National Cyber Emergency Plan

 

National Cyber Emergency Plan

Introduction and Objectives

The National Cyber Emergency Plan provides a comprehensive framework to prepare for, respond to, recover from, and mitigate the impacts of large-scale cyber emergencies. This plan operates under the supervision of the National Cybersecurity Authority (NCA) as the central governance body. It ensures a unified, coordinated, and effective national responses to cyber incidents that rise to the level of a national emergency, threatening national security, the economy, public safety, or Critical National Infrastructure (CNI).

 

Scope and Applicability

This plan is applicable to government organizations in the Kingdom of Saudi Arabia (including ministries, authorities, establishments and others) and its companies and entities, as well as private sector organizations owning, operating or hosting Critical National Infrastructures (CNIs). It is activated for incidents classified as High-Risk Incidents, and for incidents classified as catastrophic incidents under the National Cyber Risk Management Framework.

 

Governance

• National Cybersecurity Authority (NCA): the lead authority for cyber emergency management.
• Each entity that falls within the scope and applicability of this framework: continuously identify the risks and report to NCA the details of any High-Risk Incidents or catastrophic incidents that they identify, and work as per NCA’s guidance to mitigate those incidents.
• National Cyber Emergency Committee: includes the relevant entities of the incidents, and it gets activates temporary per emergency by NCA.

 

Phases of Cyber Emergency Management

The plan is structured around four continuous phases:

Phase 1: Preparedness and Prevention

• Risk Management: Continuous cyber risk assessment of CNIs using NCA’s national Risk Management Framework.
• Planning: Development and maintenance of sector-specific emergency response plans, approved by NCA.
• Training and Exercises: Mandatory national-level tabletop exercises and full-scale cyber drills.
• Public Awareness: Nationwide campaigns to elevate cyber hygiene, utilizing platforms like NCA’s Hassen.

Phase 2: Detection and Declaration

• Continuous Monitoring: 24/7 monitoring of national the threat landscape.
• Incident classification: incident classification using the National Cyber Risk Management Framework.
• Emergency declaration by the National Cybersecurity Authority, this declaration immediately activities a national cyber emergency committee that includes the relevant entities of the incident.

Phase 3: Response and Containment

• Operational Strategic Guidance and support: NCA provides guidance to national entities effected by the incidents, and if support is needed, NCA provide operational support.
• Relevant Stakeholders Coordination:  Regular meetings to be held by the committee to monitor the developments and strengthen coordination between them.

Phase 4: Recovery and Restoration

• System Recovery: affected entities prioritize critical functions from validated clean backups, following NCA’s guidance.
• Post-Emergency Review: a thorough lessons-learned analysis is mandated for all emergencies.

"