Friday, April 19, 2024
Friday, April 19, 2024
President Obama has approved a new presidential policy directive to better coordinate the federal government's response to cyber incidents, clarifying the role of government when the private sector experiences a cyberattack, Inside Cybersecurity reports today.
Lisa Monaco, assistant to the president for homeland security and counterterrorism, formally announced the new policy directive this morning at the Fordham University International Conference on Cyber Security.
"This directive establishes a clear framework to coordinate the government's response to such incidents," according to Monaco's prepared remarks. "It spells out which federal agencies are responsible. And it will help answer a question heard too often from corporations and citizens alike: 'In the wake of an attack, who do I call for help?'"
Inside Cybersecurity further reports:
The new PPD, the White House said today, establishes principles governing the federal government’s activities in incident response; distinguishes between significant cyber incidents and "steady-state" incidents; categorizes government activities into "lines of effort" and designates a lead agency for each line of effort; and creates mechanisms to coordinate on incident response, instituting a Cyber Unified Coordination Group to enhance coordination procedures within individual agencies.
Further, it applies such policies and procedures to incidents in which a federal agency is a victim of a cyber attack and is aimed at assuring that cyber responses are "consistent and integrated with broader national preparedness and incident response policies” in order to “seamlessly integrate with actions taken to address physical consequences caused by malicious cyber activity." . . .
According to Monaco, the directive says the FBI will take the lead in coordinating responses to "immediate" threats, spurring law enforcement and national security teams to collect evidence and gather evidence to attribute attacks and bring malicious cyber actors to justice.
The Department of Homeland Security, according to Monaco, will lead in coordinating help for organizations dealing with a cyber attack’s impact and help prevent the cyber attack from spreading to other organizations. DHS will "provide technical assistance to help them find the adversary on their network, protect their assets, bring systems back online, shore up vulnerabilities, and supply additional federal resources to aid recovery," according to Monaco.
Also, the Office of the Director of National Intelligence, through the Cyber Threat Intelligence Integration Cell, will be responsible for integrating intelligence and analysis about cyber threats and identifying opportunities to mitigate the threat, according to Monaco.