Governance & Risk Management
,
Government
,
Industry Specific
Draft National Response Plan Offers Flexible Coordination Strategies Across Sectors
The federal government vowed Monday improved partnership for private sector firms struggling with cyberattacks through enhanced coordination and a clearer picture of what each agency can offer.
See Also: Securing the Nation: FedRAMP-Authorized Identity Security
A draft update to the National Cyber Incident Response Plan does not provide a one-size-fits-all framework but instead offers flexible response plans with distinct roles for key federal cyber agencies, according to Jeff Greene, executive assistant director of cybersecurity for the Cybersecurtiy and Infrastructure Security Agency. Greene told reporters Monday the agency brought together more than 150 experts from 66 organizations – including partners from CISA’s flagship public-private partnership – to develop the NCIRP update.
“The world today really requires our nation to be prepared to handle significant cyber incidents that are going to threaten our economy, our national security as well as our public health and safety,” Greene said.
The current incident response plan was published in 2016, before the creation of CISA and many of the high-profile cyber incidents that have reshaped national cybersecurity including the Solarwinds hack and Colonial Pipeline ransomware attack of 2021. The updated NCIRP outlines coordination structures for managing significant cyber incidents, including a White House cyber response group to drive U.S. policy and strategy across public, private and federal sectors.
The latest guidance tasks CISA with leading the Cyber Unified Coordination group to align federal response efforts with sector risk management agencies, impacted critical infrastructure sectors and other responding entities. CISA’s Joint Cyber Defense Collaborative will also take a central role, uniting federal and non-federal partners to enhance information sharing, collaborative planning and operational coordination for future cyber incidents.
Since its 2018 inception, CISA has led federal responses to major cyber incidents while developing guidance for the public and private sectors, including a plan to unify cross-government defenses with baseline security practices. Experts warned the guidance lacked additional funding or resources, hindering efforts to expand operational visibility and implement the strategy effectively (see: Can CISA’s Federal Cybersecurity Alignment Plan Really Work?).
CISA Director Jen Easterly said the draft NCIRP Update “leverages the lessons learned over the past several years to achieve a deeper unity of effort between the government and the private sector.”
The draft sets timeframes for incident response, requiring the cyber response group chair to review significant incidents and deliver a report within 30 days. It also tasks CISA with driving stakeholder collaboration to enhance coordination, advance planning and update the NCIRP “on a predictable cycle.”
While CISA will lead coordinated efforts for assisting affected entities with protection of their assets, the Department of Justice, FBI and National Cyber Investigative Joint Task Force will serve as “the primary law enforcement entities” in developing and implementing threat responses. The Secret Service is also a lead law enforcement entity in investigating cybercrime and contributing threat response efforts “as needed within their jurisdictions.”
The guidance outlines critical decisions following a potential cyber incident, including whether CISA should convene a JCDC stakeholder group or form a unified cyber group for coordinated response. In the “decisions phase,” affected entities must set shared priorities, craft response strategies and establish measures to evaluate effectiveness while sharing information with government partners.
The public can provide public feedback via the Federal Register by January 15, 2025.