DHS releases cyber incident response draft plan

DHS has released a draft of the National Cyber Incident Response Plan for review

UPDATED: This article was updated on Dec. 11 to clarify that the draft plan was released to outside groups working with DHS to develop the National Cyber Incident Response Plan.

The Homeland Security Department has released a draft of a government plan to designate the roles and responsibilities of agencies and industry in responding to cyber incidents, according to people involved in the strategy’s development. The release involved sending the draft plan to government officials outside DHS and to industry partners for review and comment.  

The draft plan is the result of an ongoing collaboration between DHS and its federal, state and industry partners to develop a National Cyber Incident Response Plan, said Navy Rear Adm. Michael Brown, who serves as DHS’ deputy assistant secretary for cybersecurity and communications, in an interview with Federal Computer Week.

In the Obama administration’s cybersecurity review, released in May, preparing that plan is listed as part of a near-term goal, and DHS has been leading the effort. Brown said DHS recommended that the government update the portion of the National Response Framework that relates to cyber incidents.

“We had lots of input from various [industrial] sectors as well as departments and agencies,” Brown said of the process to develop the draft.

DHS then held a cybersecurity exercise at its new National Cybersecurity and Communications Integration Center with representatives from other government agencies and industry to further develop the draft plan, he said. In early December, the draft was sent to industries involved in critical infrastructure and to state and federal partners that have been involved in developing the cyber incident response plan so they would have an opportunity comment on it.

DHS will take the responses it receives from its partners, expected by mid-month, and incorporate them into a final draft of the plan. Cyber Storm III, a large, multi-organization cybersecurity drill scheduled for September 2010, would be the “graduation exercise” at which the details of the final plan would be tested, Brown said.

He added that he expects many industrial sectors to incorporate the work that’s been done for the plan and related programs into their risk assessments and plans for protecting critical infrastructure. Brown said DHS officials expect to have more than one version of the plan — one that’s an obvious annex to the National Response Framework and a more detailed one that can stand alone.

Robert Dix, Juniper Networks’ vice president for government affairs and critical infrastructure protection, said it’s important to understand that even when the report is complete and sent to President Barack Obama, the plan will continue to evolve.

“This sets a base, but it will continue to be modified based on lessons learned,” Dix said.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • People
    Dr. Ronny Jackson briefs the press on President Trump

    Uncertainty at VA after nominee withdraws

    With White House physician Adm. Ronny Jackson's withdrawal, VA watchers are wondering what's next for the agency and its planned $16 billion health IT modernization project.

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.