Beyond the Code: Mastering Non-Technical Skills in Cyber Crisis Management
You are currently viewing Beyond the Code: Mastering Non-Technical Skills in Cyber Crisis Management
Beyond the Code: Mastering Non-Technical Skills in Cyber Crisis Management

What are Non-Technical Skills (NTS)?

Non-technical skills (NTS) are cognitive, social, and personal skills that are crucial for effective performance in high-pressure and complex environments. These environments can be found in a range of high-consequence industries including aviation, healthcare, emergency services, military operations, and cybersecurity.

Despite the import of NTS, there has yet to be a significant discussion about NTS for cyber crisis response. Normally, industry experts talk about technical and professional skills (IT, incident response, cyber theory, knowledge of regulatory policies and best practices) but they rarely talk about non-technical personal or soft skills, such as communication, teamwork, problem-solving etc. Yet, NTS are essential in the high-pressure environment of cyber crisis response. By providing cyber crisis response teams with essential NTS, they are better equipped to prevent financial losses, protect public safety, and preserve an organization’s reputation.

How NTS apply to cyber crisis response:

1. Communication – Effective communication between the leadership team and the Security Operations Center (SOC) team is vital during a cyber crisis. The SOC team must be able to clearly and concisely communicate the status of the organization’s IT assets to the management team and management must be able to make timely and informed decisions and accurately communicate them to the SOC team. This two-way communication is essential for the organization to effectively respond to an attack.

Communication between these teams is not always part of a day-to-day business. That means it requires practice. Teams need to get used to communicating around these issues. Key individuals need to get to know each other a bit. Stunted communication can make for slow decision making, and while not all crisis decision making always needs to be fast, it does always need to be based on accurate, timely and effective communication.”
Ben Hockman, Crisis Simulation Director, Cyberbit

2. Leadership and teamwork – Essential to overcoming a crisis is effective leadership and teamwork. New Zealand Prime Minister Jacinda Ardern embodied this during the COVID-19 pandemic, working closely with other government officials, health experts, and businesses to develop and implement a response to the pandemic. As a result, New Zealand was one of the most successful countries in the world in managing the COVID-19 pandemic. Cyber crisis response is no different. Leadership teams must be able to lead, coordinate, and work collaboratively with other members of their crisis management team and the SOC team. They must know how to delegate, be adept at conflict resolution, understand when to be assertive, and be agile and capable of adapting quickly to different team dynamics.

3. Situational awareness – Situational awareness is a hallmark of successful crisis management. In an interview with Captain Chesley “Sully” Sullenberger, who famously and masterfully landed US Airways Flight 1549 on the Hudson River after both of the plane’s engines were disabled by a bird strike, he emphasized the importance of situational awareness during a crisis:

We have to have situational awareness–we have to be able to create a mental model of our reality. We have to be good risk managers, be mindful, we have to understand our process so we can sensitize ourselves to risk. Bad outcomes are rarely the result of a single failure but are instead the end result of a chain of events, and when we sensitize ourselves to risk and are able to identify it proactively, we can break the chain and have a good outcome.”

The same holds true for cyber crisis management. Shared situational awareness is what builds a mutual understanding of the goals the organization is working to achieve. Both management and SOC teams must be able to comprehend a crisis by assessing its risks and monitoring any changes in the environment. They must be able to perceive, comprehend, and anticipate the potential consequences of a crisis as well as the actions taken in a crisis, such as the release of data to the public domain if a ransom is not paid.

4. Decision-making – Cyber crises are complex and fast paced, requiring swift and informed decisions from management. Leadership teams must be capable of critical thinking, problem solving, and managing uncertainty. They must consider incoming information, weigh different options, and evaluate potential consequences, such as what could happen if a press release on a crisis is not issued immediately. The crisis Joseph Blount, CEO of Colonial Pipelines, faced in May of 2021 is a case in point. When the company was breached by Russian-based hacking group, Darkside, Blount had to make a difficult and time-sensitive decision about whether to pay Darkside a ransom, ultimately deciding to authorize the payment because management was not sure how badly the attack breached its systems or how long it would take to bring the pipeline, which supplies almost half of the East Coast’s fuel, back online. Blount said he made the highly controversial decision because “it was the right thing to do for the country”.

5. Problem-solving – The 1982 Tylenol crisis, considered a textbook example of how to handle a crisis, still resonates today. When a malevolent person replaced Tylenol capsules with cyanide-laced capsules, resealed them, and reshelved them in six pharmacies and food stores in Chicago, causing the deaths of seven people, Tylenol found itself with a major crisis on its hands. James Burke, who was the Johnson & Johnson chairperson at the time, quickly formed a plan to solve the entire incident, first addressing how to protect consumers and then how to save the product. Later, Tylenol developed the first-ever tamper-resistant packaging as part of the problem-solving plan to handle the crisis effectively. In the same way, SOC teams must be able to problem solve crises by identifying and analyzing current threats, working with the leadership team, and applying logical reasoning, creativity, and systematic approaches to contain and resolve incidents.

6. Stress management – Cyber crises are high-pressure environments, and they require professionals who can remain composed and manage their emotions whether they are making decisions or responding to threats:

There is no victory condition for security; cyber professionals often deal with one issue, then move right on to the next risk, the next event, the next incident — taking a toll on their mental health.”
Aaron Kiemele, CISO at Jamf

Both management and SOC teams must have the capability to handle stress effectively. Stress management involves self-regulation, emotional intelligence, resilience, and the ability to manage one’s own emotions and responses under pressure.

Building-your-NTS-1-938x1024

Can you Build NTS Skills for Crisis Response Stakeholders?

Crisis simulations have been used in multiple industries to develop and validate NTS, which are best learned through practice rather than textbook learning. Three examples include the healthcare, aviation, and oil and gas sectors:

  • Healthcare – An increasing number of healthcare providers, especially since the COVID-19 pandemic, have begun conducting crisis simulations to develop surgeons’ NTS in operating theaters and improve patient outcomes. In these simulations, surgeons must demonstrate exemplary teamwork, leadership, and communication skills as they work in a high-pressure environment. This type of simulation-based training has become an integral part of modern-day medical education. (Source: Smartsheet 2020)
  • Aviation – Crew Resource Management (CRM) skills are non-technical skills that were introduced following aviation accidents attributed to human error. Follow-up investigations of the accidents revealed that most of the errors were related to failures in teamwork rather than a lack of knowledge or skills. As a result, the aviation industry introduced simulation-based training into CRM courses to improve collaboration between team members. CRM training courses have since become the gold standard for aviation training. (Source: SKYbrary)
  • Oil and gas – The oil and gas industry is one of the most critical industries, with workers’ safety being a top priority. From drilling to transportation, workers face hazardous conditions that require quick thinking and decisive action. To mitigate these risks, simulation training has emerged as the industry standard for preparing workers to handle crisis situations safely and effectively. (Source: International Safety Training College)

But how can cyber leadership develop NTS skills?

Cyberbit has built a platform for cyber crisis simulation with NTS in mind and capable of simulating the reality that cyber crises are highly unpredictable and have a range of potential variables that influence how attacks play out and how decisions are made.

Cyberbit’s crisis simulation exercises bring leadership and SOC teams together in real-life cyber incident scenarios, allowing leadership teams to prepare for the non-technical management challenges and dilemmas they will encounter in real incidents. The live-fire cyber-attack scenarios are run on the Cyberbit cyber range wherein the SOC team investigates and responds to the incident and escalates decisions and information to the leadership team. The leadership team then makes decisions, based on the information provided by the SOC team, to mitigate the immediate and long-term impact of the attack. The live-fire exercises include real-world cyber-attack scenarios like ransomware, keylogger, supply chain, and denial-of-service attacks. Decisions made are evaluated in real-time according to a range of KPIS such as reputation, operational capacity, stock value and others.

The efficacy of cyber crisis simulations such as these has been proven by organizations around the world. Here are just a few examples:

GLOBSEC – The GLOBSEC 2019 “Disruptive Dilemmas” exercise in Bratislava, Slovakia simulated real-world interactive crisis simulations challenging diplomats, policy makers, think tank representatives, and leaders from the private sector and civil society. The simulations covered a wide range of topics such as using cyber and artificial intelligence in managing refugee crises at sea, cyber security challenges posed by foreign investments, and leveraging cyber capabilities in the battle against disinformation. The exercise encouraged participants to use cognitive and emotional intelligence to formulate solutions for complex, hypothetical cyber crises. (Source: GLOBSEC)

ENISA – ENISA runs large-scale real-world cyber crisis simulations that provide IT-security and crisis management teams an opportunity to test their playbooks and procedures for dealing with complex business continuity and crisis management situations. (Source: ENISA)

World Bank – The World Bank has conducted more than 30 crisis simulations exercises for the financial sector since 2008, with many of the exercises simulating cyber incidents as the triggers of financial instability. The crisis simulations involve key stakeholders, such as Board Members and Senior Management, where participants “learn-by-doing” and practice information sharing and coordination among decision makers. (Source: World Bank)

Cyber crisis simulations give leadership and SOC teams an opportunity to develop and hone crucial NTS skills such as decision-making, critical thinking, problem solving, teamwork, leadership, and communication, leading to exceptional levels of collaboration and communication between teams and optimized decision making. In the evolving world of cybersecurity, NTS should be used as an additional framework for evaluating and testing our cyber crisis response capabilities, and we must develop NTS for all stakeholders involved in cyber crisis response.

Source: https://www.cyberbit.com/cyber-crisis/beyond-the-code-mastering-non-technical-skills-in-cyber-crisis-management/