DHS releases cyber incident response draft plan

DHS has released a draft of the National Cyber Incident Response Plan for review

UPDATED: This article was updated on Dec. 11 to clarify that the draft plan was released to outside groups working with DHS to develop the National Cyber Incident Response Plan.

The Homeland Security Department has released a draft of a government plan to designate the roles and responsibilities of agencies and industry in responding to cyber incidents, according to people involved in the strategy’s development. The release involved sending the draft plan to government officials outside DHS and to industry partners for review and comment.  

The draft plan is the result of an ongoing collaboration between DHS and its federal, state and industry partners to develop a National Cyber Incident Response Plan, said Navy Rear Adm. Michael Brown, who serves as DHS’ deputy assistant secretary for cybersecurity and communications, in an interview with Federal Computer Week.

In the Obama administration’s cybersecurity review, released in May, preparing that plan is listed as part of a near-term goal, and DHS has been leading the effort. Brown said DHS recommended that the government update the portion of the National Response Framework that relates to cyber incidents.

“We had lots of input from various [industrial] sectors as well as departments and agencies,” Brown said of the process to develop the draft.

DHS then held a cybersecurity exercise at its new National Cybersecurity and Communications Integration Center with representatives from other government agencies and industry to further develop the draft plan, he said. In early December, the draft was sent to industries involved in critical infrastructure and to state and federal partners that have been involved in developing the cyber incident response plan so they would have an opportunity comment on it.

DHS will take the responses it receives from its partners, expected by mid-month, and incorporate them into a final draft of the plan. Cyber Storm III, a large, multi-organization cybersecurity drill scheduled for September 2010, would be the “graduation exercise” at which the details of the final plan would be tested, Brown said.

He added that he expects many industrial sectors to incorporate the work that’s been done for the plan and related programs into their risk assessments and plans for protecting critical infrastructure. Brown said DHS officials expect to have more than one version of the plan — one that’s an obvious annex to the National Response Framework and a more detailed one that can stand alone.

Robert Dix, Juniper Networks’ vice president for government affairs and critical infrastructure protection, said it’s important to understand that even when the report is complete and sent to President Barack Obama, the plan will continue to evolve.

“This sets a base, but it will continue to be modified based on lessons learned,” Dix said.

About the Author

Ben Bain is a reporter for Federal Computer Week.


  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.