How not to do incident response

The OIG has a great write-up of an incident response at the Economic Development Administration that cost them $2.7m and included them physically destroying $170k of computer equipment: right down to keyboards and mice because they believed malware had firmware persistence capabilities. There were huge mis-communications with the Department Of Commerce CIRT, and a series of bad assumptions that led to this scenario. Great case study.