Updated U.S. National Cyber Incident Response Plan Focuses on Capabilities Required to Respond to Significant Incidents

Back to all articles

incident response plan

As part of its efforts to improve the country’s cybersecurity, the U.S.Department of Homeland Security has issued an updated National Cyber Incident Response Plan, specifically highlighting three key aspects:

• Responsibilities of government agencies and private sector organizations during a cyber incident
• Core capabilities required to respond to a significant cyber incident
• Coordinating structures and integration between the federal government and affected entities

The requirements in this plan apply to various types of cyber incidents, but are especially centered around significant cyber incidents that “are likely to result in demonstrable harm to the national security interests, foreign relations or economy, or to the public confidence, civil liberties or public health and safety of the American people.”

Responsibilities and Capabilities

The plan includes a list of responsibilities and capabilities all affected entities are required with regard to with incident response. The ultimate responsibility that affected entities have during a cyber incident is to take appropriate actions to manage the impact of the incident. This includes, but is not limited to: ensuring continuation of business or operational functions, disclosure and notification of the incident in accordance with legal and regulatory requirements, protecting privacy, and managing liability risk.

As far as capabilities are concerned, they encompass the following areas: forensics and attribution, infrastructure systems, intelligence and information sharing, public information and warning, screening search and detection, as well as cybersecurity, to name a few.

How to Respond and Comply with Requirements

In order to be able to comply with the above-mentioned requirements, the best thing that covered entities could do is adopt an incident response platform that can take care of all those tasks. As an example, an organization can obtain a platform that is able to predict, detect and respond to breaches automatically, allowing them to resume operations as quickly as possible.

They can track, predict, and visualize cybersecurity incidents, accelerating the process of resolving an incident. Importantly, utilizing an incident response platform assist in reducing legal and regulatory risks, on top of managing cybersecurity events. A platform like this can provide automated incident reports, which can be beneficial when required to disclose an incident and notify authorities of it.

Another key capability of an incident response platform is that it allows controlled intelligence sharing with an organization or a community of your own choosing, which aligns with requirements in the National Cyber Incident Response Plan.

In summary; tracking digital evidence and forensic investigation are some of the critical capabilities provided by incident response platforms, which makes them an ideal solution for any entity that is required to comply with the updated National Cyber Incident Response Plan.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request Your Live IncMan SOAR Demo.

DFLabs IncMan SOAR is the pioneering Security Orchestration, Automation and Response (SOAR) platform to automate, orchestrate and measure security operations tasks.

IncMan SOAR harnesses machine learning and automation capabilities to augment human analysts to maximize the effectiveness and efficiency of security operations teams, reducing the time from breach discovery to resolution by up to 80%.

What You'll See in a Demo

See for yourself why IncMan SOAR is the preferred solution of Fortune 500, Global 2000 and MSSP clients. DFLabs IncMan SOAR at a glance:

  • Full and semi-automated Incident Response, improving response times by up to 80%
  • Covers the entire spectrum of IR and SecOps
  • Automated Responder Knowledge (ARK) generated by machine learning
  • Highly flexible and customizable, with over 100 templates and automation actions out of the box
  • Correlation engine correlates all relevant IOCs and artefacts between incidents
  • Multi-tenancy and granular role-based access
  • Dual mode playbooks and intelligence sharing
  • Powerful case management with integrated forensics capabilities.

Yes, I want a demo

DFLabs would like to stay in touch to provide you with marketing related content. By ticking the box you consent to receive educational, company and promotional information from DFLabs and accept DFLabs' Privacy Policy.

* Required fields