 |
Transparency
4 June 2024 | by In the realm of IT, there are best practices for managing system outages, and then there are examples of what not to do. The recent actions of the ARRL exemplify the latter. Today, HQ released an update stating that they were “the victim of a sophisticated network attack by a malicious international cyber group” and that they “quickly established an incident response team.” However, it took them 21 days to provide this detailed update.
As an IT professional, I have encountered numerous challenges and learned valuable lessons over the years. One of the most critical aspects of managing an outage is communication—clear, frequent, and transparent communication. It is essential to over-communicate during such times. Additionally, having a visible leader who represents the response effort is crucial. An effective “incident response team” should not only consist of technical experts working behind the scenes but also include individuals who manage communications, reassure stakeholders, and provide key information such as estimated restoration times.
ARRL has often been subjected to unwarranted criticism, but this situation is a result of their own missteps. I question whether the attack was all that sophisticated, sensing that it was a common ransomware attack. We await the final report for details, assuming it is made public. While technical shortcomings can be understandable and even forgivable, the poor communication and lack of transparency in this instance are not. The recurring sentiment from ARRL, echoing past incidents, seems to be, “You don’t need to know.”
This article was originally posted on Radio Artisan.
5 Responses to “Transparency”
 Ham Radio Deluxe |
 Ham Radio Prep |
 Ham Radio School |
 KB3IFH QSL Cards  Hip Ham Shirts  HamRadioAuctions Reliance Antennas Enigma Shop |  morseDX  Ni4L Antennas  R&L Electronics antennas.us Ears to Our World |
- Matt W1MST, Managing Editor
Well, *everyone* said we needed to get more HACKERS to join amateur radio to grow our numbers. Looks like that recruitment plan actually worked! 🙂
In addition, the ARRL response has been unprofessional. In crisis management (which this is) the first rule is to the first with the information, communicate often and be as transparent in those communications as possible. I give the ARRL a big failure here. Jim
Now if we could only get the hackers to run LOTW, rather than taking it down 🙂
Just another example of how poorly the ARRL is being managed.
And the sad thing is, it didn’t have to be this way. Imagine if the ARRL CEO, or someone (anyone), posted a three minute video every other day. Just say what’s going on today, perhaps pan the camera over to the folks working on this, and say, “sorry”, “hang in there with us”, “we got this”. It would do so much, putting a human face on this and making it feel like we’re all “in the know” and we have the inside scoop.