The Cybersecurity and Infrastructure Security Agency is out with an updated national cyber incident response plan that CISA officials say represents an “accessible” and “practical” roadmap for agencies and industry to work together on major cyber events.

CISA publishes the draft NCIRP update today along with a notice in the Federal Register. Comments on the new plan are due by Jan. 15.

It’s the first update to the national cyber incident response plan since 2016. The cyber agency has spent the past year working on the update at the direction of the Biden administration’s National Cyber Strategy.

The new plan is intended to account for cyber threats that have evolved and grown over the past eight years, as well as new government roles, as well. CISA, for instance, was created in 2018.

Jeff Greene, CISA’s executive assistant director for cybersecurity, said the agency’s Joint Cyber Defense Collaborative led development of the new plan. The JCDC is composed of both federal agencies and private industry, with the goal of working more closely together to combat major cyber threats.

Greene said more than 150 experts from 66 organizations across government and industry worked to develop an “accessible and practical” incident response plan.

“We work extensively with our government and industry partners to provide what we hope is an agile, actionable, updated framework that will provide coherent coordination that matches the pace of our adversaries and a predictable method for how to engage with us,” Greene told reporters today.

The document lays out how the government will respond to cyber incidents that rise to the level of potentially impacting public health and safety, national security, economic security, or other national-level effects.

In addition to accounting for the creation of CISA, the updated plan includes a “defined path,” Greene said, for how non-federal entities can engage with the government to plan for and respond to cyber incidents.

The document recommends engaging with the JCDC, reaching out to CISA’s regional staff, getting to know law enforcement agents, and working with relevant sector risk management agencies, SRMAs, that oversee different critical infrastructure sectors.

Meanwhile, CISA next year is expected to finalize a new rule that will require many critical infrastructure organizations to report significant cyber incidents to the government.

The draft incident response plan further lays out how CISA will “develop and support additional cyber defense documents, such as enterprise incident response plans, sector-specific annexes, contingency-specific plans, or processes and procedures for specific operational needs such as resource requests.”

Meanwhile, it notes agencies “should be prepared to lead and resource their cyber incident response and to fulfill their relevant roles and responsibilities,” including by aligning their activities to the draft plan.

The NCIRP update comes amid mounting concerns about China-connected cyber organizations targeting U.S. critical infrastructure, including the “Volt Typhoon” group earlier this year, as well as ongoing cyber attack targeting telecommunications networks, dubbed “Salt Typhoon.” 

Greene said the draft plan was informed by “recent events.” He highlighted how the plan details how “key decisions” will be made throughout the detection of and response to a major cyber incident.

“To be clear, like this document is not a blow by blow – when ‘x’ happens, thou shalt do ‘y’ — because every incident is going to be different,” Greene said. “But what I wanted to see was whether I thought this provided a flexible framework. So trying to lay out some of those decision point hopefully will be really helpful going forward. The idea there being, we’ve thought about this ahead of time, which should simplify the process in the midst of the next event that comes along.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.