The days of focusing on the perimeter are over. Rather than waiting for the next cyberattack to strike, many security practitioners are focusing on the activity surrounding their critical assets, in addition to drafting incident response plans that activate once the inevitable breach occurs.
Producing these response plans isn’t easy depending on the size of the organization and internal complexities related to the systems and processes in place, so you can only imagine the work that the federal government has put into their soon to be finalized National Cyber Incident Response Plan (NCIRP).
This strategic framework highlights how the government responds to cyber incidents internally, as well as with the private sector and state and local governments. As cyber “incidents” become more significant, they affect broader spectrums of industries, which means departments and agencies within the government have to figure out how to respond in a coordinated way, according to Neil Jenkins, chief of policy and planning at the Department of Homeland Security’s Office of Cybersecurity and Communications.
“[The NCIRP] explains how we determine whether something is a significant cyber incident, it explains the guiding principals through which we do cyber incident response, and most importantly it explains all of the roles and responsibilities of all the players in cyber incidents,” Jenkins said in a recent video interview with Infosec Insider during the 2016 Threat Intelligence Summit.
In this video interview, Jenkins describes the federal government’s cyber incident response plan that he hopes will be complete and signed before the Obama administration ends, and discusses how important it is for organizations to have a cyber incident response plan in place.