State Methods for a Cyber Incident
Abstract
The National Cyber Incident Response Plan stipulates the state homeland security advisor as the contact point for a significant cyber incident. But this may not be the most effective method of response because the state homeland security advisors are not domain experts for cyberspace. A questionnaire was sent to state chief information officers and/or state chief information security officers to determine current capability and procedures for responding to a national cybersecurity incident. Nineteen states replied with 227 responses relating to information sharing between states and the federal government; use of established cybersecurity event and response definitions, coordination and control mechanisms, and terms; use of risk-based approaches to cyber incident planning, including remediation based on workflows and procedures; establishment of thresholds when predefined boundaries are crossed; and instigation of varying courses of action. As a result of the survey, the author recommends increasing knowledge and information flow between state and federal agencies regarding national cyber incidents; the establishment of regional cybersecurity hubs throughout the nation; and the creation of a national cyber incident teleconferencing network and prearranged protocols for situational awareness and communication of courses of action following a cybersecurity incident.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2012
- Accession Number
- ADA579645
Entities
People
- Michael R. Mulligan
Organizations
- Naval Postgraduate School