Incident Response (CircleCI)

CircleCI issued the first statement in the official blog and the email to the users about a security incident. The report told that “User immediately rotate any and all secrets stored in CircleCI”

I believe many customers were in panic for some reason presumably below

• “We don’t know what variables in secrets in CircleCI”
• “We don’t know the scope of variables to be rotated”
• “We don’t know how to rotate the secrets in CircleCI”

The post also said, “rotate any and all secrets stored in CircleCI for ALL PROJECT”. Now you will panic more if you have many projects with the secrets and owners of projects that are unknown or non-documented.

There might be a war room or all the tech guys gathering in the company and discussing the incident seriously. But I believe many companies would not be ready the response to the security issue or even ignore that.

At this point, it’s time to talk about security 101 and the best practice.

The basic goal of incident response is

• Identify the SCOPE of the attack operation
• Identify the objective of the attack, if possible
• Find the business-critical data, customer impact, and FOCUS
• Coordinate with all crisis teams and clarify the roles and responsibilities.
• Business & customer first