The Cybersecurity and Infrastructure Security Agency (CISA) today unveiled a draft update of its National Cyber Incident Response Plan (NCIRP), which was first published in 2016, and is seeking public comment on the draft through mid-January.
The NCIRP is the nation’s strategic framework for coordinated response to cyber incidents along four lines of effort: Asset Response, Threat Response, Intelligence Support, and Affected Entity Response, CISA said.
“It includes coordination mechanisms, key decision points, and priority activities across the cyber incident response lifecycle,” CISA said in a press release today. “The NCIRP also identifies structures that response stakeholders should leverage to coordinate cyber incidents requiring cross-sector, public-private, or federal coordination; however, it is not meant to be a step-by-step instruction manual.”
CISA Executive Assistant Director for Cybersecurity Jeff Greene told reporters today that the NCIRP update was led by the Joint Cyber Defense Collaborative (JCDC), in close coordination with the Office of the National Cyber Director (ONCD), and addresses “significant changes in policy and cyber operations” since NCIRP was first released eight years ago.
“We worked extensively with our government and industry partners to provide what we hope is an agile, actionable, updated framework that will provide coherent coordination that matches the pace of our adversaries and applicable methods for how to engage with us,” Greene said.
Key updates in the NCIRP draft include:
- A defined path for non-Federal stakeholders to participate in coordination of cyber incident response;
- Improved usability by streamlining content and aligning to an operational lifecycle;
- Relevant legal and policy changes impacting agency roles and responsibilities; and
- A predictable cycle for future updates of the NCIRP.
Greene said CISA brought together more than 150 experts from 66 organizations across the cybersecurity community – many of whom are JCDC partners – to put together the draft NCIRP update. CISA hosted three public listening sessions that provided “really informative and beneficial feedback, and we’ve been able to incorporate those stakeholder perspectives,” Greene said.
“Today’s increasingly complex threat environment demands that we have a seamless, agile, and effective incident response framework,” CISA Director Jen Easterly said in a statement. “This draft NCIRP Update leverages the lessons learned over the past several years to achieve a deeper unity of effort between the government and the private sector. We encourage public comment and feedback to help us ensure its maximum effectiveness.”
The update to the NCIRP was required by President Biden’s 2023 National Cybersecurity Strategy. Public comments on the draft document will be accepted until Jan. 15.
