The US Department of Homeland Security (DHS) released the final version of the National Cyber Incident Response Plan (NCIRP) on January 18, 2017. It is available at https://www.us-cert.gov/.
NCIRP describes the roles and responsibilities of federal, state, local, territorial and tribal entities as well as private sector and international stakeholders during a cyber incident. In a statement released by DHS Secretary Jeh Johnson describing the purpose of NCIRP, “First, it defines the roles and responsibilities of federal, state, local, territorial and tribal entities, the private sector and international stakeholders during a cyber incident. Second, it identifies the capabilities required to respond to a significant cyber incident. And third, it describes the way the federal government will coordinate its activities with those affected by a cyber incident.”
NCIRP provides a strategic framework for key stakeholders when developing agency, sector, and organization-specific operational and coordination plans. In addition, private sector stakeholders are also able to apply the framework to their cybersecurity plans. Although not required, private sector organizations applying the framework will help unify an environment where federal, state, and local entities can understand and mitigate cyber risks.
DHS created the doctrine in coordination with the Departments of Justice and Defense, Office of the Director of National Intelligence, sector-specific agencies and other interagency partners, private sector and state and local governments. Lee Kim, Director, Privacy and Security for HIMSS, served as a key private sector representative on the Plan’s working group.
In July, 2016, President Obama issued a directive to DHS to carry out a comprehensive review and update NCIRP within 180 days. The President released the final version this week, replacing the 2010 interim version.