Cyber Disaster Planning (CDP):- Attacks on cyberinfrastructure are known as cyber disasters. The cyberinfrastructure includes electronic information and communications system, and the information contained in those systems. Critical infrastructure is the main target of cyber terrorists.
Cyber Disaster Planning
All the sectors of critical infrastructure are connected to the Internet. So, any cyber attack launched via the Internet can cause disaster as all the sectors of critical infrastructure are connected via the Internet.
Disaster is an emergency situation; it includes cyber attacks, cyber terrorism, acts of information warfare and natural disasters. In the case of a disaster, it is the responsibility of the IT manager to return an organization to normal functioning.
Disaster recovery planning in cyberspace is necessary to ensure the continuity of vital business processes after a disaster. All the business processes require information for their proper functioning.
There are various threats to information resources of an organization such as viruses, DNS attack, DoS/DDoS attacks, web defacement, hacking, intrusions, semantic attacks misuse of access points and natural disasters.
Disaster recovery in an IT environment refers to the recovery of computer systems, software, information systems, etc. The disaster recovery plan must include all the actions that are to be performed before, during and after a disaster.
Cyber Disaster Planning
In recent years, disaster recovery planning has taken a new direction as disasters in cyberspace require a different approach to deal with. Cyber crimes like hacking, malware dissemination network attacks, etc. require a different approach to handle.
Cyber disasters target the confidentiality integrity and availability features of information security. Information is power, unavailability of information causes a severe loss.
Organizations like banks, airlines railways, process automated manufacturing companies, and hospitals have many critical applications, which are their lifeline. In all such cases, a disaster recovery plan is a prime necessity.
It specifies the procedure of recovery action when a disaster occurs. It fixes roles and responsibilities on individuals to deal with the crisis situation.
It includes various measures such as:
- Alternative processing arrangements.
- Duplicate and offsite storage of data, hardware, and software.
- Choice of systems and applications, which should run, in any case.
Guidelines for Cyber Disaster Planning
- Protection of critical infrastructure especially critical information infrastructure of a country is required.
- Business Impact Analysis should be conducted to identify and prioritize critical information systems.
- Backup and recovery plan is a critical part of cyber disaster planning. Companies generate large amounts of data and information. Proper backup should be obtained and maintained. Backup media should be kept at a remote and safe location.
- Identify the vulnerabilities of critical infrastructure. Vulnerabilities in Internet and telecommunications infrastructure can be misused to cause a disaster.
- The operating system, applications, and software of the computer system should be up-to-date. Vendors issue security patches time-to-time to protect computers from newly discovered viruses.
- Each file and software should be scanned before a downloading.
- Removable media should be scanned before using on the computer system.
- Firewalls should be used.
- Avoid clicking on the suspicious links and downloads.