The Cybersecurity and Infrastructure Security Agency (CISA) is leading an effort to update the National Cyber Incident Response Plan (NCIRP) by the end of 2024, as directed in the Biden administration’s National Cybersecurity Strategy released earlier this year.
CISA, in close coordination with the Office of the National Cyber Director (ONCD), is embarking on a process to gather input from public and private sector partners – including the Federal interagency, sector risk management agencies, regulators, and critical infrastructure organizations – to identify key changes for incorporation into the updated NCIRP.
In 2016, the NCIRP was published to provide a framework for significant cyber incident coordination. “A lot has changed over the past eight years, including across the cyber threat landscape and the cyber defense ecosystem, and the NCIRP must evolve accordingly,” CISA’s Oct. 20 fact sheet says. CISA is leading the effort to update the NCIRP to provide a “modern, agile, flexible framework to enable coherent and repeatable national incident response across the federal government, private sector, and other key partners.”
“Over the past seven years, the cybersecurity landscape has changed dramatically, and our doctrine around cyber incident response and coordination must evolve as well,” said Eric Goldstein, CISA’s executive assistant director. “Our approach to update the NCIRP will be grounded in transparency and collaboration, recognizing that the private sector is often the first responder to many cyber incidents and that adversary campaigns increasingly transcend national borders.”
“Our goal is for the NCIRP to provide an agile, actionable framework that can be actively used by every organization involved in cyber incident response to ensure coherent coordination that matches the pace of our adversaries,” he continued. “The success of this effort depends on the involvement of our partners – our output will only be as good as our input. Through our shared efforts, we will build a new NCRIP that helps our nation and our allies more effectively respond to and recover from cyber incidents in a manner that reduces harm to every possible victim,” Goldstein said.
As the nation’s cyber defense agency and the national coordinator for critical infrastructure security, CISA said it will ensure that NCIRP 2024 is grounded in four principles:
- Unification;
- Shared responsibility;
- Learning from the past; and
- Keeping pace with evolutions in cybersecurity.
The NCIRP 2024 planning initiative is part of CISA’s Joint Cyber Defense Collaborative (JCDC) Planning Agenda, bringing together government and the private sector to execute cyber defense plans that achieve specific risk reduction goals and enable more focused collaboration.
“Achieving the vision set forth in the President’s National Cybersecurity Strategy, which includes shifting the burden and responsibility away from small organizations and onto those more capable actors, requires us – the federal government and our largest private sector partners – to be collaborative, agile and responsive to the evolving threat landscape. Working to improve the National Cyber Incident Response Plan is vital to that effort,” said Federal Chief Information Security Officer Chris DeRusha.