Why Your Incident Response Program is Critical
Police think that hackers hacked the pumps at a Detroit area gas station allowing drivers to get free gas.
Ten cars figured it was okay to steal gas from “The Man” to the tune of about 600 gallons. While 600 gallons of gas is not the end of the world, it does make a point.
The article said that the gas station attendant was unable to shut off the pump that was giving away free gas for 90 minutes until he used something called an emergency kit.
This happened at 1:00 in the afternoon – in broad daylight, a few minutes from downtown Detroit, so this is not a “in the dark of night in the middle of nowhere” kind of attack.
One industry insider said that it is possible that the hackers put the pump into some kind of diagnostic mode that had the pump operate without talking to the system inside the booth.
In the grand scheme of things, this is not a big deal, but it does make a point.
If the gas station owner had an incident response plan, then it would not have taken 90 minutes to turn off the pump.
For example, the circuit breakers that power the pumps in the tanks are in the booth where the person is. I PROMISE that if you turn off the power to the pumps, you will stop the flow of free gas. Then you can put a sign on the pumps that say that you are sorry, but the pumps are not working right now.
This time is was a gas station, but next time, it could be much worse.
But the important part is that you need to have an incident response plan.
The article said that the didn’t call the police until after he figured out how to turn off the pump after 90 minutes. Is that what the owner wants to happen?
It doesn’t say if he talked to the owner during that 90 minutes.
Is there a tech support number he should have called to get help?
Bottom line is that even a low tech business like a gas station needs a plan.
You have to figure out what the possible attacks are. That is the first step.
Then you have to figure out what the course of action should be for each scenario.
After that, you can train people.
Oh yeah, one last thing. How do you handle the scenario that you didn’t think about?
That is what incident response plans need to be tested and modified. Nothing is forever.
Information for this post came from The Register.