DHS releases cyber incident response draft plan

DHS has released a draft of the National Cyber Incident Response Plan for review

UPDATED: This article was updated on Dec. 11 to clarify that the draft plan was released to outside groups working with DHS to develop the National Cyber Incident Response Plan.

The Homeland Security Department has released a draft of a government plan to designate the roles and responsibilities of agencies and industry in responding to cyber incidents, according to people involved in the strategy’s development. The release involved sending the draft plan to government officials outside DHS and to industry partners for review and comment.  

The draft plan is the result of an ongoing collaboration between DHS and its federal, state and industry partners to develop a National Cyber Incident Response Plan, said Navy Rear Adm. Michael Brown, who serves as DHS’ deputy assistant secretary for cybersecurity and communications, in an interview with Federal Computer Week.

In the Obama administration’s cybersecurity review, released in May, preparing that plan is listed as part of a near-term goal, and DHS has been leading the effort. Brown said DHS recommended that the government update the portion of the National Response Framework that relates to cyber incidents.

“We had lots of input from various [industrial] sectors as well as departments and agencies,” Brown said of the process to develop the draft.

DHS then held a cybersecurity exercise at its new National Cybersecurity and Communications Integration Center with representatives from other government agencies and industry to further develop the draft plan, he said. In early December, the draft was sent to industries involved in critical infrastructure and to state and federal partners that have been involved in developing the cyber incident response plan so they would have an opportunity comment on it.

DHS will take the responses it receives from its partners, expected by mid-month, and incorporate them into a final draft of the plan. Cyber Storm III, a large, multi-organization cybersecurity drill scheduled for September 2010, would be the “graduation exercise” at which the details of the final plan would be tested, Brown said.

He added that he expects many industrial sectors to incorporate the work that’s been done for the plan and related programs into their risk assessments and plans for protecting critical infrastructure. Brown said DHS officials expect to have more than one version of the plan — one that’s an obvious annex to the National Response Framework and a more detailed one that can stand alone.

Robert Dix, Juniper Networks’ vice president for government affairs and critical infrastructure protection, said it’s important to understand that even when the report is complete and sent to President Barack Obama, the plan will continue to evolve.

“This sets a base, but it will continue to be modified based on lessons learned,” Dix said.

About the Author

Ben Bain is a reporter for Federal Computer Week.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • Social network, census

    5 predictions for federal IT in 2017

    As the Trump team takes control, here's what the tech community can expect.

  • Rep. Gerald Connolly

    Connolly warns on workforce changes

    The ranking member of the House Oversight Committee's Government Operations panel warns that Congress will look to legislate changes to the federal workforce.

  • President Donald J. Trump delivers his inaugural address

    How will Trump lead on tech?

    The businessman turned reality star turned U.S. president clearly has mastered Twitter, but what will his administration mean for broader technology issues?

  • Login.gov moving ahead

    The bid to establish a single login for accessing government services is moving again on the last full day of the Obama presidency.

  • Shutterstock image (by Jirsak): customer care, relationship management, and leadership concept.

    Obama wraps up security clearance reforms

    In a last-minute executive order, President Obama institutes structural reforms to the security clearance process designed to create a more unified system across government agencies.

  • Shutterstock image: breached lock.

    What cyber can learn from counterterrorism

    The U.S. has to look at its experience in developing post-9/11 counterterrorism policies to inform efforts to formalize cybersecurity policies, says a senior official.

Reader comments

Wed, Dec 16, 2009

85% of critical infrastructure and at least 90% of network infrastructure is in private sector (not public sector) hands. Private sector enterprise has been responding to cyber-threats and innovating threat mitigation technology for decades. It is unrealistic to expect the public sector to now take the lead in a prevention role across thousands of private sector networks. At best, the public sector can (and does) coordinate with private sector stake-holders to coordinate threat intelligence and facilitate response.

Fri, Dec 11, 2009 Disappointed again DHS

I've carefully reviewed this so-called plan and it is filled with extraneous redundant descriptions of organizational entities already described ad nauseum in other, better documents. What DHS needs to do is update the 2004 Cyber Incident Annex to the 2008 National Response Framework. The current NCIRP is just the same old bloated gov-speak that provides no real value.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group