Global Resilience Federation

Now available for download is the March issue of the GRF monthly newsletter. In this issue you will find info about the preliminary AAR for the AI Interrupted tabletop exercise, a call for review of the Operational Resilience Framework v3, and an invitation to join @OT_ISAC for an event in the Philippines, among other news: grf.org/newsletter-mar…

U.S. and Israeli Strikes on Iran and Tehran’s Retaliation Wednesday, March 18 at 2pm ET Register here: us02web.zoom.us/webinar/regist… Join the GRF Business Resilience Council for a briefing from Austin Warnick, Director of National Security Intelligence at @FlashpointIntel. Austin will address: -Kinetic Expansion: Analysis of combat operations and strikes within Iran and across the broader region -Cyber Landscape: Assessment of current threat actor activity, digital disruptions, and intercepted “chatter” -Strategic Perspective: The Flashpoint outlook and projections for the next phase of the conflict

Calling for Public Review of Operational Resilience Framework version 3.0 The Operational Resilience Framework (ORF) Working Group is now calling for public review of version 3.0 of the framework. Please visit grf.org/orf to download the copy and provide comments. Traditional disaster recovery and business continuity efforts have focused on data recovery with little regard for providing services in an impaired state. In 2021, Global Resilience Federation’s Business Resilience Council (BRC) launched a multi-sector working group to develop the ORF to help solve that challenge. The framework provides rules and implementation aids that support a company’s recovery of immutable data, while also – and uniquely– allowing it to minimize service disruptions in the face of destructive attacks and events. In 2023, the working group release version 2.0 which augmented the framework with a maturity model. In 2025 and 2026, version 3.0 was developed, focused on incorporating feedback about prior iterations and strengthening principles of collective resilience. The ORF Working Group encourages you to review the document and provide your feedback to Brian Katula at bkatula@grf.org.

On January 28, the Business Resilience Council hosted the first of three iterations of the virtual tabletop exercise “AI Interrupted.” This After Action Report (AAR) covers initial findings from the event and will be combined with analysis and reporting following the subsequent iterations. As AI becomes a shared dependency within companies and their vendors, and extends out to customers, it is critical to explore continuity gaps, decision matrices, and executive control in the event of an incident. The exercise unfolded in a way that allowed attendees to strengthen plans and recovery, while rebuilding the trust required by boards, regulators and consumers. Hundreds of participants faced an emerging scenario that began with plausibly routine issues before moving into widespread service disruptions and cascading failures. There AAR outlines key takeaways that stress significant areas for improvement. Read more here: grf.org/news/n28vga7oj… Register for an upcoming exercise here: grfbrc.org/orf-exercise-r…

Now available for download is the February issue of the GRF monthly newsletter. In this issue you will find info about a GRF article on collective resilience featured in Harvard Business Review, an Operational Technology briefing on UNC3886, and a recent Foundation for Defense of Democracies presentation to the GRF Business Resilience Council on the shifting geopolitics of the Panama Canal, among other news: grf.org/newsletter-feb…

AI is quickly becoming a critical dependency for customer support, software delivery and core business workflows. What happens when AI is impaired? GRF’s Business Resilience Council is hosting a complimentary, multi-sector, virtual tabletop exercise offered on April 2 at 1pm ET and June 24 at 12pm UTC / 8am ET Bring your security, risk, and resilience teams – and invite your peers, colleagues, partners, vendors and suppliers. Together, we need to navigate the new risks introduced by these rapid advancements. Register here: grfbrc.org/orf-exercise-r…

“Cybersecurity Requires Collective Resilience” by Mark Orsi and Keri Pearlson in @HarvardBiz -Read the full article here, as it describes a need and the required steps for a shift away from “operational resilience” to “collective resilience” that recognizes the modern interplay between organizations, their vendors and supply chains: hbr.org/2026/02/cybers… An excerpt: When a CrowdStrike patch inadvertently disrupted Windows endpoints worldwide in 2024, even well-prepared companies were impacted. Yet while many companies struggled to get back online, some were able to recover surprisingly quickly. The difference came down to how quickly leaders could understand the scope and risk, validate mitigation steps, and align communications. For example, within an hour of the disruption, members of the Business Resilience Council (BRC) were sharing what they were seeing in a cross-sector chat. Later that day, those practitioners were collaborating on a call. Soon after, CrowdStrike’s CEO briefed over one thousand companies in the BRC’s trusted forum. The only way to consistently reach that level of speed and candor is through pre-wired relationships, secure channels, and rehearsed playbooks. That’s what we call “collective resilience.”

The End of Chinese Control of the Panama Canal Wednesday, February 18, 2026 2:00 PM ET Register here: us02web.zoom.us/webinar/regist… Join the GRF Business Resilience Council for a briefing by Elaine Dezenski, Senior Director and Head of the Center on Economic and Financial Power (CEFP) at the Foundation for Defense of Democracies (FDD). She will cover the Panama Supreme Court decision on January 29th that ended Chinese control of the ports surrounding the Panama Canal, and the decision's impact on global trade and supply chains, geopolitics and security.

Champions of Collective Defense: In this recurring feature we cover security practitioners who have contributed to industry, ISAC/ISAO or cross-sector security in a significant way. From guidance on resilience frameworks to community leadership, from mitigation support to policy development, the GRF network has witnessed incredible efforts by professionals volunteering their time to help make us all more secure. This month’s champions are John Kronick, CISO of Tutor Perini, and David Sheidlower, CISO of Turner Construction. They have been instrumental in the development of the soon-to-be launched Construction ISAC. Over many meetings, they have pointedly discussed the need for peer-to-peer cybersecurity collaboration, outlined the design of the ISAC, helped develop charter members, and discussed industry requirements like the best path for compliance with the DoD CMMC and its importance for primes and subcontractors. Thank you for your contributions, John and David!

Now available for download is the January issue of the GRF monthly newsletter. In this issue you will find info about the newly release ransomware report for H2 2025, the 2026 Summit on Security & Third-Party Risk call for speakers, details of an upcoming @LS_ISAO workshop, and a Cybersecurity Dive article on security collaboration that features @MFG_ISAC , among other news: grf.org/newsletter-jan…

Join your peers for the 4th Annual National K-12 Cybersecurity Leadership Conference! Melissa Saunders, Dave Lyon, and Melinda DesLauriers of Manassas Park City Schools, will present “Nightmare on Network Street: Surviving the Friday the 13th Ransomware Attack.” See you in Albuquerque, New Mexico, February 24-26, 2026! Learn more and register here: k12six.org/2026-k12six-co… #k12 #cybersecurity #ransomware

Calling speakers! The 9thAnnual Summit on Security & Third-Party Risk is looking for practitioner-presenters to share their expertise on topics including third-party risk management, cloud security, emerging cybersecurity threats, and AI threat mitigation and management. The conference will take place at the Loews Sapphire Falls Resort at Universal Orlando, October 21-23, 2026. Attendees at this multi-sector event will gain an understanding of how peers - and other industries - are managing risk, and leave the conference better armed to defend their organizations. Submit your proposal here: grf.org/cfp2026 Learn more and register here: grf.org/summit2026

GRF analysts recently completed the semiannual ransomware report covering the second half of 2025. The report series tracks attacks based on public sources and conversations of threat actors in closed forums. Analysts compiled data on 3,171 successful attacks. Some key findings: -There has been a 31% increase in ransomware attacks from one year ago. -In the second half of 2025, Manufacturing was again the most targeted industry with 590 victims. The next most targeted sector was Commercial Facilities with 463. -This is the eighth report in a row in which Manufacturing has been the most targeted industry, and the fourth in which Commercial Facilities was second. -Qilin was the most prolific actor with 583 successful attacks, a 40% increase in the number of attacks by the most prolific actor in the previous report. -The United States was targeted by 52% of all ransomware attacks tracked by GRF analysts, with 19% directed at companies within the EU and UK. -Initial Access Brokers have continued to be an integral part of actors’ process, and threat actors are increasingly using phishing kits to launch large scale attacks that enable ransomware operations. AI is also being integrated into tooling. Read the full report: grf.org/ransomware-rep…

The OT Security Training Program is a partnership between Dragos OT-CERT and MFG-ISAC that gathers small and medium suppliers of large OT-centric businesses and provides free resources and training. By improving OT security and reducing risk, together we can strengthen resilience for the entire ecosystem. The program will offer live virtual training and a portal to access training materials and guides. A chat tool will allow participants to communicate with one another to facilitate operationalizing the training materials. Contact tchase@grf.org with questions about this free resource. *Please note: You must register for the free OT-CERT portal before you will be sent the invite for the training session. When you register, in the dropdown menu “How did you hear about OT-CERT,” select MFG-ISAC. Register for the portal here: dragos.com/community/ot-c…

Join your peers for the 4th Annual National K-12 Cybersecurity Leadership Conference! Tommy Pigeon, Director of Cybersecurity, and Jon Hurley, Deputy CTO of Dallas Independent School District, will present “Navigating the Wilderness of Vulnerability Management: A K–12 Survival Guide.” See you in Albuquerque, New Mexico, February 24-26, 2026! Learn more and register here: k12six.org/2026-k12six-co… #k12 #cybersecurity

The Business Resilience Council recently published the After-Action Report from the Telecom Disruption Tabletop Exercise, held in 2025, with 300+ participants across a dozen industries. The report captures what worked, what did not, and what to fix next. Some findings were reassuring. Others were a clear warning signal. One example: 59% of participants said they have not defined Minimum Viable Service Levels (MVSLs) for customer groups. Without MVSLs, it is difficult to make fast decisions when services degrade. The report’s recommendation is straightforward: review business impact analysis so customer groups and MVSLs are explicit and usable during disruption. Download the full After-Action Report grfbrc.org/orf-exercise-r…

Join GRF's Business Resilience Council for a complimentary tabletop exercise focused on disruptions to what is becoming a new critical infrastructure – Artificial Intelligence. Opening remarks will be delivered by Anthropic Deputy CISO Jason Clinton. Invite your team, your peers, and your important vendors and suppliers that rely upon AI. Learn more and register: grfbrc.org/orf-exercise-r… #chatgpt #gemini #Grok #Aisecurity #Ai #riskmanagement #securingAI #CISO #TPRM #telecom #generativeAI #ORF #BRC #AItrust #google

Now available for download is the December issue of the GRF monthly newsletter. In this issue you will find info about the complimentary BRC Virtual Cross-Sector Summit, the upcoming “AI Interrupted” tabletop, details of the @K12SIX conference in Albuquerque, and the inaugural “Champions of Collective Defense” feature, among other news: grf.org/newsletter-dec…