The White House recently released a new set of instructions on how government agencies should respond to major cyber security attacks. The Tuesday published directory was seen as an attempt to combat perceptions and criticisms on the Obama administration being inactive when addressing threats from sophisticated hacking foes.
The announcement was made amid suspicion in the U.S. government that Russia-hired hackers may have engineered the leak of emails stolen from the Democratic National Committee in an attempt to influence the Nov. 8 U.S. presidential election.
The directive, includes a five-point scale to grade the severity of an incident, provides the first public guidance on the specific roles of federal agencies in coordinating efforts to investigate and respond to cyber security breaches in government and the private sector.
“To put it bluntly, we are in the midst of a revolution of the cyber threat – one that is growing more persistent, more diverse, more frequent and more dangerous every day,” White House counter-terrorism adviser Lisa Monaco said at a cyber security conference in New York.
She said that the new presidential policy directive “will help answer a question heard too often from corporations and citizens alike – ‘In the wake of an attack, who do I call for help?'”
Monaco named Russia and China as cyber adversaries that have become more assertive and she noted that Iran and North Korea are capable and willing to carry out destructive attacks.
The directive defines a significant cyber incident as one that is likely to result in harm to national security or economic interests, foreign relations, or the public confidence, health safety or civil liberties of the American people, according to a White House fact sheet.
An event would be designated as an emergency, or level 5, if it posed an imminent threat to wide-scale critical infrastructure, the stability of the government, or lives of Americans, according to a severity schema provided by the White House.
No attack against the United States so far would register as a five, and the hack on the Democratic Party organization would likely earn a lower grade, depending on how much evidence emerges on whether or not a foreign government is using the stolen information to try to influence the election, a source familiar with the policy discussions said.
The magnitude of a response will be determined by the severity assigned to an attack, Monaco said.
Asked about the DNC hack, Monaco said it would be a thorough investigation “and I’m sure there will be more to say later.” The FBI is investigating while cyber security experts and U.S. officials said there was evidence of Russia’s involvement.
The Kremlin dismissed the allegations, labeling them as absurd.
President Barack Obama has increasingly prioritized cyber security during his second four-year term, which has been marked by a spate of high-profile hacks against government agencies and private companies that exposed tens of millions of individuals’ personal data.
Lawmakers and cyber security experts have often criticized the administration for not developing a clear road map for how and whom companies should contact when facing a cyber-attack.
The new directive largely codifies existing practices and norms rather than change policy, said Ari Schwartz, a former top cyber security adviser at the White House who is now with the law firm Venable.
“But there have been times when the language used has caused major confusion,” Schwartz said.
“We’ve seen agencies use the same terms to mean different things and that has confused victims.”
U.S. Department of Justice, working through the Federal Bureau of Investigation and National Cyber Investigative Joint Task Force, will be the lead agency for investigating criminal intrusions or those that could affect national security, according to the policy.
The U.S. Department of Homeland Security will serve as the lead contact in helping companies respond to breaches of their networks. Intelligence agencies will be in charge of gathering information in order to identify who is behind an attack.