7. National cyber crisis management plan
The Guide to Developing a National Cybersecurity Strategy recommends that countries should consider developing a national cybersecurity contingency plan as part of, or aligned with, the overall national contingency or crisis management plan. This plan should consider the findings of the national risk assessments, provide for disaster-recovery and incident-response mechanisms. The cybersecurity contingency plan should determine the cross-sector dependencies that could affect critical infrastructures and categorise cyber incidents based on their impact on critical assets and services.
Several African countries have Disaster Management Plans or Policies that deal with the management of natural disasters. Based on a systematic approach, these plans which may reference the Tampere Convention, provide guidelines, principles, and code of conduct for stakeholders, as well as the enactment of legislation that supports the establishment of an institutional framework. Disaster Management Plans also set out various means for resource mobilisation as well as a framework for monitoring and evaluation. These plans need to be updated to include the management of cyber incidents and the protection of critical infrastructure.
A National cyber crisis management plan can be defined as a strategic framework that articulates the roles and responsibilities, capabilities, and coordinating structures that support how a Nation responds to, and recovers from, significant cyber incidents posing risks to critical infrastructure.
It can also be defined as a strategic plan which recommends and elaborates on the actions and responsibilities for a coordinated and multidisciplinary approach to respond and recover from cybersecurity incidents of national significance impacting critical systems and the economy.
The objective of the National cyber crisis management plan are:
- To recommend and elaborate on the actions and responsibilities for a coordinated and multidisciplinary approach to respond and recover from cybersecurity incidents of national significance impacting critical systems and the economy.
- To minimise disruption of services or loss/theft of information caused by incidents.
- To use the information gained for better preparation for future handling of incidents.
Resources: National cyber crisis management plans
The National Cyber Incident Response Plan (NCIRP), USA provides guidance to enable a coordinated whole-of-Nation approach to response activities and coordination with stakeholders during a significant cyber incident impacting critical infrastructure.
Canada Cyber Security Event Management Plan provides an operational framework for the management of cybersecurity events that impact or threaten to impact the Canadian government’s ability to deliver programs and services to citizens. The plan outlines stakeholders and actions required to ensure that cybersecurity events are addressed in a consistent, coordinated, and timely fashion.
Cyber Incident Management Arrangements for the Australian Government outlines the interjurisdictional coordination arrangements, roles and responsibilities, and principles for Australian governments’ cooperation in response to national cyber incidents.
Reflection point
Based on the examples given, should your country consider developing a national cyber crisis management plan?
Prepare a justification or concept note referencing relevant strategy, policy and legislative provisions for presentation to the President or relevant government minister.