Friday, 17 October 2014

Anonymous hack, or do they?

Yesterday I took part in some training for University Incident Managers in how to handle the media if you're in the middle of an incident. I'm one of about 10 people who are trained to handle a University major incident, and although we wouldn't expect to be key spokespeople, we might be expected to give some sort of interview, and there's always the chance we could be "doorstepped".

Although the day was fun, and we had lots of laughs in our small group of 5, it was also very scary, mainly because it was so realistic! It was run by two professional broadcast journalists, and we had to take part in interviews which were recorded and then played back and pulled apart. It didn't help that the "incident" was an IT security one, so I got very special treatment!  First up we were given a briefing that there were reports that "Anonymous" had hacked our system and published lots of data - usernames and passwords, sensitive research information, credit card details - anything you could think of that you wouldn't want published. With only a small amount of information we had to do a TV interview where we were asked very probing questions.  We all did it and it was then played back and we analysed how we'd all done. As the IT Director, to the opening question 'this is a very worrying situation isn't it?", I answered "Yes, it is a very worrying situation". Of course it would have been for me (in real life I would have been considering whether to resign or not....), but it was completely the wrong answer. I'm pleased to say I recovered eventually. After lots of discussion we did two more interviews - a "down the line" one, where you are in one studio and the interviewer is somewhere else. And a simulated live radio interview on BBC Figve live with a very aggressive presenter which was really tough. My opening question was "are you going to resign?"

Of course, the scenario eventually played out to reveal that there had been no major security breach, and that what had happened was that a departmental site developed by an academic, outside of our central systems had been compromised. There had been a data breach, but it had been contained and our central systems had remained secure. Totally fictitious of course...
An excellent day, and I do feel better prepared to face the media. As long as I can remember to slow down, and not say "Absolutely"


Chris W said...

Glad you enjoyed it!

Peter A said...

Can you shed more light on..
I answered "Yes, it is a very worrying situation". ... but it was completely the wrong answer.
- why is that wrong - and what's better?