Chernobyl disaster main lessons for CyberOps in 2019

So, what can be learned from the Chernobyl disaster and how it can be implemented in Cyber security operations?

Lately, everyone is talking about the new HBO miniseries, Chernobyl, portraying one of the biggest man-made disasters which happened 33 years ago near a small city of Pripyat. Chernobyl was an RBMK type nuclear power plant that was designed and operated under the USSR.

So, what happened?

It all started from a safety test that was conducted to prepare for a potential power outage in the plant, relying on several diesel generators to supply electricity during the event and help pump water to the reactor to keep it cool. Other, similar tests were conducted in the past with no success to solve the issue and without any critical incidents but during the 4th test, a chain of mistakes made by the test crew and the supervisor who didn’t follow proper procedure (also, design flaws in the reactor itself), led to a number of explosions in reactor no. 4 and eventually the release of radioactive materials into the air.

What can be learned and implemented in cyber security?

Having procedures and properly using them, prepare you for when your reactors reach critical mass (or in our case, a breach/malware is discovered). Conducting known checklists in case of a disaster can mitigate or reduce the intensity of the situation (just like pilots have in case of an emergency). 

Of course, preparing the procedures isn’t enough:

  1. Consider every possible and even impossible scenario in your organization in case of a breach or an attack and how to handle it, step by step.
  2. Practice-Practice-Practice, and if I didn’t mention it, PRACTICE! Constantly repeating a scenario and understanding how to handle it, makes sure you and your team are ready for a really bad day.
  3. Practice every scenario in a safe environment and do it as real as possible. Don’t forget to debrief, learn from each practice and where are the faults that need fixing and how to recover faster, this helps improve for next time.

Is there any special procedure using our solution?

Well, yeah! Since we’re focusing on preventing a potential attack, our procedure is as follows

✔ Get an alert

✔ Check the event

✔ Drink coffee

✔ Breath

✔ Smile 🙂

For more information, just email me and I’d be happy to help
hen@deceptivebytes.com