Incident Annexes - Cyber - Copy

Owned by Wayne Martin
Apr 18, 2022
2 min read

Incident Annexes – Cyber

________________________________________________

 

Purpose

 

The purpose of the Cyber Incident Annex is to outline the policies, organization, actions. and responsibilities for a coordinated, broad-based approach to incidents requiring coordinated response that are induced by cyber means or have cyber effects. A physical attack on cyber infrastructure is covered by ESF #2 – Communications.

 

Scope

 

This annex focuses on responding to and recovering from cyber incidents. This requires a coordinated response to incidents that impact mission-critical functions and/or threaten public health or safety, undermine public confidence, and have a debilitating effect on the national economy, or diminish the security posture of the nation. A cyber incident is induced directly through cyber means with cyber or physical results that:

 

Cause or are likely to cause, harm to mission-critical functions and services across the public and private sectors by impairing the confidentiality, integrity, or availability of electronic information, information systems, services, or networks; and/or

 

Threaten public health or safety, undermine public confidence, have a negative effect on the national economy, or diminish the security posture of the Nation.

 

Such an incident would likely affect communications and/or computing services in at least one and possibly several metropolitan areas and/or States. It may involve multiple communications service providers and/or information technology products and applications, resulting in a degradation of the ability of other essential infrastructures to function. Such an outage would have an impact on the availability and integrity of communication and computing services for at least a significant portion of a business day or longer.

 

This annex describes the specialized application of the National Response Framework to a Cyber Incident. When a Cyber Incident occurs, it could impact multiple infrastructure sectors or be targeted at a specific sector such as finance, energy, or communications. A Cyber Incident may result in the activation of all Emergency Support Functions (ESFs) under the National Response Framework as appropriate.

 

 

Concept of Operations

 

A Cyber Incident may overwhelm government and/or private-sector resources by disrupting the Internet and/or taxing critical infrastructure information systems. Complications from a Cyber Incident may threaten public health or safety, undermine public confidence, have a debilitating effect on the national economy or diminish the security posture of the nation. Rapid identification, information exchange, investigation, a coordinated response, and remediation often can mitigate the damage that could be caused by this type of incident. This includes:

 

Coordinating cyber response and recovery efforts.

 

Providing alerts and notification of potential cyber threats, incidents, and attacks.

 

Sharing information both inside the government and with the private sector, including best practices, incident response, and incident mitigation.

 

Analyzing cyber vulnerabilities, exploits, and attack methods.

 

Providing technical assistance.

 

Defending against the attack.

 

These activities are the product of, and require, a concerted effort by Federal, State, tribal, and local governments, as well as non-governmental entities, such as the private sector and academia. In order to support the objectives of this annex, ESF #2 may be activated to assist in providing an operational response structure, fiduciary mechanisms, and reporting capabilities to effectively respond to a Cyber Incident.