A new presidential policy directive clarifies the responsibilities of federal law enforcement, security and intelligence agencies in responding to significant cyber incidents.
The White House has released a policy directive that delineates the roles of the Justice Department, the Department of Homeland Security and the Office of the Director of National Intelligence in responding to significant cyber incidents.
DHS Secretary Jeh Johnson said in a statement that President Barack Obama's Presidential Policy Directive 41 (U.S. Cyber Incident Coordination) answers the questions "Who's responsible within the federal government for cybersecurity?" and "Who in the government do I contact in the event of a cyber incident?"
Johnson added that PPD-41 is a crucial step toward bolstering the country's cybersecurity.
"It not only clarifies the roles of the various government actors involved in cybersecurity, it re-enforces the reality that cybersecurity must be a partnership between the government and the private sector, and among the law enforcement, homeland security and intelligence components of the government," he said.
PPD-41 delineates between threat and asset responses. A threat response involves investigating the crime to identify the bad guys, which falls within federal law enforcement's purview. Therefore, the Justice Department, through the FBI and the National Cyber Investigative Joint Task Force, will take the lead on threat-response activities.
The FBI said that in the event of a cyber incident, it will communicate with coordinators in the field to organize a multi-agency response. That threat response includes conducting an investigation that will collect evidence, gather intelligence, mitigate possible further threats, identify disruptive activities, and help share information and coordinate responders.
James Trainor, assistant director of the FBI's Cyber Division, said in a statement that "PPD-41 codifies the essential role that the FBI plays in cyber incident response, recognizing its unique expertise, resources and capabilities. And as the bureau continues evolving to keep pace with the cyberthreat, the authorities contained in PPD-41 will allow us to help shape the nation's strategy for addressing nationally significant cyber incidents."
Johnson said DHS' National Cybersecurity and Communications Integration Center will be the department's lead coordinator for asset response. The center will focus on helping victims of cyber incidents root out the bad guys on their systems, repair the systems, patch vulnerabilities, prevent the incident from spreading and reduce the risk of future problems.
ODNI, through its Cyber Threat Intelligence Integration Center, will be the lead for intelligence support and related activities.
The directive also put DHS in charge of the National Cyber Incident Response Plan, which will further delineate how the federal government will work with the private sector and state, local and territorial governments in responding to big cyber incidents.