Cyber Disruption is Inevitable, but Resistance is Not Futile

CyberDisruptionNASCIOThe National Association of State Chief Information Officers (NASCIO) has released a 104-page Cyber Disruption Response Planning Guide. “This guide is both a practical implementation document and a call to action for states to develop state cyber disruption response plans that include: a governance structure that clearly designates who is in charge in a given event or phase of an event; development of a risk profile for state assets; collaboration among the various agencies that have cyber responsibility; and a communication plan to ensure the right people have the right information as early as possible so they can respond effectively”

The guide comprises three sections:

Section 1: Cyber Disruption Response Planning Guide
“The purpose of the guide is to encourage states to develop their own cyber disruption response plans. It provides guidance on what a cyber disruption is and how states should proceed in developing capabilities to plan for, prevent, mitigate and respond to such events. […] The guide ends with a set of recommendations for state government and an appendix with additional references.”

Section 2: Cyber Disruption Response Checklist
This 11-page checklist “is intended to list essential elements of any coordinated or integrated cybersecurity disruption plan. We encourage state cybersecurity teams to utilize this worksheet as a starting point for a discussion regarding governance, organization, and planning essential elements of risk reduction and response to cyber disruptions.”

Section 3: Cyber Disruption Response Cross-functionality Report
“During a cybersecurity disruption, state government will need to work with federal, state, and local agencies and organizations; K-12; higher education; and private industry to respond to a cyber disruption, resolve the disruption and address any secondary effects that arise from a cybersecurity disruption, man made disaster, or natural disaster. The [checklist] will provide a proforma set of roles, responsibilities and cross-functional process for coordinating/orchestrating organizations and resources during a cybersecurity event that first surfaces as a cyber event and which escalates to be categorized as a cyber disruption.”