Hello reader,

It’s Friday, December 20th, and this will be my final blog post this week. Please check out my prior blog posts this week and let me know what you think. It’s good to be blogging again and sharing bits, bytes, and maybe even a video.

1-800-ChatGPT

OpenAI has released 1-800-ChatGPT, which makes ChatGPT available via phone for voice calls and even text messaging. Effective yesterday, users in the U.S. can call 1-800-ChatGPT and have a free 15-minute conversation with ChatGPT. For global users, OpenAI has also integrated ChatGPT with WhatsApp, allowing people to send messages to the same number. OpenAI has confirmed that these phone calls will not be used to train LLMs. For more information, please visit https://www.youtube.com/watch?v=LWa6OHeNK3s

National Cyber Incident Response Plan (NCIRP)

According to the executive summary, "The 2023 National Cybersecurity Strategy called for an update of the 2016 National Cyber Incident Response Plan (NCIRP), a strategic national framework for how federal, private sector, state, local, tribal, and territorial (SLTT), and international partners collectively address cyber incidents under Presidential Policy Directive 41 (PPD-41)."

CISA has released the draft of the National Cyber Incident Response Plan (NCIRP), which is open for comment until January 15, 2025, allowing folks to provide feedback via the Federal Register. After my preliminary review of the document, I have a few thoughts...

First, with the incoming new administration, what changes will be made to CISA? CISA was formed under the prior Trump administration, and since its inception, CISA has laid a solid foundation and has fostered public-private sector relationships, which are critical to cyber resiliency. Stakeholder inclusion is key to any successful response to a cyber incident... let alone a major cyber incident impacting critical infrastructure. During tabletop exercises and drills that I have led at scale, stakeholder communication, cadence, and closing communication loops are so important to ensure all stakeholders are informed and leveraging the latest intrusion intelligence to support business continuity and disaster recovery efforts. In exercises that I have facilitated in the global large enterprise and even at the national level, crisis communication and escalation paths can be pain points, which validates the need for organizations to routinely test their incident response plans through regular exercises and ensure that all stakeholders (even trusted third parties that are providing services or expertise to the organization) are included in these tabletop exercises and cyber drills.

The NCIRP is not intended to be a step-by-step guide for a response effort, but a framework. This update is clear about that in the executive summary. "At a high level, the NCIRP sets out the structures that the United States government will use to coordinate the response to cyber incidents. It also provides a framework for the potential roles of federal agencies, SLTT government, the private sector, and civil society." This is a key point as CISA is not only encouraging public comment on the NCIRP update, but also for the private sector to use the NCIRP when creating their own IR planning efforts. From my perspective, consistent language and classification (see NCIRP Figure 2 below) of cyber incidents must be consistent across cyber so stakeholders (including civil society) can translate what specific language means in an advisory or report and how it may impact their lives or businesses. I have observed so many times where organizations are exchanging intrusion intelligence or other incident-related information but failing to connect the dots because they are describing the same thing but using different terminology.

There is a lot to unravel in this document, and I encourage those performing IR to take the time to read it. It will be key to see what CISA does under the new administration and what the priorities will be. If NCIRP keeps momentum under the next administration, CISA's ability to coordinate across the federal government will be foundational before branching out within industry. CISA and NCIRP are definitely something you should watch in 2025.

What are your thoughts? Does NCIRP simplify or add complexity?

Source: https://www.cisa.gov/news-events/news/cisa-publishes-draft-national-cyber-incident-response-plan-public-comment

Thank you

This will likely be my last blog post of 2024 as I shut down and spend time with family and friends over the holidays. I hope you are getting value out of my blog posts. I would like to wish you and yours Happy Holidays and Merry Christmas. I hope you find peace, prosperity, and get some downtime as we close out 2024 and look to a fresh start in 2025. Thank you for following along.

With Gratitude,

Brad Bits: December 20, 2024 (1-800-ChatGPT and NCIRP)