that was, that he would reinforce the absolute commitment to the world that the USA was in control. And he said, You have the president, the vice President and executive state, I'm in control of the White House. He was wrong. That's not the order that it goes through in the us. He was in no position to actually take control of or to tell the world that he was in control. It took further nine hours for that order. It's actually the speaker of the house comes third and at the same time in the situation room, you know, Casper Weinberger at odds were the head of the military about who could now control the military deterrent.
You had two Russian nuclear subs just off the eastern seaboard turning into four nuclear subs approaching an 11 minute strike distance from dc. So you had different branches of government, different branches of the military, an unknown critical situation with the president and the vice president was on Air Force two refueling in Dallas because Air Force two didn't have as much fuel in it as Air Force one. And he couldn't fly directly back to DC and wouldn't get back to DC for a, for a further nine hours. And that was a picture of vice president who remember only 70 days into this thing. They didn't have particularly, you know, amazing long working relationship. The crisis management protocols in the White House at the time had only just been discussed. And he was watching there, the president's attack, playing out on the news, some fabulous product placement from Pepsi there.
I think Coca-Cola CocaCola were quite upset about that. As it turns out, the submarine threat wasn't real. It was the end of the, sort of towards the end of the month when the two subs that can't continue to patrol the sort of the, the, the, the, the Soviet sub submarines were actually being replaced with another two. So that's why there were four. And yet I can't help thinking that a series of critical decisions and risk based decisions were, were missed in that entire process. I mean, you can ask, well how likely is that combination of events? How likely is that to play out? As it turns out, very likely there have been over 30 assassination attempts against sitting US presidents, right? Obama received letters laced with rice on two occasions sent to the White House. Shots were fired at the, the White House when he was there. One in five US presidents has been shot, four of them have been killed. If you remember, 20 years before Reagan was shot, a gentleman by the name of John F. Kennedy was shot and killed in Dallas.
It is, this is not a new risk for those facing the government, the secret service of the organization. And yet when you enter office in the us, there is a 67% probability that you will face an assassination attempt. We talk about security about not being if you're attacked, but when, and for me there's a really interesting parallel there. There's a very critical parallel which says, if you know there are people who want to attack you, they have a capability to do that. And there is very little you can do to control that external environment, then how on earth do you think about it? And my, my perspective is you take a resilience view, the view that says under moments in of extreme stress and pressure, pressure on crisis that may or may not be ongoing, how do you continue to maintain and operate your business or your organization?
There's no doubt that the US government was absolutely paralyzed for over a day had it not been the actions of one loan gunman who had previously tried to smuggle a gun into a political rally in Dallas and had expressed his love and desire and affection for Jody Foster and was proving to her that he would do anything for her. And I'm not sure that, that she appreciated that he was, you know, he, he was convicted, but he wasn't convicted of attempted murder. He was put away in a mental ho hospital forever 20, 25 years, he's now free.
But actually how you respond and how you continue to respond and how you don't paralyze your organization when certain key members either are taken out or aren't able to agree on the succession, on who's controlling the critical vital elements, I think is, you know, it's what we face every day, right? Do I think the Secret Service had adequately and fundamentally understood the risk both to the government but also the president, knowing that there will be a series of assassination attempts knowing that they'd lost a president only 20 years previously and that four outta five had been shot and killed had they understood the critical controls and the cordon around how to protect individual as they transfer from one moment to the other after the event, All sorts of things happened that now still exist within those secret service protocols. Metal detectors are used, the cordon is pushed further out, people are vetted. None of those things happened. There was no, no clear and integrated co coordination between the FBI and the Secret Service in terms of high risk individuals. And then in moments of crisis, how do you respond? Where do you go?
Actually the crisis bit worked quite well. They isolated the shooter. Reagan was put into the car, driven, changed. He was in the, within an operating theater having significant blood transfusion and a small bullet taken out of his, of, of his lung. Within a few minutes the communication component completely broke down. And the continuity of the government whilst being super planned and understood, constitutionally recognized actually for quite a number of hours was under, was under stress. Now it didn't fall apart, but it's important. What we need to do is to understand, and I'm sure we've all been in security incidents where we've, you know, you can relate to these things. There wasn't a shooting, there wasn't a president, there wasn't Air Force one, Air Force two, however, the same principles apply. Are we able to predict left of boom, left of the event where and what and how we think our organization's gonna be targeted and or disrupted.
Cuz the target and the attack is just part of it, right? The disruption is a key piece we need to mitigate. Can we plan for that? And again, can we practice and do we do those things? Is what I ask my teams to do is think about these things. Yes, you can predict with a certain amount of certainty, not how you will be attacked, but the disruption that will ensue, plan and then practice for it. And then I always say resilience has to be put into context of the risk that you understand to your organization, your critical functions and the volatility of the world around it. These, these are not isolated incidents, they are not isolated concepts, but put them together. So we genuinely believe that every single organization has a right to cybersecurity, no matter their size, right? If all of the resources of the US government to protect the single figurehead in the president can get it and find it so hard on so many occasions, then I think we all are, you know, have it beholden on us to, to take these things very, very seriously and think about the resilience of our own organizations, families, and, and customers. Thank you.

Stay Connected

KuppingerCole on social media

Related Videos

Webinar Recording

Unify Identity and Security to Block Identity-Based Cyber Attacks

Join security and identity experts from KuppingerCole Analysts and ARCON as they discuss the importance of securing enterprise credentials, explain why a unified identity security approach in line with Zero Trust principles improve security and efficiency, and describe how to combine…


Recap Cybersecurity Leadership Summit 2022


Key Findings on Malign Information, Misinformation, and Cyberattacks

Ksenia Iliuk, Head of Research at Detector Media, Ukraine tells us about some key findings of their research in the media landscape of Ukraine. Find out what she has to say about Telegram and what it has to do with #cybersecurity .

Webinar Recording

Effective IAM in the World of Modern Business IT

Digital Transformation promises lower costs, and increased speed and efficiency. But it also leads to a mix of on-prem and cloud-based IT infrastructure, and a proliferation of identities that need to be managed in a complex environment. Organizations adopting a Zero Trust approach to…

Analyst Chat

Analyst Chat #149: The Top 5 Cybersecurity Trends - Looking Back at CSLS 2022

Deep Fakes, AI as friend and foe, Business Resilience, Mis-, Dis- and Malinformation: The Cybersecurity Leadership Summit has taken place in Berlin and covered all of this and much more. Martin Kuppinger and Matthias look back on the event and identify their Top 5 Trends from CSLS2022 in…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00