CISA Opens Public Comment Period for Revised National Cyber Incident Response Plan

Introduction

The Cybersecurity and Infrastructure Security Agency (CISA) has opened a public comment period for the revised draft of the National Cyber Incident Response Plan (NCIRP) [7], marking its first update since 2016. This revision [7] [11], developed with the Joint Cyber Defense Collaborative (JCDC) and the Office of the National Cyber Director (ONCD) [1] [6] [7] [10], aligns with the Biden administration’s 2023 National Cybersecurity Strategy [7], addressing significant changes in cybersecurity procedures and policies.

Description

The Cybersecurity and Infrastructure Security Agency (CISA) has initiated a month-long public comment period for its updated draft of the National Cyber Incident Response Plan (NCIRP) [7], marking the first revision since its original publication in 2016. This update [1] [5] [6] [7] [8] [9] [10] [11] [12], developed in collaboration with the Joint Cyber Defense Collaborative (JCDC) and the Office of the National Cyber Director (ONCD) [1] [6] [7] [10], addresses significant procedural and policy changes in cybersecurity prompted by the Biden administration’s 2023 National Cybersecurity Strategy. It acknowledges the evolving cybersecurity landscape and the establishment of CISA in 2018, aiming to provide an agile and actionable framework for coordinated responses to significant cyber incidents that could disrupt public health, national security [5] [7] [10] [11] [12], and economic stability [11].

The draft emphasizes the critical roles of federal [1], state [1] [2] [5] [7] [8] [12], and private sector organizations during cyber incidents [5], integrating non-federal stakeholders into the incident response process [8]. It clarifies roles at all levels and highlights the importance of engagement with law enforcement and sector risk management agencies. CISA Director Jen Easterly has underscored the need for a seamless and effective incident response framework in today’s complex threat environment [6]. The update aims to streamline coordination efforts and provide a practical roadmap for collaboration between government and industry, rather than serving as a detailed instruction manual for response efforts [5].

CISA is inviting public feedback on the draft until January 15, 2025 [5], with comments collected via the Federal Register under docket number CISA-2024-0037 [12]. This revision incorporates extensive stakeholder engagement and lessons learned from recent years, including insights from over 150 cyber experts across 66 organizations and feedback from three public listening sessions attended by over 100 participants each. The NCIRP Update aims to enhance understanding among private-sector organizations regarding their coordination with the government following a cyber-attack [6].

The draft outlines four key areas of focus throughout the cyber incident response lifecycle: Asset Response, Threat Response [4] [7] [8] [10], Intelligence Support [4] [7] [8] [10], and Affected Entity Response [4] [7] [8] [10]. CISA will lead asset response efforts [7], while the Office of the Director of National Intelligence (ODNI) will manage intelligence support [4] [7], and federal law enforcement agencies [7], including the Department of Justice and FBI [7], will handle threat response [7]. Each area is assigned specific coordination responsibilities [4] [7], detailing key activities and decisions during incident detection and response phases [7], as well as recommended post-incident measures [7].

Key enhancements in the draft include a more organized content structure aligned with an operational lifecycle for improved usability, updated roles and responsibilities reflecting recent legislative and policy changes [8], and a predictable timeline for future updates to the NCIRP [3]. Additionally, CISA plans to implement a rule requiring critical infrastructure organizations to report significant cyber incidents [11], ensuring that agencies lead their responses in alignment with the NCIRP.

The planning team for this update has conducted ten working sessions focusing on stakeholder roles, coordination mechanisms [4] [5] [8] [10] [12], and information sharing [12]. The draft reflects the demands of a complex threat environment [10], including recent cyber threats from China-connected groups targeting US critical infrastructure [11], such as the “Volt Typhoon” and “Salt Typhoon” attacks [11]. The draft NCIRP Update and additional resources are available on the NCIRP webpage [12]. The public comment period will officially commence on December 16, 2024, inviting stakeholders from both public and private sectors to review the draft update and provide their feedback [9].

Conclusion

The revised NCIRP draft represents a significant step forward in enhancing the United States’ cybersecurity posture. By incorporating feedback from a wide range of stakeholders and addressing recent cyber threats, the plan aims to create a more resilient and coordinated response framework. The emphasis on collaboration between government and private sectors [3] [10], along with the integration of non-federal stakeholders, is expected to improve the nation’s ability to mitigate and respond to cyber incidents effectively. As the public comment period progresses, further refinements will likely strengthen the plan, ensuring it remains relevant and effective in the face of evolving cyber threats.

References

You may also want to see:

Southampton UK