Cyber Security News

CISA Proposes National Cyber Incident Response Plan

The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a proposed update to the National Cyber Incident Response Plan (NCIRP), inviting public feedback on the draft.

This highly anticipated revision, outlined in a pre-decisional public comment draft released this month, aims to address the evolving cybersecurity landscape amidst increasing threats to critical infrastructure, national security, and public safety.

The updated NCIRP builds on the 2016 version, aligning with the 2023 National Cybersecurity Strategy and Presidential Policy Directive 41 (PPD-41) to provide a robust framework for coordinating national responses to significant cyber incidents.

The plan integrates lessons learned from past incidents, changes in federal law and policy, and emerging organizational capabilities.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Key Features of the Updated Plan

The NCIRP provides a flexible, high-level framework for managing cyber incidents across federal, state, local, tribal, and territorial (SLTT) governments, the private sector, and international partners.

It identifies four central “lines of effort” to guide responses: Asset Response, Threat Response, Intelligence Support, and Affected Entity Response.

Lead agencies such as CISA, the Federal Bureau of Investigation (FBI), the Department of Justice, and the Office of the Director of National Intelligence (ODNI) are designated to oversee these efforts.

Notably, the plan emphasizes a coordinated approach using two primary bodies: the Cyber Response Group (CRG) for policy guidance and awareness and the Cyber Unified Coordination Group (Cyber UCG) for operational coordination.

Additionally, the plan introduces a revised Cyber Incident Severity Schema to assess and escalate response efforts systematically.

The updated NCIRP delineates a lifecycle approach to cyber incident management, split into two main phases: Detection and Response.

During the Detection phase, stakeholders collaborate to monitor, analyze, and validate incidents, ensuring a shared understanding of their scale and impact.

The Response phase focuses on containment, eradication, and recovery efforts while supporting law enforcement and intelligence activities to attribute and hold perpetrators accountable.

National Preparedness and Stakeholder Engagement

CISA emphasizes that the revised NCIRP is adaptable and encourages private sector entities and SLTT governments to incorporate its framework into their cyber preparedness planning.

The plan also outlines guidelines for voluntary cyber incident reporting, further promoting collaboration across the public and private sectors.

Comprehensive planning and preparedness remain cornerstones of the NCIRP. CISA plans to support additional initiatives, including sector-specific annexes, tailored guidance for SLTT entities, and regular plan revisions based on emerging threats and lessons learned.

The draft NCIRP seeks to foster a “unity of effort” across diverse stakeholders, recognizing that no single entity can address the multifaceted challenges posed by cyber incidents.

This initiative underscores the federal government’s commitment to strengthening national resilience against increasingly sophisticated cyber threats.

Public comments on the draft will remain open through January 2025, marking a crucial step toward finalizing a plan that aims to ensure a coordinated and effective national response to future cyber incidents.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Microsoft Patch Tuesday May 2025 Released With the Fixes for 72 Flaws With 5 Actively Exploited 0-Day

Microsoft has released its May 2025 Patch Tuesday updates, addressing 72 security vulnerabilities across its…

7 hours ago

Ivanti Released Security Updates to Fix for the Mutiple RCE Vulnerabilities – Patch Now

Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across several…

8 hours ago

Fortinet FortiVoice Zero-day Vulnerability Actively Exploited in The Wild

A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products, including…

9 hours ago

Ransomware Attacks Surge by 123% Amid Evolving Tactics and Strategies

The 2025 Third-Party Breach Report from Black Kite highlights a staggering 123% surge in ransomware…

9 hours ago

Researchers Introduce Mythic Framework Agent to Enhance Pentesting Tool Performance

Penetration testing is still essential for upholding strong security procedures in a time when cybersecurity…

9 hours ago

Swan Vector APT Targets Organizations with Malicious LNK and DLL Implants

A newly identified advanced persistent threat (APT) campaign, dubbed "Swan Vector" by Seqrite Labs, has…

9 hours ago