National Cyber Incident Response Plan

This is the introduction for the Draft National Cyber Incident Response Plan dated September 22, 2016.

The National Cybersecurity Protection Act of 2014 (NCPA) mandates that “ the Department of Homeland Security (DHS) in coordination with appropriate entities and individuals, develop, regularly update, maintain, and exercise adaptable cyber incident response plans to address cybersecurity risks to critical infrastructure. ” Presidential Policy Directive white house office of management and budget412 (PPD – 41) titled U.S. Cyber Incident Coordination, sets forth principles governing the Federal Government’s response to any cyber incident, provides an architecture for coordinating the response to significant cyber incidents, and requires DHS to develop a National Cyber Incident Response Plan (NCIRP) to address cybersecurity risks to critical infrastructure. The NCIRP is p art of the broader National Preparedness System and establishes the strategic framework and doctrine for a whole community approach to mitigating, responding to and recovering from a cyber incident. This whole of nation approach includes and strongly relies on public and private partnerships to address major cybersecurity risks to critical infrastructure.   Find a copy here: Draft National Cyber Incident Response

  • Response Plan Purpose and Organization The purpose of the NCIRP is to provide guidance to enable a coordinated whole of Nation approach to response activities and coordination with stakeholders during a significant cyber incident impacting critical infrastructure. The 18 NCIRP set s common doctrine and a strategic framework for National, sector, and individual organization cyber operational plans.
  • Intended Audience – The NCIRP is intended to be used by the Nation as well as enhance our international partners’ understanding of the U.S. cyber incident coordination framework. This all-inclusive concept focuses efforts and enables the full range of stakeholders, individuals, the private and nonprofit sectors (including private and public owners and operators of infrastructure), state, local, tribal, territorial (SLTT), and the Federal Government to participate and be full partners in incident response activities. Government resources alone cannot meet all the needs of those affected by significant cyber incidents. All 28 elements of the community must be activated, engaged, and integrated to respond to a significant cyber incident.