President Obama on Tuesday published a long-awaited directive clarifying how the federal government should respond to a cyber attack.
The directive isssues a set of principles for guiding the federal response and lays out which government agencies would be responsible in the event of a "significant cyber incident," which is broadly defined as an attack likely to result in demonstrable harm to national security interests, foreign relations, the US economy, public confidence, civil liberties or the public health or safety of the American people.
In the event of a significant cyber attack, the FBI and the National Cyber Investigative Joint Task Force would take the lead in "threat response activities." That refers to law enforcement and national security investigative work like collective evidence. The Department of Homeland Security will be in charge of "asset response activities," which includes providing technical assistance to the affected entities to protect their assets and mitigate the impact of the attack. Lastly, the Office of the Director of National Intelligence is the lead agency for intelligence support.
According to the directive, those three lines of effort -- threat response, asset response and intelligence support -- should all happen concurrently. If a federal agency was the target of the attack, the government will undertake a fourth line of effor to keep government operations running smoothly.
"While the vast majority of cyber incidents can be handled through existing policies, certain cyber incidents that have significant impacts on an entity, our national security, or the broader economy require a unique approach to response efforts," the directive says.
It lays out principles for government agencies to abide by, including an acknowledgement of shared responsibility between the private and public sectors and individuals. It calls for a risk-based response, for agencies to respect the privacy and civil liberties of affected entities and for a unified government effort. It also says that the government's response should facilitate the restoration and recovery of an impacted entity.
The new directive had been in development for some time but comes just weeks after the revelation that Russian hackers gained access into the Democratic National Committee computer system. Just this week, DNC chairwoman Debbie Wasserman Schultz resigned, following an extensive email leak from WikiLeaks that showed the DNC's bias toward Hillary Clinton over Bernie Sanders during the Democratic primary. The Clinton campaign believes Russia provided the emails to WikiLeaks.