1) The document discusses the importance of personal disaster recovery planning and provides steps to build a plan including determining your digital assets, writing plans for yourself and others with different technical skills, and including important information like passwords, backups, finances, insurance, and points of contact. 2) It emphasizes the importance of offsite backups, testing plans, and dealing with complexities like updating plans and storing documentation. 3) The document aims to help readers prepare for potential disasters by having an organized plan while acknowledging this can feel overwhelming.

1. Watch Out
For That Bus!
Personal Disaster Recovery Planning
David Minch
@dhminch
BSidesDC 2018
Approved for Public Release; Distribution Unlimited. Case Number 18-2458.
©2018 The MITRE Corporation. All Rights Reserved. The author's affiliation with The MITRE Corporation
is provided for identification purposes only, and is not intended to convey or imply MITRE's concurrence
with, or support for, the positions, opinions, or viewpoints expressed by the author.

2. Talk Overview
1. Discuss why personal disaster recovery planning matters
2. Determine what makes up your digital life
3. Laugh at my personal failure
4. Build your own plan
5. Test your own plan
End Result: Prepared for the worst, hoping for the best.

3. Bus Count

5. Q1: Will you die?
Answer
Yes
No

6. Q2: Have you been affected by:
Answer
Natural disaster
Hardware/software failure
Theft of device/computer
Death/illness in close family

7. You Just Died
(Whomp)

8. Spectrum of Technological Competency
Less Technical More Technical

9. Spectrum of Technological Competency
Less Technical More Technical
Where do the people you care about fall on this spectrum?

11. The bus comes
for them

12. Or something
else bad
happens
Fire
Flood
Old Age / Dementia / Mental Illness
Theft
“The Government”
Military Deployments
Hardware / Software Failure
Ransomware

13. Q3: Do you currently backup your files?
Answer
Yes, I have automatic, offsite backups
Yes, I have automatic, local backups
Yes, I copy stuff to a flash drive when I
remember…which is never
No, I live on the edge

14. Q4: Have you lost data before?
Answer
Yes, I was upset
Yes, but it was no big deal
Nope, I’m lucky and awesome

15. Can you recover?

16. Are your security controls going to
stop you?

17. Your digital life

18. Test!

19. …and fail

20. Whoops
Goal: Get Encrypted File Vault

21. Whoops
Access
Password
Manager
Access Cloud
Backups
Decrypt Cloud
Backups
Retrieve Files
Goal: Get Encrypted File Vault

22. Whoops
Access
Password
Manager
Access Cloud
Backups
Decrypt Cloud
Backups
Retrieve Files
Goal: Get Encrypted File Vault

23. Whoops
Access
Password
Manager
Access Cloud
Backups
Decrypt Cloud
Backups
Retrieve Files
Goal: Get Encrypted File Vault

24. Whoops
Access
Password
Manager
Access Cloud
Backups
Decrypt Cloud
Backups
Retrieve Files
Goal: Get Encrypted File Vault

25. Whoops
Access
Password
Manager
Access Cloud
Backups
Decrypt Cloud
Backups
Retrieve Files
Goal: Get Encrypted File Vault
Gone Forever

27. Whoops
Access
Password
Manager
Access Cloud
Backups
Decrypt Cloud
Backups
Retrieve Files
Goal: Get Encrypted File Vault

28. Whoops
Access
Password
Manager
Access Cloud
Backups
Decrypt Cloud
Backups
Retrieve Files
Goal: Get Encrypted File Vault
Inaccessible

29. Whoops
Access
Password
Manager
Access Cloud
Backups
Decrypt Cloud
Backups
Retrieve Files
Goal: Get Encrypted File Vault
All Hope LostInaccessible

30. Whoops
Access
Password
Manager
Access Cloud
Backups
Decrypt Cloud
Backups
Retrieve Files
Goal: Get Encrypted File Vault
Gone ForeverAll Hope LostInaccessible

31. Whoops
Access
Password
Manager
Access Cloud
Backups
Decrypt Cloud
Backups
Retrieve Files
Goal: Get Encrypted File Vault
Gone ForeverAll Hope LostInaccessible

32. What went
wrong with my
plan?
Circular Dependencies

33. Other potential
plan failures
Multi-factor Lockout

34. Other potential
plan failures
Backup Failure

35. Other potential
plan failures
Existence

36. Other potential
plan failures
Inaction

37. Building
personal
disaster
recovery plans
Write A Plan For
You
1

38. Building
personal
disaster
recovery plans
Write A Plan For
You
Write A Plan For
Someone Else
1
2

39. Spectrum of Technological Competency
Less Technical More Technical

40. Building
personal
disaster
recovery plans
Write A Plan For
You
Write A Plan For
Someone Else
Write A Plan For
Someone Else
Less Technical
1
3
2

41. x 2

42. Building
personal
disaster
recovery plans
Write A Plan For
You
Write A Plan For
Someone Else
Write A Plan For
Someone Else
Less Technical
1a
1
3
2

43. What’s even in
the plan?
Passwords
Backups
Financials
Healthcare and Insurance
Home Information
Technology / Security
Points of Contact

44. What’s even in
the plan?
Passwords
Backups
Financials
Healthcare and Insurance
Home Information
Technology / Security
Points of Contact
Passwords and decryption keys for:
◦ Any encrypted files, file vaults, disk encryption
◦ Your backups
◦ Your computer accounts
◦ Your online accounts (that’s a lot)
Make this easy on yourself, use a password manager
1Password Dashlane LastPass KeePass

45. OFFSITE backups
Bonus points for local and offsite backups
If it’s in the same ZIP code, it doesn’t count
File synchronization services count, but aren’t as robust
What’s even in
the plan?
Passwords
Backups
Financials
Healthcare and Insurance
Home Information
Technology / Security
Points of Contact Dropbox OneDrive

46. What’s even in
the plan?
Passwords
Backups
Financials
Healthcare and Insurance
Home Information
Technology / Security
Points of Contact
Credit Cards
Loans
Mortgages
Other Debts
Bank Accounts
Investment Accounts
Retirement Accounts
Cryptocurrency
Other Assets

47. What’s even in
the plan?
Passwords
Backups
Financials
Healthcare and Insurance
Home Information
Technology / Security
Points of Contact
Credit Bureaus
Government

48. What’s even in
the plan?
Passwords
Backups
Financials
Healthcare and Insurance
Home Information
Technology / Security
Points of Contact
Health Insurance
Dental Insurance
Vision Insurance
Life Insurance
Accidental Death &
Dismemberment
Short-term and Long-
term Disability

49. What’s even in
the plan?
Passwords
Backups
Financials
Healthcare and Insurance
Home Information
Technology / Security
Points of Contact

50. What’s even in
the plan?
Passwords
Backups
Financials
Healthcare and Insurance
Home Information
Technology / Security
Points of Contact

51. What’s even in
the plan?
Passwords
Backups
Financials
Healthcare and Insurance
Home Information
Technology / Security
Points of Contact Look at how much
fun we’re having
talking about
backups!
Knows
what
Bitcoin
is

52. BONUS:
Physical Kit
 Backup USB chargers and cables
 Backup multi-factor codes / keys
 Copies of ID
 First-Aid kit
 Water (1 gal/person/day)
 Non-perishable food
 Battery or hand-crank radio
 Flashlight, whistle, duct tape, extra batteries
 Dust masks, plastic sheeting
 Moist towelettes, garbage bags, plastic ties
 See more at https://www.ready.gov

53. BONUS:
Analog Will
Executor Beneficiaries
Asset Distribution Guardians (for minors)

54. More
complexities!
Updating your plan
Testing your plan
Storing your plan

55. More
complexities!
Updating your plan
Testing your plan
Storing your plan

56. More
complexities!
Updating your plan
Testing your plan
Storing your plan

57. More
complexities!
Updating your plan
Testing your plan
Storing your plan

58. More
complexities!
Updating your plan
Testing your plan
Storing your plan

59. More
complexities!
Updating your plan
Testing your plan
Storing your plan

60. This is overwhelming!

61. TL;DR
Offsite Backups Password Manager
Documentation Actually Doing Something
Testing

63. Share your stories, ideas, and questions
@dhminch