The United States has faced an alarming increase in the number of cyber incidents against the public and private sectors – ranging in scale, sophistication, and severity. The very same technology and critical cyber infrastructure that are the backbone of our 21st century economy are vulnerable to organized criminal gangs, hacktivists, and groups carrying out state-sponsored attacks.
To confront these cyber threats, President Barack Obama set three strategic goals:
- Raising the level of cybersecurity in public and private sectors.
- Disrupting and deterring threats.
- Responding to and recovering from cyber incidents.
Last month, the president pursued the third goal by issuing a Presidential Policy Directive on cyber incident coordination. It outlines how federal agencies will handle and define significant cyber incidents and details how the government will grade the severity of an incident.
Following the release, the U.S. Chamber of Commerce brought together senior members of the administration and industry experts for a roundtable discussion. Participants were briefed on how the policy works and how the directive will improve the government’s ability to respond to cyber incidents.
The Chamber knows it is critical to bring together government and industry to discuss cyber incident response. An open dialogue is the only way to effectively address the increasingly sophisticated cyber threats facing American and global businesses.
Michael Daniel, special assistant to the president and White House cybersecurity coordinator, said at the roundtable that the directive “brings together the lessons learned from responding to cyber events over the last eight years, as well as our experience in other areas such as counterterrorism and disaster response.”
He added, “It also provides the clarity and guidance about the federal government’s roles and responsibilities that the private sector has been asking for.”
So how does the directive work?
Andy Ozment, director of the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC), used a simple analogy. If an arsonist sets your house on fire, you want the fire department to put the fire out and the police to investigate and prosecute the culprit.
The directive makes it clear that the FBI is the lead agency for investigating who set the fire, while the NCCIC is the lead agency charged with preventing the fire from spreading and putting out the flames. The directive also explains that the federal agencies responding must coordinate to ensure that a multitude of three-letter agencies don’t all knock on a victim’s door and say, “We’re here from the government and here to help.”
Moreover, the directive isn’t intended to activate a coordinated government response for each cyber incident. Not every fire is worth three alarms. The directive applies to significant cyber incidents — an event that has a demonstrable impact on safety and national and economic security. Past significant cyber incidents might have included attacks on Sony Entertainment, the Sands Casino, the Ukrainian electric grid, and Saudi Aramco.
The key to effectively address the increasingly sophisticated cyber threats facing American and global businesses is an open dialogue between public and private sectors.
For more information on the Chamber’s cybersecurity education and awareness campaign, visit www.cybersecurityadvocacy.com.