CISA has published a revised National Cyber Incident Response plan just weeks before Washington DC gets turned upside down by an incoming Trump administration that is expected to take a more aggressive posture in cyberspace.
The agency has asked for public comments on the revised blueprint, which it says offers a clearer way for “non-Federal” stakeholders to participate. The closing date for input in January 15 – less than a week before Donald Trump moves back into the White House.
The agency’s existing response plan was issued eight years ago, and CISA said the update captures “The significant evolution of the cybersecurity landscape since 2016”. It also aims to include “fresh perspectives and sets out an updated approach for addressing real-world national incident response and collaboration.”
The cybersecurity landscape has changed dramatically since 2016, with increasing cyber activity closely mapping geopolitics. Russia’s invasion of Ukraine has been accompanied by a surge in cyberattacks on public and private bodies, and further reduced the ability of Western agencies to clamp down on ransomware gangs and other actors under the Kremlin’s aegis. But China remains the most “active and persistent” threat, though more focused on espionage and long-term “pre-positioning”. North Korea and Iran remain ongoing irritants.
As well as clarifying the role of non-Federal actors, CISA said its revised plan would improve usability by “streamlining content and aligning to an operational lifecycle”. It also takes into account legal and policy changes and how these affect its roles and responsibilities. And it promised a “predictable cycle” for future updates.
CISA Director Jen Easterly said “This draft NCIRP Update leverages the lessons learned over the past several years to achieve a deeper unity of effort between the government and the private sector. We encourage public comment and feedback to help us ensure its maximum effectiveness.”
But Easterly herself will not be around to gauge public responses to the plan. She is set to leave her role on Trumps’s inauguration day.
And Trump’s return to Washington will mean a wider shakeup of the US’s intelligence, security and cyber ecosystem. This is expected to include an end of the “dual-hat” relationship between US Cybercommand and the National Security administration.
According to London-based think tank, the International Institute of Strategic Studies, this in turn could be a prelude to a policy of “power projection” in cyberspace, which could lead to further destabilization in both the cyber realm, and the real world.
