New U.S. cyber security directive solidifies FBI as key cyber leader
Today, the Administration released the Presidential Policy Directive-41 on U.S. Cyber Incident Coordination Policy – the cyber security directive, which sets forth principles that will govern the federal government’s response to cyber incidents and designates certain federal agencies to take the lead in three different response areas;
- Threat response,
- Asset response,
- Intelligence support
One aspect of this multi-layered plan was a specific focus on improving cyber incident response. Because the victim of cyber incidents is often a private sector entity, it’s crucial that the private sector understands how the U.S. government will respond and coordinate in the event of a cyber incident impacting their networks, operations, or business.
Major players given authority under the cyber security directive
|Response Area||Leading Agency||Comment|
|Threat response activities||The Department of Justice, acting through the FBI and the National Cyber Investigative Joint Task Force (NCIJTF)||Activities include conducting appropriate law enforcement and national security investigative activity, like collecting evidence and gathering intelligence; mitigating the immediate threat; identifying disruption activities; and facilitating information sharing and operational coordination with asset response personnel.
|Asset response activities||The Department of Homeland Security, acting through the National Cybersecurity and Communications Integration Center|
|intelligence support and related activities||Office of the Director of National Intelligence, through its Cyber Threat Intelligence Integration Center|
In the case of response to threat, The FBI have a key role in the event of a significant cyber incident, communicating with field-level coordinators on the ground to coordinate an effective, multi-agency response to the incident.
Additionally, according to the cyber security directive, the FBI will also take part in the Cyber Unified Coordination Group, an entity to be formed in the event of a significant cyber incident that will also include asset response coordinators and, as appropriate, other federal agencies; local, state, and tribal governments; non-governmental organizations; the private sector; and international counterparts. This mechanism will take collaboration among all responding agencies to an even higher level.
The principles raised in PPD-41 that will guide the federal government’s response to cyber incidents closely align with the FBI’s values and priorities already in place when dealing with cyber incidents. The Bureau already believes that:
- Prevention and management of cyber incidents is a shared responsibility among the government, private sector, and individuals.
- All incidents should be approached through a united federal government strategy that best uses the skills, authorities, and resources of each agency.
- The response will be based on an assessment of the risks posed to U.S. security, safety, and prosperity, and will focus on enabling the restoration and recovery of the affected entity.
- And the government will respect the privacy, civil liberties, and the business needs of victims of cyber incidents.
According to FBI Assistant Director James Trainor, Cyber Division, “PPD-41 codifies the essential role that the FBI plays in cyber incident response, recognizing its unique expertise, resources, and capabilities. And as the Bureau continues evolving to keep pace with the cyber threat, the authorities contained in PPD-41 will allow us to help shape the nation’s strategy for addressing nationally-significant cyber incidents.”
“This new policy,” said Trainor, “will also enhance the continuing efforts of the FBI—in conjunction with its partners—to protect the American public, businesses, organizations, and the economy and security of our nation from the wide range of cyber actors who threaten us.” Presidential Policy Directive: United States Cyber Incident Coordination