Planning for Significant Cyber Incidents
Cyber incidents are occurring with increasing frequency, and these incidents are becoming more disruptive and costlier. Some such incidents exceed stakeholders' capacity to respond using everyday means. The stakes are particularly high with respect to U.S. National Critical Functions (NCFs). Securing NCFs requires unity of effort within the federal government and effective collaboration and cooperation within state, local, tribal, and territorial (SLTT) governments and the private sector. The Cybersecurity and Infrastructure Security Agency asked the Homeland Security Operational Analysis Center (HSOAC) to develop a contingency planning implementation (how-to) guide, including a contingency plan (CONPLAN) template, that NCF stakeholders could use to develop NCF-specific CONPLANs to guide their response to and efforts to mitigate the impacts of a significant cyber incident affecting their NCFs. Summarizing key elements of the companion how-to guide, this report is intended to inform leadership and managers in NCF stakeholder organizations across government and the private sector on the purpose, components, and processes for developing an actionable CONPLAN. This report provides an overview of contingency planning for a significant cyber incident, focusing on the importance of planning, the process of developing a plan, and options for operationalizing a plan. It summarizes the major concepts that are explored in detail in the separate how-to guide.