The U.S. Cybersecurity and Infrastructure Agency (CISA) has released a draft update to its National Cyber Incident Response Plan (NCIRP), responding to significant policy and operational changes since the plan’s initial release in 2016. The update aims to enhance coordination among federal, state, and private sector entities in addressing cyber incidents.
“Today’s increasingly complex threat environment demands that we have a seamless, agile, and effective incident response framework,” said CISA Director Jen Easterly. “This draft NCIRP Update leverages the lessons learned over the past several years to achieve a deeper unity of effort between the government and the private sector. We encourage public comment and feedback to help us ensure its maximum effectiveness.”
CISA updates national cyber incident response plan for collaboration
The NCIRP provides a strategic framework for a coordinated response across four key areas: asset response, threat response, intelligence support, and affected entity response. The draft update emphasizes integrating non-federal stakeholders into the incident response process, clarifying roles and responsibilities aligned with recent legislative and policy changes. Key leadership roles of CISA, the Department of Justice, and the Office of the Director of National Intelligence are defined more clearly in the draft.
CISA’s proposed changes also include organizing the plan around specific phases of incident response—preparation, detection, mitigation, and recovery—to facilitate easier navigation and implementation. Additionally, the agency suggests a structured timeline for regular updates to the NCIRP, ensuring it adapts to evolving cyber threats and technological advancements.
Cybersecurity experts have reacted positively to the proposed revisions. Gabrielle Hempel, a customer solutions engineer at Exabeam Inc., remarked that the update is overdue, noting the necessity for regular updates in a rapidly changing technological landscape. She is optimistic about the clarity in the defined lines of effort but cautions that complexity could arise due to the multifaceted nature of cyber incidents and the varied parties involved.
Best practices for preparing your organization for cybersecurity incidents
Throughout 2024, CISA issued 2,131 pre-ransomware notifications, nearly double the amount from 2023. The agency also released about 1,300 cyber defense alerts and advisories via the Joint Cyber Defense Collaborative during the fiscal year, which included 58 joint advisories with international partners. CISA Director Jen Easterly highlighted the agency’s unwavering commitment to reducing risks to U.S. infrastructure while working collaboratively with industry, state, local officials, and election stakeholders.
Despite these proactive measures, significant challenges remain within critical infrastructure, as malicious cyber activity continues to rise. The agency’s annual review shows persistent security challenges facing enterprises, emphasizing the need for reinforced defenses. CISA’s efforts signal a proactive stance in safeguarding against a growing wave of cyber threats. In light of this, the agency acknowledges that more extensive collaboration and communication across sectors are necessary to combat the ongoing cyber risks.
As CISA prepares for a leadership transition, Easterly plans to step down upon the inauguration of President-elect Donald Trump. The next director will manage operations from CISA’s new $524 million headquarters in Washington, set for completion in 2027. This shift may allow incoming leadership to further refine cybersecurity strategies and bolster defenses against persistent threats.
Amid these developments, CISA has introduced a “secure-by-design” pledge initiated in May, encouraging technology vendors to shift security responsibilities. Over 250 technology companies have signed the voluntary pledge, indicating a collective acknowledgment of the need for enhanced security measures in the industry.
Featured image credit: Jason Dent/Unsplash
