Feds unveil emergency response framework

Federal government response to a major cyber attack or outage would be split into two parts, depending on whether the incident affects primarily physical or virtual assets, according to the draft version of the National Response Framework released yesterday by the Homeland Security Department.

The framework is composed of an 84-page central document outlining federal, state and local roles in emergency response plus more than 20 annexes covering such topics as firefighting, search and rescue, public works, public health, logistical systems and cyber incidents.

For contractors, the framework can be a guide to the priorities and initiatives that federal, state and local agencies should be putting into place to improve their ability to respond to some form of national or regional incident, such as a natural disaster or a major cyberattack.

A cyber incident that significantly impacts the operation of the Internet and critical information technology systems would be handled by Homeland Security's Office of Cybersecurity and Communications, which oversees the National Cyber Security Division and the U.S. Computer Emergency Readiness Team.

The coordination of those federal units in responding to the attack or outage is described in an eight-page Cyber Incident Annex. Those events are defined as harming or threatening to harm mission-critical systems and jeopardizing public safety, health and confidence, or the economy or national security.

However, "a physical attack on cyber infrastructure" is to be handled differently, according to the framework. In such a case, the federal response is described in Emergency Support Function Annex No. 2 ? Communications. The National Communications System would be in charge of restoration and recovery of communications assets, with support from the national cybersecurity division.

The two annexes describe coordination of federal agencies, depending on the type of attack and severity of cyber and physical effects. The lead agency role will be determined based on the type of incident and its impact.

"Emergency Support Function No. 2 also addresses cybersecurity issues that result from or occur in conjunction with incidents. However, for incidents that are primarily cyber in nature, the Cyber Incident Annex is used and ESF No. 2 supports responses to cyber incidents as directed," states the emergency support annex.

The framework also describes private-sector roles in cybersecurity and outlines the ways in which military agencies may be involved. For example, military operational units are trained to defend the Defense Department's global information grid, the framework said.