White House policy defines cyber roles
- By Mark Rockwell
- Jul 26, 2016
The White House has released a policy directive that delineates the roles of the Justice Department, the Department of Homeland Security and the Office of the Director of National Intelligence in responding to significant cyber incidents.
DHS Secretary Jeh Johnson said in a statement that President Barack Obama's Presidential Policy Directive 41 (U.S. Cyber Incident Coordination) answers the questions "Who's responsible within the federal government for cybersecurity?" and "Who in the government do I contact in the event of a cyber incident?"
Johnson added that PPD-41 is a crucial step toward bolstering the country's cybersecurity.
"It not only clarifies the roles of the various government actors involved in cybersecurity, it re-enforces the reality that cybersecurity must be a partnership between the government and the private sector, and among the law enforcement, homeland security and intelligence components of the government," he said.
PPD-41 delineates between threat and asset responses. A threat response involves investigating the crime to identify the bad guys, which falls within federal law enforcement's purview. Therefore, the Justice Department, through the FBI and the National Cyber Investigative Joint Task Force, will take the lead on threat-response activities.
The FBI said that in the event of a cyber incident, it will communicate with coordinators in the field to organize a multi-agency response. That threat response includes conducting an investigation that will collect evidence, gather intelligence, mitigate possible further threats, identify disruptive activities, and help share information and coordinate responders.
James Trainor, assistant director of the FBI's Cyber Division, said in a statement that "PPD-41 codifies the essential role that the FBI plays in cyber incident response, recognizing its unique expertise, resources and capabilities. And as the bureau continues evolving to keep pace with the cyberthreat, the authorities contained in PPD-41 will allow us to help shape the nation's strategy for addressing nationally significant cyber incidents."
Johnson said DHS' National Cybersecurity and Communications Integration Center will be the department's lead coordinator for asset response. The center will focus on helping victims of cyber incidents root out the bad guys on their systems, repair the systems, patch vulnerabilities, prevent the incident from spreading and reduce the risk of future problems.
ODNI, through its Cyber Threat Intelligence Integration Center, will be the lead for intelligence support and related activities.
The directive also put DHS in charge of the National Cyber Incident Response Plan, which will further delineate how the federal government will work with the private sector and state, local and territorial governments in responding to big cyber incidents.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at [email protected] or follow him on Twitter at @MRockwell4.