The New York Cyber Task Force issued a report that lays out steps for the national cyber director established by a defense policy law enacted late last year, including setting new federal priorities and creating contingency plans.
The report released Friday includes “recommendations to create an effective, whole-of-nation approach to enable enhanced cyber readiness through operational collaboration. At their core, these recommendations focus on establishing a public-private network of empowered nodes to provide effective crisis response to strategic cyber contingencies.” The task force includes tech industry leaders, security analysts and former government officials such as Obama cyber advisor Michael Daniel.
The report says, “The NYCTF sees the development of this network as a fundamental step in enhancing cyber readiness. We hope to build on the momentum created by the inclusion of key operational collaboration measures in the recent Solarium Commission Report and the 2021 National Defense Authorization Act (NDAA), as well as actions taken at the state and municipal levels and by the private sector. The United States must undertake a focused, urgent cyber readiness effort through improved operational collaboration now.”
The NYCTF was created in 2017 and is located at Columbia University’s School of International and Public Affairs. The task force sought input from cyber leaders at think tanks including Atlantic Council’s Erica Borghard and Trey Herr, Aspen Institute’s David Forscey, Center for New American Security’s Elsa Kania Adam Segal from Council of Foreign Relations, and Cyber Threat Alliance CEO Daniel who served in the Obama White House.
Business executives from Facebook, Goldman Sachs, JP Morgan Chase, Bank of America, KPMG, Microsoft and Google also participated in the task force’s work.
The report says, “The NYCTF certainly acknowledges the central role both the Executive Branch and the Congress will play. The NYCTF consciously decided not to analyze missions and recommend specific roles and responsibilities within the Federal Executive Branch. Instead, we focused on providing recommendations with a whole-of-nation perspective. The NYCTF does strongly support the establishment of a National Cyber Director and corresponding Office of the National Cyber Director (ONCD) -- mandated in the 2021 National Defense Authorization Act -- and we see the ONCD as the enabling organization for some of our recommendations.”
The task force wants “the Office of the National Cyber Director to work with all stakeholders at Federal, state, and local levels and including the private sector to establish a program to identify a prioritized set of national cyber crisis contingencies (NCCCs).”
Those contingencies are:
- Guide selection of the organizations, communications, and responsibilities within the National Cyber Response Network (NCRN);
- Establish criteria for situational awareness by the NCRN in event of these NCCCs, based on potential impacts and risks, including the effect of an attack’s scale, duration, and severity;
- Focus planning and exercise activities by the NCRN and the associated NCRN nodes leveraging public and private sources of information regarding adversary intentions and capabilities;
- Provide criteria for assessing the readiness of the NCRN;
- Establish a program to ensure the NCCCs are up to date and that findings from assessments are used to drive operational and budgeting priorities;
- Provide the basis for exercises of the NCRN.
The report also makes recommendations for how the NCRN should work, including on the establishment of a “national cyber readiness framework” and development of “public-private training and exercise programs that will build proficiency in managing cyber crisis response operations.” -- Sara Friedman (firstname.lastname@example.org)