DHS releases cyber incident response draft plan

DHS has released a draft of the National Cyber Incident Response Plan for review

UPDATED: This article was updated on Dec. 11 to clarify that the draft plan was released to outside groups working with DHS to develop the National Cyber Incident Response Plan.

The Homeland Security Department has released a draft of a government plan to designate the roles and responsibilities of agencies and industry in responding to cyber incidents, according to people involved in the strategy’s development. The release involved sending the draft plan to government officials outside DHS and to industry partners for review and comment.  

The draft plan is the result of an ongoing collaboration between DHS and its federal, state and industry partners to develop a National Cyber Incident Response Plan, said Navy Rear Adm. Michael Brown, who serves as DHS’ deputy assistant secretary for cybersecurity and communications, in an interview with Federal Computer Week.

In the Obama administration’s cybersecurity review, released in May, preparing that plan is listed as part of a near-term goal, and DHS has been leading the effort. Brown said DHS recommended that the government update the portion of the National Response Framework that relates to cyber incidents.

“We had lots of input from various [industrial] sectors as well as departments and agencies,” Brown said of the process to develop the draft.

DHS then held a cybersecurity exercise at its new National Cybersecurity and Communications Integration Center with representatives from other government agencies and industry to further develop the draft plan, he said. In early December, the draft was sent to industries involved in critical infrastructure and to state and federal partners that have been involved in developing the cyber incident response plan so they would have an opportunity comment on it.

DHS will take the responses it receives from its partners, expected by mid-month, and incorporate them into a final draft of the plan. Cyber Storm III, a large, multi-organization cybersecurity drill scheduled for September 2010, would be the “graduation exercise” at which the details of the final plan would be tested, Brown said.

He added that he expects many industrial sectors to incorporate the work that’s been done for the plan and related programs into their risk assessments and plans for protecting critical infrastructure. Brown said DHS officials expect to have more than one version of the plan — one that’s an obvious annex to the National Response Framework and a more detailed one that can stand alone.

Robert Dix, Juniper Networks’ vice president for government affairs and critical infrastructure protection, said it’s important to understand that even when the report is complete and sent to President Barack Obama, the plan will continue to evolve.

“This sets a base, but it will continue to be modified based on lessons learned,” Dix said.

Reader Comments

Wed, Dec 16, 2009

85% of critical infrastructure and at least 90% of network infrastructure is in private sector (not public sector) hands. Private sector enterprise has been responding to cyber-threats and innovating threat mitigation technology for decades. It is unrealistic to expect the public sector to now take the lead in a prevention role across thousands of private sector networks. At best, the public sector can (and does) coordinate with private sector stake-holders to coordinate threat intelligence and facilitate response.

Fri, Dec 11, 2009 Disappointed again DHS

I've carefully reviewed this so-called plan and it is filled with extraneous redundant descriptions of organizational entities already described ad nauseum in other, better documents. What DHS needs to do is update the 2004 Cyber Incident Annex to the 2008 National Response Framework. The current NCIRP is just the same old bloated gov-speak that provides no real value.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above