National Cyber Incident Response Plan: Cybersecurity Federal Roles and Responsibilities - Response To, and Recovery From, Significant Cyber Attacks Posing Risks to Critical Infrastructure Systems

This important reference document has been professionally converted for accurate flowing-text e-book format reproduction.

Networked technologies touch every corner of the globe and every facet of human life. They have driven innovation, nurtured freedoms, and spurred economic prosperity. Even so, the very technologies that enable these benefits offer new opportunities for malicious and unwanted cyber activities. The risks associated with the Nation's dependence on these networked technologies led to the development of Presidential Policy Directive 41 (PPD-41): United States Cyber Incident Coordination, which sets forth principles governing the Federal Government's response to any cyber incident, whether involving government or private sector entities.
PPD-41 recognizes that the frequency of cyber incidents is increasing, and this trend is unlikely to be reversed anytime soon. The most significant of these incidents, those likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people, necessitate deliberative planning, coordination, and exercising of response activities, in order to minimize the threat and consequences to the Nation, infrastructure, and way of life.

The National Cyber Incident Response Plan (NCIRP or Plan) is not a tactical or operational plan; rather, it serves as the primary strategic framework for stakeholders to understand how federal departments and agencies and other national-level partners provide resources to support response operations. Authored in close coordination with government and private sector partners, the NCIRP expounds upon the concurrent lines of effort, defined by PPD-41, for how the Federal Government will organize its activities to manage the effects of significant cyber incidents. The concurrent lines of effort are threat response, asset response, intelligence support, and the affected entity, which undertakes efforts to manage the effects of the incident on its operations, customers, and workforce.

Guiding Principles * Relationship To National Preparedness System * Roles and Responsibilities * Concurrent Lines Of Effort * Threat Response * Private Sector * State, Local, Tribal, and Territorial Governments * Federal Government * Asset Response * Private Sector * State, Local, Tribal, and Territorial Government * Federal Government * Intelligence Support * State, Local, Tribal, and Territorial Government * Federal Government * Affected Entity's Response * Cyber Incidents Involving Personally Identifiable Information * Core Capabilities * Access Control and Identity Verification * Cybersecurity * Forensics and Attribution * Infrastructure Systems * Intelligence and Information Sharing * Interdiction and Disruption * Logistics and Supply Chain Management * Operational Communications * Operational Coordination * Planning * Public Information and Warning * Screening, Search, and Detection * Situational Assessment * Threats and Hazards Identification * Coordinating Structures and Integration * Coordinating Structures * Private Sector * State, Local, Tribal, and Territorial Governments * Federal Government * International * Operational Coordination During A Significant Cyber Incident * Determination Of Incident Severity * Enhanced Coordination Procedures * Cyber UCG * Information Sharing During Cyber Incident Response