CISA issues updated draft of national cyber incident response plan

mediaphotos/Getty Images

Featured eBooks
Health Tech
Read Now

Next-Generation Computing

Read Now

Space Tech

Read Now
Insights & Reports
Enabling AI at the Edge for the Public Sector
Presented By Carahsoft
Download Now
Make Large Language Models Work–Without the Errors
Presented By Primer
Download Now
David DiMolfetta By David DiMolfetta,
Cybersecurity Reporter, Nextgov/FCW

By David DiMolfetta

|

The NCIRP was first released in 2016. The updates include pathways for non-federal groups to get involved in responding to devastating cyberattacks.

America’s top cyber agency is out with an updated blueprint to help federal government entities and their private sector counterparts respond accordingly in the event of a cyberattack that severely cripples the economy and society.

The Cybersecurity and Infrastructure Security Agency released the updated National Cyber Incident Response Plan into the Federal Register on Monday, inviting the public to comment on it over the next month.

The drafted plan outlines four tiers — asset response, threat response, intelligence support and affected entity response — as a means of planning ahead for unlikely but potentially destructive cyberattacks that could be launched by foreign adversaries against critical U.S. infrastructure like banks, railways, electric grids and water treatment plants. The plan’s first iteration came in the final months of the Obama administration in 2016.

Various coordination agencies or related groups are then assigned to each tier. Groups like the Office of the Director of National Intelligence and the FBI, for instance, are slotted under an intelligence support role. 

Meanwhile, the asset response effort — the act of transferring technical assistance to entities hit by a cyberattack so that their sensitive assets are protected — would be led by groups including CISA and the Defense Department. Across the board, the private sector is encouraged to share information with law enforcement and stay aware of ongoing threats. 

CISA brought together over 150 experts from 66 organizations across the cyber community to weigh in on the draft blueprint, said Jeff Greene, the agency’s executive assistant director for cybersecurity.

He stressed, however, that every cyberattack scenario is unique.

“This document is not a blow by blow [saying] ‘when X happens, thou shalt do Y,’ because every incident is going to be different,” he told reporters in a news conference Monday. “So trying to lay out some of those decision points, I think, hopefully, will be really helpful going forward.”

A Chinese cyber unit dubbed Volt Typhoon is widely believed to be burrowing into a variety of U.S. critical infrastructure systems, readying to sabotage them in the event the U.S. enters conflict with China over its claims to Taiwan.

A separate Chinese hacking group known as Salt Typhoon is likely still inside U.S. telecommunications networks and their affiliated wiretap request systems. Officials are actively investigating it as news about its reach has trickled out in headlines since October.

NEXT STORY: Salt Typhoon attacks prompt talk of hacking back against China