Request a Demo

Fill in the form below and we will contact you shortly to organised your personalised demonstration of the Noggin platform.

The Noggin Platform

The world's leading integrated resilience workspace for risk and business continuity management, operational resilience, incident & crisis management, and security & safety operations.

Learn More
Resilience Management Buyers Guide - Thumbnail
A Resilience Management Software Buyer's Guide
Access the Guide

Who We Are

The world’s leading platform for integrated safety & security management.

Learn More

What’s the Role of Emergency Managers during a Cyber Incident?

It’s never been more important to have cybersecurity programs in place to enable quick, effective resolutions when incidents happen.

But what exactly should Emergency Managers know?

That’s what the latest guidance from FEMA clarifies. So, read on to learn more about the role of emergency managers during a cyber incident.

What has FEMA published about the role of Emergency Managers during a cyber incident?

As you may know, this isn’t exactly FEMA’s (Federal Emergency Management Agency) first foray into the subject. Back in 2021, the agency published a Comprehensive Preparedness Guide to Developing and Maintaining Emergency Operations Plans (EOP), which included some guidance on cyber incident preparedness.

Such is the cyber threat level, however, that far more was needed. As a result, FEMA teamed up with CISA (Cybersecurity and Infrastructure Agency) to put out comprehensive guidance on the planning considerations for cyber incidents.

The purpose of this guidance, which acknowledges that Emergency Managers don’t need to be technical experts on the matter, is to prepare the public safety community to engage effectively during an incident and have plans in place to address potential impacts.

This, of course, is a core emergency management responsibility. But what specific responsibilities pertain to Emergency Managers before, during, and after cyber incidents?

Emergency management roles and responsibilities during cyber incidents

The short answer is it depends. An emergency manager’s role is likely to be different in preparing for and responding to a cyber incident than it is for any other type of incident. It’s also likely to vary across agencies and jurisdictions.

Nevertheless, FEMA’s guidance does direct emergency management teams to develop a plan or annex focused on cyber incident response as well as factor cyber considerations into other EOPs.

To make these plans practicable, however, emergency managers should understand all stages of a cyber incident. What are they?

Cyber Incident Response Lifecycle

The four-phase cyber incident response lifecycle includes:

1. Preparation

Development of a clearly articulated cyber incident response plan with established points of contact.

2. Detection and analysis

Figuring out an incident has occurred and determining its severity and type.

3. Containment, eradication, and recovery

Addressing the identified incident through containment, preventing its spread and limiting its impact, eradication, removing its cause, and recovery, restoring normal operations and recovering lost or damaged data.

4. Post-incident activity

Identifying lessons learned and opportunities for improvement.

What about specific emergency management responsibilities during the incident itself? Well, cyber incidents have high spill-over potential.

As a result, one emergency management responsibility might be activating other incident plans based on the asset affected by the cyber incident, e.g., power outage plan.

From there, emergency managers will have to prioritize the resources they dispense to respond to the cyber incident, with the most likely resource being personnel.

Preparing to perform emergency management roles and responsibilities

Since cyber security might be out of an emergency manager’s technical wheelhouse, the team will have to prepare diligently.

Emergency managers should rehearse the roles and responsibilities laid out in their cyber incident response plans in highly customized scenarios and exercises.

As with other incidents, these exercises will aid the planning team in exploring contingencies, identifying gaps, validating existing plans, and ultimately determining the appropriate courses of action.

Example Emergency Manager role during a cyber incident

What might the Emergency Manager role look like in practice during a cyber incident? Again, it will depend on the nature of the disruption.

In the case of a suspected cyber attack on a water system, the Emergency Manager lead role is likely to consist of the following activities:

  • Coordinating communication to identify the scope of the incident
  • Activating the emergency operations center
  • Developing Incident Action Plans (IAPs)
  • Coordinating with cyber authorities to maintain situational awareness and reporting
  • Managing coordination of resource and support requests from responding agencies      
  • Organizing hazardous materials support to identify and secure contaminated areas      
  • Identifying the potential for cascading impacts or additional hazards following the incident
  • Tracking capability gaps and strengths for improvement planning following the incident

To get through the cyber incident lifecycle efficiently, Emergency Managers should ensure their organization has an effective emergency management software platform in place.

The right tool will keep your whole incident management team, from the Emergency Manager to untrained field staff, following the same plans, communicating on the same platform, and viewing the same operating picture.

Not sure which software capabilities to consider, though? Check out our Buyer’s Guide to Emergency Management Software to find out.

Download Emergency Management Software Buyer's Guide