Who ya gonna call?
That’s a simple question but when it comes to cyber incidents & the federal government, there’s no simple answer. Call DHS? FBI? DoD? NSA? NIST? These days, ghostbusters seems like the best option sometimes.
The Obama Administration today issued Presidential Policy Directive 41 which seeks to bring clarity who’s responsible for what within the federal government when there is a cyber incident.
PDD 41 sets forth principles governing the Federal Government’s response to any cyber incident, whether involving government or private sector entities. For significant cyber incidents, the directive establishes lead Federal agencies and an architecture for coordinating the broader Federal Government response. It also requires the Departments of Justice and Homeland Security to maintain updated contact information for public use to assist entities affected by cyber incidents in reporting those incidents to the proper authorities.
The directive outlines various coordination mechanisms among federal agencies depending on the type of cyber incident. It also allocates lead agencies for cyber incident response among the Departments of Justice, Homeland Security and the Office of the Director of National Intelligence as follows.
In view of the fact that significant cyber incidents will often involve at least the possibility of a nation-state actor or have some other national security nexus, the Department of Justice, acting through the Federal Bureau of Investigation and the National Cyber Investigative Joint Task Force, shall be the Federal lead agency for threat response activities.
- The Department of Homeland Security, acting through the National Cybersecurity and Communications Integration Center, shall be the Federal lead agency for asset response activities.
- The Department of Homeland Security, acting through the National Cybersecurity and Communications Integration Center, shall be the Federal lead agency for asset response activities.
- The Office of the Director of National Intelligence, through the Cyber Threat Intelligence Integration Center, shall be the Federal lead agency for intelligence support and related activities.
Such clarification should improve federal response to increasingly complex and damaging cyber incidents. However be sure to keep Ghostbusters on speed dial just in case.