A Survey on National Cyber Emergency Plans

Operators of Essential services (OESs) and Critical infrastructures (CIs), whether private companies or public organizations are going through a digital transformation to pace with the evolution of technology and to bring better services to customers and countries’ citizens. Operational Technology (OT) systems like Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS) used to control and monitor functions in such infrastructures are converging with Information Technology (IT) environments. This convergence has exposed infrastructures to new cyber risks. For this reason, EU Member States have been trying to build resilience against cyber-attacks to ensure the stable operation of their states. Several countries have established cybersecurity incident response procedures as well as steps or phases of response before, during, and after a cyber incident. The sum of these procedures and guidelines constitutes their national cyber emergency plans (NCEPs). Still, these NCEPs differ widely in their approaches. These differences manifest as both managerial, governmental, legal, and technical, creating a complex environment worldwide. In this paper, we gather four major NCEPs worldwide to analyze and compare them with prominent standards and industry guidelines in cybersecurity, like the ISO 27001 and NIST 800 series. We investigate NCEP approaches to building cyber resilience based on their response models, their involved entities, the cooperation between agencies and other countries, and their risk-based categorization for cyber incidents. We elaborate on their differences, potential issues and divergences and argue whether these plans can be combined to bridge potential weaknesses. We selected and surveyed four (4) cyber emergency plans from four (4) countries that are frequent targets of cyber-attacks and have long experience in managing and responding to cyber incidents.