Revised National Cyber Incident Response Plan for Public Comment

Expanded collaboration that included engagements and information exchange helped inform this revision

Today, the Cybersecurity and Infrastructure Security Agency (CISA) is proud to announce the release and request for public comment on the draft National Cyber Incident Response Plan Update, developed in close partnership with Office of the National Cyber Director. CISA invites stakeholders from across public and private sectors to share their perspective, inform our findings, and contribute to this revision. On the Federal Register, public comments will be accepted until January 15, 2025. 

Working towards our goal to provide an agile, actionable framework to ensure coherent coordination that matches the pace of our adversaries, this draft includes key updates: 

• A defined path for non-federal stakeholders to participate in coordination of cyber incident response;
• Improved usability by streamlining content and aligning to an operational lifecycle;
• Relevant legal and policy changes impacting agency roles and responsibilities; and 
• A predictable cycle for future updates of the NCIRP.

Background

In October 2023, CISA announced its collaborative effort to update the NCIRP, as directed by the 2023 National Cybersecurity Strategy. The goal is to ensure that the 2024 update process captures the significant evolution of the cybersecurity landscape since 2016. Additionally, CISA wanted to ensure it includes fresh perspectives and sets out an updated approach for addressing real-world national incident response and collaboration. 

Engagement – Information Exchange

Since CISA launched the effort last fall, the core planning team has brought together more than 150 experts from 66 distinct organizations across the cybersecurity community, including Joint Cyber Defense Collaborative (JCDC) participants, to represent the broad and diverse critical infrastructure community. The core planning team, which includes representation from federal, state, local, tribal and territorial (SLTT) government partners; private sector owners and operators; and sector coordinating councils have held ten working sessions. These sessions addressed themes including roles and responsibilities of various stakeholder groups in national incident response, existing coordination mechanisms and alignment to national-level doctrine, as well as information sharing to support decision-making throughout the lifecycle of an incident. 

Additionally, CISA hosted three public listening sessions that proved very informative and beneficial in our quest to gather and incorporate stakeholder perspectives. In each session, more than 100 attendees tuned in to learn about the NCIRP Update development process and provide input on topics ranging from the role of SLTT entities in cyber response to CISA’s plans for implementation following the release of NCIRP. 

Lastly, CISA published newsletters with regular updates on the planning effort.  

Send Your Insights

The draft NCIRP Update reflects the evolution in the cybersecurity landscape and lessons learned from historical incidents. It also encapsulates the critical role the diverse critical infrastructure community plays in national incident response and the efficiencies to be had through deeper unity of effort. 

More perspectives will help us further strengthen the final NCIRP. You will find the draft NCIRP Update along with other resources on NCIRP webpage. Please post your comments on the  Federal Register: Request for Comment on National Cyber Incident Response Plan Update, docket number CISA-2024-0037.