Abstract
Cyber incident crisis management protocols often overlook the importance of crisis communication. This paper reviews the crisis communication literature to define explicit communication strategies for each stage of a cyber incident. We applied the proposed model to analyze the Norsk Hydro case: a Norwegian aluminum and renewable energy company halted operations due to a ransomware attack. By combining traditional communication outlets and social media, the company kept high transparency of their recovery operation, with frequent (i.e., agile) updates about the cyber incident. The positive presence of Norsk Hydro on social media allowed them to manage reputation throughout the process. Employees’ creativity and loyalty were crucial in the recovery process, and it was promptly publicized globally. This empowered other employees at other branches to act creatively and inspired the community. We conclude the study by suggesting the agility, transparency, and positive reinforcement were the success factor of this crisis communication operation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Employees find creative solutions in response to cyber-attack, April 2019. https://www.hydro.com/en-NO/about-hydro/stories-by-hydro/employees-find-creative-solutions-in-response-to-cyber-attack/
Operational and market update q12019, April 2019. https://www.hydro.com/Document/Index?name=Hydro%20Q1-2019%20Update&id=42133
Cimpanu, C.: Protonmail ddos attacks are a case study of what happens when you mock attackers, June 2018. https://www.bleepingcomputer.com/news/security/protonmail-ddos-attacks-are-a-case-study-of-what-happens-when-you-mock-attackers/
Coombs, W.T.: Ongoing Crisis Communication: Planning, Managing, and Responding. Sage Publications, California (2014)
Cornelissen, J.P.: Corporate communication. The International Encyclopedia of Communication (2008)
Goodwin, C., et al.: A framework for cybersecurity information sharing and risk reduction. Microsoft (2015)
Haass, J.C., Ahn, G.J., Grimmelmann, F.: Actra: a case study for threat information sharing. In: Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security, pp. 23–26. ACM (2015)
Hydro, N.: Cyber attack on hydro magnor, April 2019. https://www.youtube.com/watch?v=S-ZlVuM0we0
Hydro, N.: The cyber attack rescue operation in hydro toulouse, April 2019. https://www.youtube.com/watch?v=o6eEN0mUakM
Kulikova, O., Heil, R., van den Berg, J., Pieters, W.: Cyber crisis management: a decision-support framework for disclosing security incident information. In: 2012 International Conference on Cyber Security, pp. 103–112. IEEE (2012)
ProtonMail: a brief update regarding ongoing ddos incidents, July 2018. https://protonmail.com/blog/a-brief-update-regarding-ongoing-ddos-incidents/
Steelman, T.A., McCaffrey, S.: Best practices in risk and crisis communication: implications for natural hazards management. Nat. Hazards 65(1), 683–705 (2013)
Sveen, F.O., Sarriegi, J.M., Gonzalez, J.J.: The role of incident reporting in reducing information security risk. In: Twenty Seventh International Conference of the System Dynamics Society. The System Dynamics Society (2009)
Van Veelen, B., Storms, P., van Aart, C.: Effective and efficient coordination strategies for agile crisis response organizations. In: Proceedings of ISCRAM 2006 (2006)
Veil, S.R., Buehner, T., Palenchar, M.J.: A work-in-process literature review: incorporating social media in risk and crisis communication. J. Contingencies Crisis Manage. 19(2), 110–122 (2011)
Von Solms, R., Van Niekerk, J.: From information security to cyber security. Comput. Secur. 38, 97–102 (2013)
Weiner, D.: Crisis communications: managing corporate reputation in the court of public opinion. Ivey Bus. J. 70(4), 1–6 (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Aoyama, T., Sato, A., Lisi, G., Watanabe, K. (2020). On the Importance of Agility, Transparency, and Positive Reinforcement in Cyber Incident Crisis Communication. In: Nadjm-Tehrani, S. (eds) Critical Information Infrastructures Security. CRITIS 2019. Lecture Notes in Computer Science(), vol 11777. Springer, Cham. https://doi.org/10.1007/978-3-030-37670-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-37670-3_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37669-7
Online ISBN: 978-3-030-37670-3
eBook Packages: Computer ScienceComputer Science (R0)