Cyber incidents that pose a great threat to national security, foreign relations, and the U.S. economy are on the rise. The Cybersecurity and Infrastructure Security Agency (CISA) asked the Homeland Security Operational Analysis Center (HSOAC) to develop a how-to guide (not available to the general public) to address this issue and assist decisionmakers in planning and responding to these incidents. HSOAC has released a report summarizing the major concepts of the contingency plan (CONPLAN) in the how-to guide. HSOAC emphasizes the biggest risk is in regard to U.S. National Critical Functions (NCFs).
The U.S. government defines NCFs as:
functions of government and the private sector so vital to the United States that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”
The report outlines the planning process in five steps:
- Gather data and survey the threats;
- Develop mission statements and objectives;
- Develop courses of action;
- Draft a plan; and
- Evaluate risks to the plan.
CISA intends for this report to enhance cyber incident coordination efforts among private-sector stakeholders and federal respondents. Because there have been relatively few cyber incidents, it is necessary to refine federal capabilities to improve preparedness. Through planning, stakeholders can increase their coordination and communication efforts and eventually share their insights with CISA to further secure NCFs.