Last July, President Obama issued Presidential Policy Directive/ PPD-41, United States Cyber Incident Coordination, establishing clear principles to govern the federal government’s actions in responding to significant cyber incidents. The PPD also directed the Department of Homeland Security (DHS) to perform a comprehensive review and update of the existing National Cyber Incident Response Plan (NCIRP) within 180 days. The updated plan has just been released.
The updated NCIRP describes a national approach to dealing with cyber incidents; addresses the important role that the private sector, state and local governments and multiple federal agencies play in responding to incidents and how the actions of all fit together for an integrated response.
It also reflects and incorporates lessons learned from exercises, real world incidents and policy and statutory updates, such as PPD-41, US Cyber Incident Coordination and the National Cybersecurity Protection Act of 2014.
The NCIRP also serves as the Cyber Annex to the Federal Interagency Operational Plan (FIOP) that built upon the National Planning Frameworks and the National Preparedness System.
The plan applies to cyber incidents and more specifically significant cyber incidents that are likely to result in demonstrable harm to the national security interests, foreign relations or economy of the United States or to the public confidence, civil liberties or public health and safety of the American people.
DHS’s National Protection and Programs Directorate (NPPD) and Federal Emergency Management Agency (FEMA)’s National Integration Center led the development of the updated NCIRP in coordination with the Department of Justice, the Secretary of Defense and Sector Specific Agencies and other interagency partners, representatives from the 16 critical infrastructure sectors and state and local governments.
“The National Cyber Incident Response Plan is based on the guiding principles of PPD 41 and does three critical things. First, it defines the roles and responsibilities of federal, state, local, territorial and tribal entities, the private sector and international stakeholders during a cyber incident,” DHS Secretary Jeh Johnson said. “Second, it identifies the capabilities required to respond to a significant cyber incident. And third, it describes the way the federal government will coordinate its activities with those affected by a cyber incident. Overall, the National Cyber Incident Response Plan is a critical step toward further strengthening the nation’s cybersecurity efforts.”
Johnson said, “The National Cyber Incident Response Plan is not a tactical or operational plan for responding to cyber incidents. However, it serves as the primary strategic framework for stakeholders when developing agency, sector and organization-specific operational and coordination plans. This common doctrine will foster unity of effort for emergency operations planning and will help those affected by cyber incidents understand how federal departments and agencies and other national-level partners provide resources to support mitigation and recovery efforts."
“This comprehensive update,” he noted, “was made possible through the valuable contributions and coordination with the Departments of Justice and Defense, the Office of the Director of National Intelligence, the Sector Specific Agencies and other interagency partners, representatives from across the 16 critical infrastructure sectors, others in the private sector and state and local governments … I thank all of our partners for their input and the public for their assistance in developing this plan. I strongly encourage the next administration to make cybersecurity a top priority and continue to build on our important work.”