On July 26, 2016, the Obama Administration issued a Presidential Policy Directive on United States Cyber Incident Coordination (the “Directive”). The Directive establishes a framework for responding to cyber incidents pursuant to which threat response will be coordinated by the Federal Bureau of Investigation (FBI), asset response will be coordinated by the U.S, Department of Homeland Security (DHS), and intelligence support and related activities will be coordinated by the Office of the Director of National Intelligence.
The Directive also sets forth principles for federal agencies to use in responding to any public or private sector cyber incident that is brought to their attention. Under these principles, while the Federal Government will coordinate with the affected entities to the extent possible, the Federal Government is provided with the authority to issue a public statement concerning an incident in the event that doing so serves a significant Federal Government interest.
As required by the Directive, DHS and the U.S. Department of Justice (DOJ) have created a fact sheet outlining how private individuals and organizations can contact relevant federal agencies about a cyber incident (the “Unified Fact Sheet”), which can be accessed at: www.dhs.gov/sites/default/files/publications/Cyber%20Incident%20Reporting%20United%20Message.pdf. The Unified Fact Sheet notes that, upon receiving notification of a cyber incident, the Federal Government will focus on threat response and asset response, and accordingly, as discussed above, companies that provide such notification must be aware of and prepared for the FBI, DHS, and possibly other agencies, becoming involved in the matter.
While the Directive establishes a framework for coordinated response by the Federal Government to cyber incidents, companies should carefully evaluate whether to contact Federal agencies when a cyber incident occurs and how best to do so. Our Privacy and Data Security partners can assist in evaluating all relevant factors and designing and implementing an effective cyber incident response strategy.