National Cyber Incident Response Plan Coming

In wide ranging testimony before the Senate Judiciary Committee on Tuesday, some of the federal government's top cybersecurity authorities said that the status quo in federal cybersecurity is not sufficient. They discussed plans to improve cyber defenses, including a new comprehensive National Cyber Incident Response Plan to delineate duties in case of a major cyber attack.

"There is a comprehensive strategy, but it's not a one-pronged strategy," said Philip Reitinger, deputy under secretary of the national protection and programs directorate and director of the National Cyber Security Center at the Department of Homeland Security. "There's no silver bullet. Broadly, we need to up our defensive game."

DHS is leading an inter-agency initiative to create a National Cyber Incident Response plan that should be cpmpleted by December or January, and will be tested during next September's annual Cyber Storm exercise, Reitinger said.

The plan will aim to provide federal agencies, state and local governments, and the private sector with clear roles and responsibilities in case of a major attack. Reitinger gave assurances that the private sector has been consulted.

The Department of Homeland Security has recently taken a strong central role in cybersecurity, particularly in protecting civilian federal IT infrastructure and coordinating cooperation with the private sector to secure the nation's critical infrastructure. In his testimony, Reitinger laid out a number of the agency's plans, including growing DHS' cybersecurity staff by more than 50%.

For example, DHS is architecting Einstein 3, an intrusion prevention system, for use in federal networks (Einstein 1 is a network flow monitoring system, and Einstein 2 is an intrusion detection system). "This more robust version of Einstein would provide the federal government with early warnings, enhanced situational awareness, the ability to automatically detect malicious activity, and the capability to prevent malicious intrusions before harm is done," Reitinger said.

Reitinger noted a number of other efforts as well, including the development of a supply chain risk management framework, consolidation of agencies' external Internet connections, the ramp up of a national cybersecurity center, the launch of an incident response facility this month, and the beginning of a pilot project to share more information on cyber attacks with the financial sector.

The FBI, meanwhile, is continuing to grow its large core of "cyber-trained" investigators, said Steven Chabinsky, deputy assistant director within the FBI's cyber division. Currently, more than 2,000 Special Agents have received specialized cyber training, and more than 1,000 are trained to deal with the most sophisticated investigations. In the last fiscal year alone, the FBI sent out more than 1,800 cyber intelligence reports and analytics reports to the intelligence community, military and Department of Homeland Security.

The FBI is also increasing its collaboration with the private sector. Earlier this year, for example, it worked with the financial services industry to forge a set of best practices for preventing fraud in Automated Clearing House transactions.

None of the government officials would say that they are satisfied with the existing legal structure for combating cyber attacks, and Associate deputy attorney general James Baker explicitly said he wasn't satisfied. The Department of Justice and other agencies are in the midst of debating whether to propose changes to the legal regime, and if so, how to do so.

"We don’t want to make mistakes because this is a very complicated area," Baker said. "There are many statutes you have to consider, but also foreign law. We are very cognizant of the need to review these authorities very closely."

DHS is also involved in policy discussions, including helping to develop the right international framework for responding to state-sponsored cyber attacks. "We need closer relationships with allies," Reitinger said.

InformationWeek Analytics has published a guide to the Open Government Directive and what it means for federal CIOs. Download the report here (registration required).