The federal government has not yet finalized a six-year-old draft plan outlining how governments should respond to major cyberattacks, and state CIOs and cybersecurity officials are pressing the government to act on it, reports The Wall Street Journal.
In 2009, the Department of Homeland Security drafted the National Cyber Incident Response Plan, which outlines coordinated efforts between federal, state and local officials in the event of a cyberattack that disrupts power grids, major communication systems, transportation systems and other major targets. An interim draft of the plan was released in March 2010, but is not approved.
"Developing and finalizing this plan needs to be a priority," Rep. Dan Donovan (R-N.Y.), chair of the subcommittee on emergency preparedness, response and communication, told WSJ.
Rep. John Ratcliffe (R-Texas), chair of the subcommittee on cybersecurity, infrastructure protection and security technologies, told WSJ that cyberthreats are too large and too looming to delay finalizing the plan any longer. "As fast as bad actors are moving in cyberspace, we have to be constantly moving faster to stay ahead of them," he said. "While six years is entirely too long for any type of response plan to sit on a shelf in the White House, it is especially dangerous in the case of cyber."
More articles on cybersecurity:
Hospitals cannot prevent cyberattacks, but they can protect patient data
After employee cybersecurity negligence, how do organizations respond?
Managing insider cybersecurity risk: 5 key findings