Page 14 - index
P. 14
Where Is The National Cyber Incident Response Plan?
What happens if we experience a cyber event with national impact?
By Robert B. Dix, Jr.
Which federal agency is in charge if we experience a major national cyber event in the United
States? Is it the Department of Homeland Security (DHS)? Is it the Federal Bureau of
Investigation (FBI)? Is it the Department of Defense (DoD)? Is it the White House National
Security Council (NSC)? It would seem that in 2015, there should be clarity in the answer to this
important question. However, as we sit here today, there is no clarity because there is no official
National Cyber Incident Response Plan (NCIRP) that defines specific roles and responsibilities
for government, or the engagement model with the private sector. There is only a draft interim
version of a NCIRP that has been sitting at the White House since 2010.
Given the complex nature of cybersecurity and the fact that the prevailing majority of critical
infrastructure in this nation is owned, operated or controlled by the private sector, there is a
serious gap in the United States without an approved NCIRP or the attendant operational details
that lay out the roles and responsibilities of various government agencies and entities; much
less the manner in which the private sector will be engaged to achieve timely, reliable, and
actionable ground truth and situational awareness to inform the decision making process about
how to mitigate, respond to or recover from a significant national cyber event.
Finalizing the overarching strategic approach to this critical national and economic security
issue through an NCIRP, which is regularly reviewed and updated based on lessons learned
from real life experience and periodic national exercises, as well as operational playbooks
connected to thresholds of escalation in cyber events that result in national or even global
consequences, is an essential element to the mission of preparedness, protection, and
resilience to make our nation safer and more secure.
In August 2008, the White House launched an effort that was originally intended to be an inter-
governmental effort. However, after an intervention by a group of leaders from the private sector
critical infrastructure owner and operator community, the approach to the initiative was revised
by the White House National Security Staff to include a broad base of stakeholders, including
private sector critical infrastructure and key resource (CI/KR) representatives. This was done in
a collaborative effort to improve cybersecurity and resilience, which was followed by an intense
effort that included discussion, debate, research and writing driven by communication,
coordination and collaboration with stakeholders to produce a draft version of the NCIRP that
was delivered to the White House in 2009. The product was then advanced into the federal
interagency process and the outcome of that review process was a document that was sent to
the White House for final review and approval in 2010. As of today, the document remains in a
draft interim status.
An obvious question that has yet to receive a tangible or definitive answer is why? Why is it that
almost five years later, there is still no approved NCIRP or a successor version? Why have the
14 Cyber Warnings E-Magazine – March 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
