DHS Secretary Johnson releases statement on National Cyber Incident Response Plan
On January 18, the Department of Homeland Security released a statement from Secretary Jeh Johnson on the release of the National Cyber Incident Response Plan.
In July of last year, President Obama released Presidential Policy Directive/ PPD-41, United States Cyber Incident Coordination, establishing clear principles that will govern the Federal government’s actions in responding to significant cyber incidents. The PPD also directed the Department of Homeland Security to perform a comprehensive review and update the National Cyber Incident Response Plan within 180 days. I am pleased to announce today’s on-schedule release of this plan, which will help DHS and the federal government improve our ability to manage cyber incidents.
The National Cyber Incident Response Plan is based on the guiding principles of PPD 41 and does three critical things. First, it defines the roles and responsibilities of federal, state, local, territorial and tribal entities, the private sector, and international stakeholders during a cyber incident. Second, it identifies the capabilities required to respond to a significant cyber incident. And third, it describes the way the federal government will coordinate its activities with those affected by a cyber incident. Overall, the National Cyber Incident Response Plan is a critical step toward further strengthening the nation’s cybersecurity efforts.
The National Cyber Incident Response Plan is not a tactical or operational plan for responding to cyber incidents. However, it serves as the primary strategic framework for stakeholders when developing agency, sector, and organization-specific operational and coordination plans. This common doctrine will foster unity of effort for emergency operations planning and will help those affected by cyber incidents understand how Federal departments and agencies and other national-level partners provide resources to support mitigation and recovery efforts.
This comprehensive update was made possible through the valuable contributions and coordination with the Departments of Justice and Defense, the Office of the Director of National Intelligence, the Sector Specific Agencies and other interagency partners, representatives from across the 16 critical infrastructure sectors, others in the private sector, and state and local governments. Today, I thank all of our partners for their input and the public for their assistance in developing this plan. I strongly encourage the next administration to make cybersecurity a top priority and continue to build on our important work.
To read the plan, please visit http://www.us-cert.gov/ncirp.