January 18, 2017–The Department of Homeland Security said today that its U.S. Computer Emergency Readiness Team (US-CERT) has updated its National Cyber Incident Response Plan (NCIRP), implementing President Obama’s Presidential Policy Directive No. 41 issued in July 2016, which set forth principles to guide federal government action regarding responses to significant cybersecurity incidents.
A statement from US-CERT says the updated plan, among other things, lays out “a national approach” to dealing with cyber incidents, addresses the roles of the private sector, state and local governments and federal agencies, and reflects “lessons learned from exercises, real world incidents and policy and statutory updates.”
“This plan applies to cyber incidents and more specifically significant cyber incidents that are likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people,” US-CERT said.
Creation of the update, US-CERT said, was led by DHS’s National Protection and Programs Directorate, the Federal Emergency Management Agency’s National Integration Centers, in coordination with the Department of Justice, the secretary of State, “sector specific agencies and other interagency partners,” and representatives of critical infrastructure sectors and state and local governments.
“The National Cyber Incident Response Plan is based on the guiding principles of PPD 41 and does three critical things,” Homeland Security Secretary Jeh Johnson said in a statement.
“First, it defines the roles and responsibilities of federal, state, local, territorial and tribal entities, the private sector, and international stakeholders during a cyber incident,” he said. “Second, it identifies the capabilities required to respond to a significant cyber incident. And third, it describes the way the federal government will coordinate its activities with those affected by a cyber incident. Overall, the National Cyber Incident Response Plan is a critical step toward further strengthening the nation’s cybersecurity efforts.”
“The National Cyber Incident Response Plan is not a tactical or operational plan for responding to cyber incidents,” he said. “However, it serves as the primary strategic framework for stakeholders when developing agency, sector, and organization-specific operational and coordination plans. This common doctrine will foster unity of effort for emergency operations planning and will help those affected by cyber incidents understand how Federal departments and agencies and other national-level partners provide resources to support mitigation and recovery efforts.” – John Curran, email@example.com