October is National Cyber Security Awareness Month. With it, the DHS Private Sector Office has provided a number of resources to help organizations get involved in cyber security awareness. These include weekly themes, such as Stop. Think. Connect., information on a weekly Twitter Chat series, and other information.
Perhaps released intentionally during National Cyber Security Awareness Month is the call for public comment on the National Cyber Incident Response Plan. From their website, DHS’ National Protection and Programs Directorate and FEMA’s National Integration Center are leading the development of this document in coordination with the US Department of Justice, the Secretary of Defense, and other partners. This plan is intended to provide a nation-wide approach to cyber incidents, incorporating roles for the private sector and all levels of government (TR – similar to the National Planning Frameworks, which this document rather heavily references). The National Engagement Period ends on October 31, so be sure to review the document and provide feedback. There are also a series of webinars referenced on the website.
In my initial and very cursory review of the plan, I was pleased to see the references to the National Preparedness Goal and National Planning Frameworks. I’ve mentioned before that we need to strive to align and integrate all preparedness efforts along these lines and I’m thrilled to see it happening. It’s even more encouraging to see this occurring with something that could be considered a bit fringe to traditional emergency management. The plan directly references a number of Core Capabilities. They take an interesting approach with this. Instead of identifying which Core Capabilities the plan organizes under, they instead align certain Core Capabilities within what they call Lines of Effort. These Lines of Effort include Threat Response, Asset Response, and Intelligence Support. For each Core Capability they define the Core Capability, a la the National Preparedness Goal, and describe how that Core Capability applies to Line of Effort, along with listing associated critical tasks. (inserted is Table 2 from the plan which shows this alignment)
What I find even more interesting is the array of Core Capabilities they identified for their Lines of Effort. While this plan is oriented toward response, the Core Capabilities they identify come from the Mission Areas of Prevention, Protection, Response, and Mitigation, along with including the three common Core Capabilities. This further reinforces the thought that the Cyber Security Core Capability should also be included as a common Core Capability. This is an interesting document which I look forward to reviewing in more detail.
© 2016 – Timothy Riecker, CEDP
Emergency Preparedness Solutions, LLC – Your Partner in Preparedness