The U.S. Cybersecurity and Infrastructure Agency has released a draft update to the National Cyber Incident Response Plan that addresses significant changes in policy and cyber operations since the plan was first released in 2016.

The NCIRP is a strategic framework that establishes how to undertake a coordinated response to cyber incidents along four lines: asset response, threat response, intelligence support and affected entity response. The plan also includes coordination mechanisms, key decision points and priority activities across the cyber incident response lifecycle.

Additionally, the plan identifies structures that stakeholders should leverage to coordinate cyber incidents requiring cross-sector, public-private or federal coordination.

The updates to the plan proposed by CISA, released Monday, include significant enhancements to improve coordination and collaboration across federal, state and private sector entities in responding to cyber incidents. The revised plan places a stronger emphasis on integrating nonfederal stakeholders into the incident response process to ensure that organizations at all levels have a clear understanding of their roles.

Another update is focused on streamlining the NCIRP’s content to align with a more practical operational lifecycle. The idea is that by organizing the plan around specific phases of incident response, such as preparation, detection, mitigation and recovery, the plan will be easier to navigate and implement.

The draft also proposes updated roles and responsibilities to reflect recent legislative and policy changes in the cybersecurity landscape, including clarifying the leadership roles of agencies like CISA, the Department of Justice and the Office of the Director of National Intelligence during significant cyber events.

Another proposal in the draft is a new structured timeline for regular updates to the plan to make sure that the plan remains current with evolving cyberthreats and technological advancements.

The proposed changes in the draft have been well received by cybersecurity experts. Gabrielle Hempel, customer solutions engineer at cybersecurity company Exabeam Inc., told SiliconANGLE that the update is long overdue and that “eight years between updates is like a century in the tech industry where things change daily. CISA and ONCD didn’t even exist when this plan was first created.”

She noted that it’s “fantastic” that the lines of effort are clearly defined and designated to lead agencies.

However, I can see this getting convoluted very quickly as cyber incidents are generally not very straightforward and involve a lot of moving parts and parties,” she said. “I am interested to see what the public comment period brings to light. Some really valuable perspectives and ideas are often added during these comment periods that can really shape the way the document is used.”

Image: SiliconANGLE/Ideogram