NGA Recommends State Cyber Disruption Response Plan Strategies

The National Governors Association (NGA) published a report examining state cyber disruption response plans, and providing recommendations for state officials who want to create or review their own response plans.

NGA differentiates cyber disruption response plans from incident response plans. The latter typically address state IT infrastructure overseen by a state CIO.  Cyber disruption plans, on the other hand, require several agencies to coordinate actions and implement traditional emergency management and homeland security operations.

The report highlights 15 states with publicly available cyber disruption response plans, and examines how they stack up against the 14 core capabilities in the Department of Homeland (DHS) Security’s National Cyber Incident Response Plan (NCIRP). Among the 15 states, there were seven types of threat schema, and plans varied across states in their arrangement of emergency operations plans or emergency support functions.

The report said, however, that “every plan reviewed emphasizes a whole-of-state approach, recognizing the all-encompassing impact a significant incident can have.”

Given the various practices and plans states have in place, NGA listed recommendations for other states to adopt in forming their own cyber disruption response plans. These suggest states:

  • Develop a cyber disruption response strategy before a formal plan and train incident responders on emergency response and emergency operations center standard operating procedures;
  • Adopt the DHS National Cybersecurity and Communications Integration Center scoring system, catalog risk assessments, and attach specific protocols to each threat level;
  • Establish the state’s senior cybersecurity official and create interagency leadership;
  • Include steady-state roles and responsibilities, and review the NCIRP core capabilities;
  • Integrate National Guard resources into the response plan;
  • Form operational procedures for cyber response teams; and
  • Create a volunteer-based cybersecurity force, “akin to a volunteer fire department.”
No Comments

    Leave a Reply