White House issues directive on gov't response to "significant" cyberattacks
Xinhua, July 27, 2016 Adjust font size:
U.S. President Barack Obama on Tuesday approved a new directive laying out how the U.S. government responds to significant cyber incidents.
The White House defined "significant" as one that is likely to result in "demonstrable harm" to national security, economic security, foreign relations, civil liberties, public confidence, or public health and safety of the American people.
"This directive establishes a clear framework to coordinate the government's response to such incidents," said Lisa Monaco, Obama's adviser for homeland security, at a conference Tuesday at Fordham University.
"It will help answer a question heard too often from corporations and citizens alike -- 'In the wake of an attack, who do I call for help?'" said Monaco, whose speech was posted on the White House website.
The directive, which the White House called "a major milestone," categorized the U.S. government's activities into three lines of effort, including threat response, asset response and intelligence support activities.
In the event of a significant cyber incident, the Federal Bureau of Investigation will be federal lead agency responsible for investigation, while the Department of Homeland Security will take the lead in providing technical assets and assistance to help breached organizations reduce the impact of the attack and prevent it from spreading elsewhere, the White House said in a statement.
The Cyber Threat Intelligence Integration Center, established in 2015 in the Office of the Director of National Intelligence, will be responsible for integrating intelligence and analysis about the threat and identifying opportunities to mitigate and disrupt it.
As part of the directive, the White House also released a cyber incident severity schema that establishes a common framework within the government for evaluating and assessing the severity of cyber incidents.
According to the White House, the schema describes a cyber incident's severity from a national perspective, defining six levels, zero through five, in ascending order of severity, and an incident that ranks at a level three or above is considered "significant" and will trigger application of the directive's coordination mechanisms.
While describing itself under "a serious threat" from "malicious" cyber activities, the U.S. has actually actively been engaging in cyber operations against what it called adversaries.
"Cyber tools are now an integral part of the capabilities that can be employed against an adversary during a conflict -- that includes a 6,200-member Cyber Mission Force that U.S. Cyber Command is currently building," Monaco added. Enditem