The Cybersecurity and Infrastructure Security Agency (CISA) released a draft update to the National Cyber Incident Response Plan (NCIRP) on Monday, opening a public comment period that runs through January 15, 2025.
The updated plan, developed in collaboration with the Joint Cyber Defense Collaborative and the Office of the National Cyber Director, modernizes the framework for coordinated cyber incident response between government agencies and private sector organizations.
This marks the first major revision to the NCIRP since its initial release in 2016. The update addresses changes in the cybersecurity landscape and incorporates lessons learned from past incidents.
Key updates in the draft plan include:
- Clear pathways for private sector participation in incident response
- Streamlined content aligned with operational workflows
- Updated agency roles and responsibilities reflecting policy changes
- Regular schedule for future plan updates
The draft plan outlines four main response categories:
- Asset response (led by CISA)
- Threat response (managed by DOJ/FBI)
- Intelligence support (overseen by ODNI)
- Affected entity response (varies by organization)
"Today's increasingly complex threat environment demands that we have a seamless, agile, and effective incident response framework," said CISA Director Jen Easterly in a statement.
Over 150 cyber experts from 66 organizations contributed to developing the draft through extensive consultations and public listening sessions. While not intended as a step-by-step manual, the plan aims to provide clear coordination mechanisms for cyber incidents requiring cross-sector collaboration.
The update fulfills requirements laid out in President Biden's 2023 National Cybersecurity Strategy. CISA encourages cybersecurity professionals, incident response stakeholders, and the public to submit feedback through the Federal Register by the January deadline.