CISA's Plan for NCIRP 2024

As Cybersecurity Awareness Month 2023 draws to a close, the Cybersecurity and Infrastructure Security Agency (CISA) has announced plans to update its National Cyber Incident Response Plan (NCIRP). The NCIRP serves as the nation's framework for coordinating responses to significant cyber incidents, and provides the framework for CISA’s growing partnerships with the private sector through the Joint Cyber Defense Collaborative (JCDC).

Initially published in 2016 following revisions to the 2010 Interim version, this key document outlines the division of responsibilities for threat and asset responses, as well as intelligence support, among the private sector, state, local, tribal, and territorial governments, and the federal government. Notably, the NCIRP details the coordination structures amongst these entities and the sequence of coordination following a major cyber incident. It was developed in response to Presidential Policy Directive 41 (PPD-41), United States Cyber Incident Coordination.

In light of the numerous developments in the cybersecurity threat landscape since 2016, CISA is dedicated to releasing a revamped version of the NCIRP by the end of 2024. Additionally, plans are in place to make the document more accessible to non-government stakeholders. CISA has already unveiled a fact sheet containing four guiding principles for the next NCIRP:

1. Unification: As highlighted in the FY 2024-2026 CISA Cybersecurity Strategic Plan, fostering collaboration across all levels of government, industry, and international partners is vital for achieving “a more secure future”.
2. Shared Responsibility: The updated NCIRP will enhance cooperation through a proactive, results-oriented approach to teamwork, potentially assigning specific roles within the cybersecurity network.
3. Learning from the Past: Insights from cybersecurity incidents over the previous eight years will inform the plan, with a focus on strengthening response coordination and addressing cyber vulnerabilities.
4. Keeping Pace with Evolutions in Cybersecurity: The NCIRP 2024 will establish strategies to navigate the ever-changing cybersecurity landscape more effectively, guaranteeing agility in response efforts.
   
   

CISA's collaboration with the Joint Cyber Defense Collaborative (JCDC) is integral to ensuring that the refreshed NCIRP addresses significant changes in regulations and online safety practices since the initial release. Established in August 2021, the JCDC is responsible for creating and coordinating cyber defense plans, propelling collaboration and the spread of cybersecurity information between public and private sectors, and distributing cyber defense guidelines to relevant communities. 

CISA invites any critical infrastructure organization with cybersecurity expertise to join the JCDC and more actively participate in their collaboration efforts. According to CISA, the specifics of working with the JCDC may mean different things for different organizations, but all participants will be involved in sharing and improving information, and offering insights into cybersecurity campaigns and potential threats. These expansive connections will be crucial in fostering collaboration within the updated NCIRP.

Currently in the "Planning Initiation" phase, CISA is actively seeking input from private stakeholders, state, local, tribal, and territorial (SLTT) governments, and international partners to shape the next NCIRP. After gathering diverse insights, the "Planning and Development" phase will follow, taking the inputs and producing a draft that will be open for public comment before its final publication.

As we wrap up Cybersecurity Awareness Month 2023, the approach CISA is adopting towards updating the NCIRP is not just comprehensive but also collaborative, seeking perspectives from a myriad of stakeholders, with an emphasis on unity, shared responsibility, learning from past experiences, and keeping pace with rapid cybersecurity evolutions.