A major U.S. federal law enforcement agency, challenged with supporting private sector businesses with significant threats at home and abroad, turned to Bryghtpath to develop a new communication and incident management strategy to ensure rapid notification and ongoing collaboration during a major incident or threat.
The threat to the U.S. private sector from global cybercriminals, nation state actors, and violent extremism led this major federal law enforcement agency to realize that its approach to assisting the private sector during a major incident or threat was stuck in the slow-moving days of past threats. We were retained by the agency to determine the needs of the private sector, develop a new communication and incident management strategy to fulfill those needs, and fully integrate this process into the agency’s existing operational approach.
Approach and Results
We began this five-month effort with a discovery phase consisting of interviews with key stakeholders, operations center sta , and private sector Chief Security Officers (CSOs) that had regular interaction with the agency. We worked with the agency to publish a survey to a group of more than 400 private sector CSOs to dig deeper into their needs.
Together, these efforts helped us ascertain several key success factors for this effort, including the need for rapid initial communication following a major incident or threat, the challenge of regular updates throughout a rapidly evolving situation, and key connection points for information internal to this agency.
During the ideation phase, we worked with the agency’s private sector unit and CSO advisory board to develop a set of incident management concepts that we believed would fulfill the needs of both the agency and the private sector companies impacted by a major incident or threat. We then worked to develop communication strategies, processes, and templates that would enable simple, actionable intelligence information to be published to private sector partners within an hour of a major incident or threat.
In addition, we developed an escalation process where a private sector company could contact the agency on a 24×7 basis to gain additional support for a major incident or threat that impacted their company.
We then worked with the agency’s operations center and field staff to clearly define the interconnections between the private sector incident management process and the routine, ongoing operations of the agency.
We are currently in the process of fully implementing this process with the agency as a follow-on engagement.