Citing cyber ‘revolution,’ Obama issues attack response plan

Some of these include “significant cyber incidents” which the President defines as attacks that will likely harm the U.S.’s national security, economy, civil liberties or public confidence.

A hack on the Democratic National Committee (DNC), which the FBI is investigating, would likely earn a lower grade, depending on any foreign government involvement or intent to meddle in the presidential election.

Lisa Monaco, assistant to the president for homeland security and counterterrorism, will formally announce the new policy directive this morning at the Fordham University International Conference on Cyber Security.

In the directive’s introduction, Obama called cyber incidents “a fact of contemporary life”, but noted that they were “occurring with increasing frequency, impacting public and private infrastructure located in the United States and overseas”.

The guidelines also offer the first public guidance on roles of federal agencies to investigate and respond to cybersecurity breaches in government and the private sector.

During an incident, the group will act as “the primary method for coordinating between and among federal agencies in response to a significant cyberincident”, as well as for looping in the private sector as appropriate, the directive says. “As the bureau continues evolving to keep pace with the cyber threat, the authorities contained in [the directive] will allow us to help shape the nation’s strategy for addressing nationally-significant cyber incidents”. “That is not a future we should accept”. Numerous coordinating federal agencies have 180 days to implement the new national policy in cyber response exercises.

DHS Secretary Jeh Johnson alluded in a statement to missing elements in the federal government’s cyber response master plan.

“Previously organizations had to navigate through a number of different law enforcement and government agencies in order to find the correct one to help them with their specific type of attack”, Pironti said.

Next, DHS will take the lead on “asset response”, with the department helping the organization recover and get its systems back up to speed.

Within 180 days, DHS and Justice must finish a concept of operations for a rapid response team, or what the administration terms a “Cyber Unified Coordination Group”.

The new policy will require that the government do “threat response”, which will focus on identifying and prosecuting the hackers, “asset response”, which will focus on securing whatever systems were affected, and “intelligence support”, which will focus on creating profiles of known hackers and on developing “the ability to degrade or mitigate adversary threat capabilities”.

Lawmakers and cyber security experts have often criticized the administration for not developing a clear road map for how and whom companies should contact when facing a cyber attack.