Incident response is usually a deeply technical forensic investigation and mitigation for an individual organization. But for incidents that are not merely cyber crime but truly national security events, such as large-scale disruptive attacks that could be acts of war by another nation, the process is completely dissimilar, needing a different kind of thinking.
This talk will discuss exactly how, detailing the flow of national security incident response in the United States using the scenario of a major attack on the finance sector. The response starts at individual banks and exchanges, through the public-private sector information sharing processes (like FS-ISAC). Treasury handles the financial side of the crisis while DHS tackles the technical. If needed, the incident can be escalated to the military and president especially if the incident becomes especially disruptive or destructive. The talk examines this flow and the actions and decisions within the national security apparatus, concluding with the pros and cons of this approach and comparing it to the process in other key countries.