CISA Calls for Improved Collaboration in Incident Response Planning

The federal government announced on Monday its commitment to bolster collaboration with private sector companies facing cyber threats. This initiative comes in light of the need for clearer communication regarding the resources and support various federal agencies can provide during cyber incidents.

According to Jeff Greene, executive assistant director of cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), a draft update to the National Cyber Incident Response Plan (NCIRP) offers an adaptable framework rather than a one-size-fits-all solution. This revised plan delineates specific roles for key federal cybersecurity agencies and incorporates input from over 150 experts across 66 organizations. Greene emphasized the contemporary necessity for the U.S. to be properly equipped to manage substantial cyber events that jeopardize economic, national, and public health safety.

The original incident response plan, published in 2016, predated key developments in the field of cybersecurity, including the founding of CISA. High-profile events such as the SolarWinds breach and the Colonial Pipeline ransomware incident underscored vulnerabilities that have since reshaped national cybersecurity strategies. The revised NCIRP articulates coordination mechanisms for addressing significant cyber incidents and includes the formation of a White House cyber response group tasked with directing policy and strategy across public, private, and federal sectors.

CISA’s mandate extends to leading the Cyber Unified Coordination Group, designed to streamline federal response efforts with sector-specific risk management agencies as well as entities impacted by critical infrastructure disruptions. The agency’s Joint Cyber Defense Collaborative will facilitate better information sharing and collaborative planning among federal and non-federal partners, enhancing operational coordination during future cyber events.

Despite CISA’s proactive approach since its inception in 2018, experts have raised concerns regarding the absence of adequate funding and resources, which could impede the implementation of the strategic guidance intended to bolster national cybersecurity defenses. CISA Director Jen Easterly noted that the draft NCIRP Update aims to realize a stronger alignment of efforts between government bodies and the private sector.

The current draft outlines defined timeframes for incident management, requiring the cyber response group chair to evaluate significant incidents and provide a report within 30 days. CISA will also drive collaboration among stakeholders to enhance coordination and update the NCIRP at regular intervals. The Department of Justice and the FBI are designated as primary law enforcement entities responsible for assessing and executing threat responses, with the Secret Service involved as necessary in cybercrime investigations.

The revised guidance emphasizes critical decision-making processes following a cyber incident, including the potential formation of a Joint Cyber Defense Collaborative stakeholder group. Affected entities must prioritize shared objectives, devise response strategies, and evaluate their effectiveness in conjunction with government partners.