In an implicit acknowledgment that the Federal government's response to cyberattacks is diffused among quite a number of agencies, the White House issued Presidential Policy Directive (PPD) 41 earlier this week (July 26). The directive calls for a coordinated response among federal agencies and authorities to cyber incidents.
The "Cyber Response Group" (CRG) is charged with agency coordination and (according to the annex to the PPD) will be chaired by the Special Assistant to the President for Cybersecurity. The CRG will generally include senior representatives of cabinet-level departments, including State, DOD, Treasury, DOJ, Commerce, DOE and DHS. On an ongoing basis, the CRG is tasked with coordinating the development and implementation of the federal government policies and strategies for responding to cyber incidents.
For "significant cyber incidents," defined as those likely to result in harm to national security, foreign relations, the U.S. economy or the "public confidence, civil liberties, or public health and safety" of the nation, ad hoc Cyber Unified Coordination Groups (Cyber UCGs) will be formed at the direction of the National Security Council. The Presidential Directive requires the formation of a Cyber UCG when a significant cyber incident affects critical infrastructure owners and operators identified by the Secretary of DHS. Cyber UCGs will consist of identified federal lead agencies, and may include sector specific agencies, such DOE, along with other federal agencies, state governments, nongovernmental organizations and private sector participants. Where cyber threats are evident, the Department of Justice (acting through the FBI) will serve as the Cyber UCG lead agency, while DHS, acting through the National Cybersecurity and Communications Integration Center, will serve as lead for "asset response activities." Asset response activities are said to include "furnishing technical assistance to affected entities to protect their assets, mitigate vulnerabilities and assess potential risks, including potentially cascading effects." The Office of the Director of National Intelligence will be the federal lead agency for intelligence support and related activities.
In the electric sector, mandatory authority to direct responses to cyber emergencies resides with DOE under new section 215A of the Federal Power Act, enacted in December of 2015. PPD-41 suggests that such actions as are taken by DOE under that authority will now be more widely coordinated with other federal agencies. It will remain to be seen how PPD-41 alters the federal government's response to cyber incidents.