home Security Counter Terror US Agencies Roles Defined regarding Cyber Attacks

US Agencies Roles Defined regarding Cyber Attacks

Jul 31, 2016

This post is also available in: עברית (Hebrew)

Although the US President has made cybersecurity a priority, the country continues to confront attacks targeting the private sector and the federal government, including “significant cyber incidents” defined by the President as attacks that will likely harm the U.S.’s national security, economy, civil liberties or public confidence.

In attempt to confront such attacks, the US has outlined new measures for more effectitve reponse.

A new Policy Directive on United States Cyber Incident Coordination approved by President Obama spells out how the Federal government will coordinate its incident response activities in the event of a large-scale cyber incident.

According to the directive, the FBI will be in charge of threat response activities, which include the law enforcement and national security investigation of a cyber incident – collecting evidence, linking related incidents, gathering intelligence, identifying opportunities for threat pursuit and disruption, and providing attribution.

The Department of Homeland Security (DHS) will be in charge of lessening the damage and patching any vulnerabilities from the attack. The DHS will coordinate closely with the relevant Sector-Specific Agency, which will depend on what kind of organization is affected by the incident.

According to PCWorld, both organizations already investigate many major cyber crimes, but Tuesday’s directive better clarifies their roles.

While existing policies can handle more minor threats, the U.S. needs a unified response to deal with severe attacks, the President said in his directive.

A color-coded scale defined by the White House will be used by federal agencies to judge the severity of cyber incidents. It runs from zero to five, and threats evaluated at level 3 or higher will be deemed significant and trigger the FBI to investigate.

In addition, the Office of the Director of National Intelligence will function in a support role to both gather intelligence and even “degrade” the perpetrators’ capabilities.