Months after it requested input from the private sector on how to improve its cybersecurity response and coordination, the Department of Homeland Security released an updated version of the National Cyber Incident Response Plan on Jan. 18.
The plan — the result of President Obama’s Presidential Policy Directive 41 to address preparedness in the wake of cyber incidents — outlines the roles and responsibilities of federal, state, local and even private stakeholders in the wake of a cyberattack.
Related: Read the plan
Secretary of Homeland Security Jeh Johnson said in a statement that the completion of the 180-day review of the plan will help strengthen the nation’s resolve to combat future cyber breaches.
"The National Cyber Incident Response Plan is based on the guiding principles of PPD 41 and does three critical things," he said.
"First, it defines the roles and responsibilities of federal, state, local, territorial and tribal entities, the private sector and international stakeholders during a cyber incident. Second, it identifies the capabilities required to respond to a significant cyber incident. And third, it describes the way the federal government will coordinate its activities with those affected by a cyber incident."
The plan outlines which entities take response leadership roles and how they coordinate efforts by forming a Cyber Unified Coordination Group, as well as how private entities can share threat indicators to warn of a cyber attack.
DHS had solicited public feedback in October for how to update the NCIRP.
Johnson stressed that the plan was not a "
tactical or operational" guide to cyberattacks, but instead a strategic framework on which stakeholders can shepherd coordination efforts.
"This common doctrine will foster unity of effort for emergency operations planning and will help those affected by cyber incidents understand how Federal departments and agencies and other national-level partners provide resources to support mitigation and recovery efforts," he said.