Press Release

CISA Announces Effort to Revise the National Cyber Incident Response Plan


WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced next steps for ongoing engagement with industry and government to update the National Cyber Incident Response Plan (NCIRP). As directed by the President’s 2023 National Cybersecurity Strategy, CISA, in close coordination with the Office of the National Cyber Director, is embarking on a process to gather input from public and private sector partners– including the federal interagency, Sector Risk Management Agencies (SRMAs), regulators, and critical infrastructure organizations, to identify key changes for incorporation into the updated NCIRP.

Published in 2016, the NCIRP is the nation’s framework for coordinated response to significant cyber incidents. Since then, the cybersecurity threat landscape and national response ecosystem have changed dramatically. Through the Joint Cyber Defense Collaborative (JCDC), CISA will work to ensure that the updated NCIRP addresses significant changes in policy and cyber operations since the initial NCIRP was released, including:

  • Establishment of CISA and ONCD;
  • Maturation of private sector incident response and coordination capabilities;
  • Increased international collaboration around cyber incident response and coordination;
  • Shifts in the threat environment, including the ongoing ransomware threats and advances in adversary capabilities; and
  • New authorities, policies, and coordination mechanisms.

“Over the past seven years, the cybersecurity landscape has changed dramatically, and our doctrine around cyber incident response and coordination must evolve as well. Our approach to update the NCIRP will be grounded in transparency and collaboration, recognizing that the private sector is often the first responder to many cyber incidents and that adversary campaigns increasingly transcend national borders. Our goal is for the NCIRP to provide an agile, actionable framework that can be actively used by every organization involved in cyber incident response to ensure coherent coordination that matches the pace of our adversaries,” said Eric Goldstein, Executive Assistant Director for Cybersecurity. “The success of this effort depends on the involvement of our partners – our output will only be as good as our input. Through our shared efforts, we will build a new NCRIP that helps our nation and our allies more effectively respond to and recover from cyber incidents in a manner that reduces harm to every possible victim.”

“Achieving the vision set forth in the President’s National Cybersecurity Strategy, which includes shifting the burden and responsibility away from small organizations and onto those more capable actors, requires us – the federal government and our largest private sector partners – to be collaborative, agile and responsive to the evolving threat landscape. Working to improve the National Cyber Incident Response Plan is a vital to that effort,” said Federal CISO and Deputy National Cyber Director Christopher DeRusha.

The NCIRP 2024 planning initiative is part of the JCDC Planning Agenda, bringing together government and the private sector to execute cyber defense plans that achieve specific risk reduction goals and enable more focused collaboration. To learn more about the JCDC, visit

All organizations are encouraged to read our new fact sheet at NCIRP webpage to learn about ways to participate in this long-term effort and stay updated on the development of the NCIRP 2024.

About CISA:   

As the nation’s cyber defense agency, the Cybersecurity and Infrastructure Security Agency (CISA) leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day. Visit for more information or visit for information on how to protect your networks.   


Visit CISA on Twitter, Facebook, LinkedIn, Instagram