Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

CISA Releases Draft of National Cyber Incident Response Plan

The draft of the long-awaited update to the NCIRP outlines the efforts, mechanisms, involved parties, and decisions the US government will use in response to a large-scale cyber incident.

Jennifer Lawinski, Contributing Writer

December 19, 2024

2 Min Read
Three wooden figures representing people in front of a whiteboard
Source: Andrii Yalansky via Alamy Stock Photo

NEWS BRIEF

The United States Cybersecurity and Infrastructure Security Agency (CISA) has released a draft version of the National Cyber Incident Response Plan (NCIRP), outlining how public and private sector organizations should handle significant cyber incidents.The public comment period ends Jan. 15, 2025.

The plan outlines the roles that private, state, local, and tribal governments and federal agencies should play in responding to incidents, and describes how they should work together on integrated responses. The guidance was formulated after an analysis of real-world incidents, training exercises, and updates to statute and policy, CISA said. 

NCIRP defines cyber incidents as events over a network that involve exploitable vulnerabilities, security procedures, internal controls, or implementations, and which impact computers, communication systems or networks, physical infrastructure, or information. Significant cyber incidents refer to events that result in "demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people."

The draft updates the original version published in 2016. The White House’s 2023 National Cybersecurity Strategy urged to update the plan since the cybersecurity landscape and national response ecosystem have "changed dramatically."

The NCIRP is not intended to be a step-by-step instruction manual for incident response, but rather a structure that "responders can use to shape their efforts and maximize both efficiency and coordination," CISA said.

The four lines of effort outlined in the NCIRP are: Asset Response, Threat Response, Intelligence Support, and Affected Entity Response. It also incorporates coordination mechanisms, key decision points, and offers guidance on prioritization. It outlines both a Detection phase of an incident, which encompasses monitoring, analysis and detection, and a Response phase on how to contain, eradicate, and recover from incidents. 

"While voluntary for all stakeholders outside the federal government, CISA encourages private sector, SLTT government, and all other non-federal stakeholders to review the NCIRP to understand how the U.S. government will partner with them in cyber incident response," CISA said.

Read more about:

News Briefs

About the Author

Jennifer Lawinski

Jennifer Lawinski

Contributing Writer

Jennifer Lawinski is a writer and editor with more than 20 years experience in media, covering a wide range of topics including business, news, culture, science, technology and cybersecurity. After earning a Master's degree in Journalism from Boston University, she started her career as a beat reporter for The Daily News of Newburyport. She has since written for a variety of publications including CNN, Fox News, Tech Target, CRN, CIO Insight, MSN News and Live Science. She lives in Brooklyn with her partner and two cats.

See more from Jennifer Lawinski
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Latest Articles in The Edge
Read More The Edge