Page 12 - index
P. 12
A National Cyber Incident Response Plan is an Imperative…and
Long Overdue
By Robert Dix
In August 2008, a group of leaders from industry and government embarked on an effort to
develop a National Cyber Incident Response Plan (NCIRP). Prompted by White House
guidance and the recognition of a growing cyber risk environment, it was clear that articulating a
strategic approach to incident and consequence management for cyber events, accompanied
by a series of tactical and operational playbooks, was a high priority that required focused
collaboration.
As a relatively new domain of defense, cyberspace was experiencing growing impact from the
threat presented by hackers, thieves, insiders, and nation states with nuisance, political,
criminal, and malicious intent. The rise in cyber espionage, including theft of business
proprietary information and intellectual property had a significant economic impact as well as a
threat to national security, in the United States and around the world.
Accordingly, the creation of a plan that would provide guidance and clarity around roles,
responsibilities, and authorities for government and the private sector owners and operators of
the nation’s critical infrastructure would establish a predictable and sustainable approach to
cyber risk management.
Unlike in kinetic and natural disaster events, first responders in the case of a cyber event are
not local fire department, police department, or emergency management teams. The networks
and systems that underpin the majority of the functions that we rely on for routine activities, as
well as those mission critical activities that are essential to public health and public safety, are
primarily owned, operated, or controlled by the private sector. Therefore, it was essential to
develop a new model for incident and consequence management, one that recognized the need
for a different type of information sharing, analysis, and collaboration between industry and
government.
For more than a year, government leaders from a variety of federal departments and
agencies—coordinated primarily through the Department of Homeland Security—worked
diligently on a response model with industry leaders from across the private sector critical
infrastructure community, with significant participation from the information technology,
communications, and financial services sectors. Drawing on guidance from the Comprehensive
National Cyber Initiative and experience from two Tier II national cyber exercises (Cyber Storm I
& II), the draft document began to take shape.
Throughout the process there was a great deal of debate but with mutual respect for voices at
the table and a common mission for the deliverables, the effort set the foundation for a draft
National Cyber Incident Response Plan (NCIRP). This document was intended to be a high
level strategic document to be followed by a concerted effort to create a series of “playbooks” or
appendices that would provide tactical and operational direction during steady state, and details
12 Cyber Warnings E-Magazine – October 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
