The push to modernize federal IT systems gained new urgency this year with the introduction of the White House’s National Cybersecurity Strategy, which calls for federal agencies to “invest in a resilient future” through “next-generation technologies and infrastructure.” In response, the Office of Management and Budget (OMB) has begun a push to help agencies sunset legacy systems and processes in favor of modern solutions that are more efficient and secure.
Paper is perhaps the most legacy system of all and yet is still used regularly to create voluminous playbooks for everything from cybersecurity plans to natural disaster responses. People’s roles and responsibilities are meticulously detailed and mapped out across hundreds of pages that might be outdated the moment they are printed, assuming they are even read or followed.
Traditional playbooks are the antithesis of modernization and agencies would do well to move on. Instead, they should consider building automated digital playbooks for better incident response.
What is a digital playbook?
A digital playbook isn’t just a digital representation of a several hundred-page emergency response guide. Digital playbooks combine strategic and tactical documentation, automated checklists, real-time collaboration, clear instructions, and more. They ensure that everyone on a predetermined incident response team understands who’s doing what, who needs to do what, and when all of it needs to happen.
Let’s say an agency experiences a highly sophisticated cyber-attack. Mitigating the damage requires a coordinated response from a number of different teams, including IT, cybersecurity, and other units, and even members from other agencies. Everyone must get together quickly to initiate a rapid response, and they need to be able to coordinate and communicate with one another in real time. There’s no time to flip through a printed playbook to find roles and next steps; they need to act immediately.
Digital playbooks include repeatable checklists that automate the steps necessary to respond to and remediate such an issue. Teams and individuals are assigned their own roles in the process. When they complete their responsibilities, they check off their tasks and the playbook automatically notifies the next group of people that they’re up next.
The rapid response process can be initiated by a simple set of preset keywords typed in by an incident response manager–”remote code execution vulnerability,” for example. This triggers a run of commands and alerts telling teams to get mobilized. From there, team members can communicate and collaborate with each other through specified, invitation-only, highly secure channels. The need to spend time picking up a phone or typing an email is greatly reduced.
All the while, incident response managers can see where things stand at any time in the process. That process is automatically documented so that teams can view after-action reports on what worked, what did not, and what can be improved. With this information in hand, they can optimize their playbooks for better decision quality and decision advantage when managing future incidents.
Use cases for digital playbooks
While digital playbooks themselves are a modern IT solution, they can also be instrumental in helping agencies manage their other modernization projects. Large-scale initiatives that require hundreds of personnel hours and input from multiple teams can be made more efficient and manageable through better collaboration and task automation.
Playbooks can help agencies manage access rights, which is vital to Zero Trust cybersecurity. Government employees are continuously moving on to different roles or agencies, and it can be hard to know when to change or turn off their privileges. A playbook can be set up to alert security managers when to remove or add an employee to an authorized user list, ensuring that only authorized users have access to information.
Digital playbooks can also help government agencies react more quickly to other challenges, from the mundane to the life-threatening.
For example, natural disaster response times and processes can be significantly improved. Hurricanes, tornados, and other large-scale weather events necessitate precise coordination between the Federal Emergency Management Agency (FEMA) and state and local authorities. Digital playbooks provide a platform through which all team members, regardless of where they are located or the device they are using, can rapidly coordinate response and rescue efforts to more effectively help people in need.
The roles of open source and AI
These use cases exemplify the power of a digital playbook built on open standards. The type of collaboration, automation, transparency, and orchestration contained within a playbook is only made possible by technology that allows for secure yet open integration between different teams and platforms.
Open source is also where some of the most advanced and exciting work in artificial intelligence (AI) is happening–and AI is a critical component of any digital playbook. A digital playbook should not only be a platform for collaboration, but a way to build evolving contingency plans based on situational context and intelligence gathering.
For example, task owners might be assigned to find out information about a particular incident and report their findings back into the system. The system should be able to collect all of that data, analyze it, and translate it into actionable intelligence that informs the next set of tasks and responsibilities. The playbook changes as the situation changes so all team members receive the most accurate and up-to-date information for a more effective response.
Updating federal incident response policy is a key tenet of the National Cybersecurity Strategy, and there’s no better way to meet requirements than by implementing digital playbooks. They can help agencies develop and execute their response efforts more effectively, productively, intelligently, and quickly, resulting in faster time to resolution for incidents both small and large.
Barry Duplantis is vice president and general manager, North America Public Sector at Mattermost, an open-source, self-hostable online chat service with file sharing, search, and integrations
Have an Opinion?
This article is an Op-Ed and the opinions expressed are those of the author. If you would like to respond, or have an editorial of your own you would like to submit, please email C4ISRNET and Federal Times Senior Managing Editor Cary O’Reilly.