CyberCPR's Design

CPR was designed on the front line of cyber conflict

Initial concepts

Like many technologies, CPR was designed on the front line of cyber conflict.  In mid 2012 Logically Secure IR staff were working both on-site and remotely and they needed a solution to efficiently collaborate, plan and support their clients.  They found that many of the organisations being attacked were using Microsoft Excel and Outlook for their case management and tracking; a solution that had neither scale nor security as part of their feature sets.

We found that while email was almost universally relied upon for information sharing, it had on occasion, allowed attackers to monitor the security and administration teams’ efforts to remediate the situation.

Our aim was to simplify and secure the sharing of information so that teams could see all the case details and discuss them away from prying eyes.

We wanted a solution where uploaded files were securely stored and that only selected team members could see and review the case data.

The name ‘Cyber CPR’ comes from Crisis Planning Room; a safe place where you go to plan and co-ordinate actions to avert or deal with an event or incident that affects your organisation.  The reference to Cardio Pulmonary Resuscitation is intended, as for some organisations that are mid-breach, what we offer is very often, emergency support.

Development approach

We tried several solutions and conducted public Alpha and Beta trials with both as we matured the technology.

Here are some of the internal versions of CPR and an early Alpha release (last screenshot)

Click on the screenshot to view at larger size

Progress was ‘interesting’ as productising a tool we used internally brings interesting challenges, in terms of stability, security and scale-ability.  There was many a heated whiteboard session over crucial aspects, like the core database, such was the passion and determination to get key aspects right.

However, throughout this process and at every stage we got great industry feedback on bugs and improvements which we have tried to incorporate where time and security have permitted.

As part of the development process we also patented the concepts and methodology that CyberCPR is built upon (you can read the patent here). 

Need to know

One of the core aspects of CyberCPR’s security model is the ‘need to know’; this means that only staff that are added to an incident can see the information relating to that case.

They cannot search for it and any links they click to access aspects of the case will both be blocked and alerted to administrators. See more on the CyberCPR Security page.