Feds unveil emergency response framework

Draft plan spells out federal, state and local priorities

Federal government response to a major cyber attack or outage would be split into two parts, depending on whether the incident affects primarily physical or virtual assets, according to the draft version of the National Response Framework released yesterday by the Homeland Security Department.

The framework is composed of an 84-page central document outlining federal, state and local roles in emergency response plus more than 20 annexes covering such topics as firefighting, search and rescue, public works, public health, logistical systems and cyber incidents.

For contractors, the framework can be a guide to the priorities and initiatives that federal, state and local agencies should be putting into place to improve their ability to respond to some form of national or regional incident, such as a natural disaster or a major cyberattack.

A cyber incident that significantly impacts the operation of the Internet and critical information technology systems would be handled by Homeland Security's Office of Cybersecurity and Communications, which oversees the National Cyber Security Division and the U.S. Computer Emergency Readiness Team.

The coordination of those federal units in responding to the attack or outage is described in an eight-page Cyber Incident Annex. Those events are defined as harming or threatening to harm mission-critical systems and jeopardizing public safety, health and confidence, or the economy or national security.

However, "a physical attack on cyber infrastructure" is to be handled differently, according to the framework. In such a case, the federal response is described in Emergency Support Function Annex No. 2 ? Communications. The National Communications System would be in charge of restoration and recovery of communications assets, with support from the national cybersecurity division.

The two annexes describe coordination of federal agencies, depending on the type of attack and severity of cyber and physical effects. The lead agency role will be determined based on the type of incident and its impact.

"Emergency Support Function No. 2 also addresses cybersecurity issues that result from or occur in conjunction with incidents. However, for incidents that are primarily cyber in nature, the Cyber Incident Annex is used and ESF No. 2 supports responses to cyber incidents as directed," states the emergency support annex.

The framework also describes private-sector roles in cybersecurity and outlines the ways in which military agencies may be involved. For example, military operational units are trained to defend the Defense Department's global information grid, the framework said.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close
SEARCH
contracts DB

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Read More

  • Is SBA MIA on contractor fraud? Nick Wakeman

    Editor Nick Wakeman explores the puzzle of why SBA has been so silent on the latest contractor fraud scandal when it has been so quick to act in other cases. Read More

Webcasts

  • How Do You Support the Project Lifecycle?

    How do best-in-class project-based companies create and actively mature successful organizations? They find the right mix of people, processes and tools that enable them to effectively manage the project lifecycle. REGISTER for this webinar to hear how properly managing the cycle of capture, bid, accounting, execution, IPM and analysis will allow you to better manage your programs to stay on scope, schedule and budget. Learn More!

  • Sequestration, LPTA and the Top 100

    Join Washington Technology’s Editor-in-Chief Nick Wakeman as he analyzes the annual Top 100 list and reveals critical insights into how market trends have impacted its composition. You'll learn what movements of individual companies means and how the market overall is being impacted by the current budget environment, how the Top 100 rankings reflect the major trends in the market today and how the biggest companies in the market are adapting to today’s competitive environment. Learn More!