Planning for Significant Cyber Incidents
An Introduction for Decisionmakers
ResearchPublished Jun 27, 2022
This report is intended to inform National Critical Function stakeholders about developing actionable contingency plans. It describes contingency planning for a significant cyber incident, focusing on the importance of planning, the process of developing a plan, and options for operationalizing a plan. It summarizes the major concepts that are explored in detail in a separate how-to guide.
An Introduction for Decisionmakers
ResearchPublished Jun 27, 2022
Cyber incidents are occurring with increasing frequency, and these incidents are becoming more disruptive and costlier. Some such incidents exceed stakeholders' capacity to respond using everyday means.
The stakes are particularly high with respect to U.S. National Critical Functions (NCFs). Securing NCFs requires unity of effort within the federal government and effective collaboration and cooperation within state, local, tribal, and territorial (SLTT) governments and the private sector.
The Cybersecurity and Infrastructure Security Agency asked the Homeland Security Operational Analysis Center (HSOAC) to develop a contingency planning implementation (how-to) guide, including a contingency plan (CONPLAN) template, that NCF stakeholders could use to develop NCF-specific CONPLANs to guide their response to and efforts to mitigate the impacts of a significant cyber incident affecting their NCFs.
Summarizing key elements of the companion how-to guide, this report is intended to inform leadership and managers in NCF stakeholder organizations across government and the private sector on the purpose, components, and processes for developing an actionable CONPLAN. This report provides an overview of contingency planning for a significant cyber incident, focusing on the importance of planning, the process of developing a plan, and options for operationalizing a plan. It summarizes the major concepts that are explored in detail in the separate how-to guide.
This research was sponsored by the Cybersecurity and Infrastructure Security Agency (CISA) and conducted by the Strategy, Policy and Operations Program within the Homeland Security Operational Analysis Center.
This publication is part of the RAND research report series. Research reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND research reports undergo rigorous peer review to ensure high standards for research quality and objectivity.
RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.