DHS completes draft of plan on how to respond to a national cyberattack

Featured eBooks
Cyber Workforce
Read Now

Law Enforcement Tech

Read Now

AI in the Workplace

Read Now
Insights & Reports
Document Automation & E-Signature for the Public Sector
Presented By Carahsoft
Download Now
By Jill R. Aitoro

By Jill R. Aitoro

|

The final strategy outlining public and private roles and responsibilities will be completed after public comment and then will be put to the test in September 2010.

The Homeland Security Department, working with other federal agencies, has completed a draft of how governments and businesses should respond to a widespread cyberattack, establishing their roles and responsibilities.

The department is collecting comments from the public and business partners that it plans to consider before it tests the final plan during a large-scale cybersecurity drill in September 2010, a DHS official said on Thursday.

The plan, which the Obama administration announced in June, includes more than 150 participants from federal, state and local governments, as well as from industry and organizations that run the nation's critical infrastructures such as transportation and banking, said Michael Brown, deputy assistant secretary for cybersecurity and communications at DHS. He spoke at the AFCEA Solutions cybersecurity conference in Leesburg, Va.

After completing the draft plan, DHS hosted a tabletop exercise in November with participants from the public and private sectors to test the how the strategy would work.

"There are multiple authorities or lack of authorities associated with all partners in the public and private sectors," Brown said. "This lays out how people are to respond when we hit certain thresholds" during a cyber incident. The plan defines roles and responsibilities for the different sectors, which can develop so-called custom playbooks that would specifically guide operational procedures during a cyberattack, he added.

The new National Cybersecurity and Communications Integration Center, which opened Oct. 30, will play a key role in cyber response as a 24-hour, coordinated watch and warning center with representatives from DHS, the Justice Department, the National Security Agency, and the Defense Department's new Cyber Command, when the center is operational. Other partners from industry and state and local governments also will integrate communications during an incident through the center, Brown said.

DHS will test the cyber response plan during its CyberStorm III exercise, the third large-scale simulation of a cyberattack that it plans to begin in September 2010. Some details about the plan will be released, Brown said, although specifics will be kept confidential.

NEXT STORY: Wanted: A Smokey Bear for cybersecurity