Obama Lays Out Plan for Federal Response to ‘Cyber Incidents’

Krystian Nawrocki/

It’s not clear yet whether Russian state actors were the culprits behind the hack of almost 20,000 emails sent to and from top Democratic National Committee officials. Nevertheless, the White House on Tuesday put forward a coordination plan for how federal agencies would work together to respond to “significant cyber incidents.”

The presidential policy directive, approved by President Obama, lays out a specific plan defining a cyber incident and detailing how different sectors of the U.S. government will be involved in investigating or responding to cyberattacks. The plan aims to implement a standardized response.

Lisa Monaco, assistant to the president for homeland security and counterterrorism, said the directive “commits to unifying the government’s response across agencies.” She introduced the plan at the International Conference on Cyber Security at Fordham University on Tuesday morning.

“This policy sets forth principles to guide the federal government’s response to cyber incidents,” Monaco said. “It states that we have a shared responsibility in guarding against cyber attacks and managing incidents.”

Under the directive, the Federal Bureau of Investigation will be in charge of “threat response activities” for “significant” cyber incidents — those that are deemed “likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.”

“This includes bringing the full range of law enforcement and national security investigative tools to bear — from collecting evidence and gathering intelligence to attributing attacks and bringing malicious cyber actors to justice,” Monaco said.

While the FBI takes the lead role in investigating and pursuing cyber criminals, the Department of Homeland Security will secure computer systems that have been hacked and ensure the attack doesn’t spread to other networks.

Monaco said DHS will give technical assistance to businesses that have been compromised by major cyberattacks. The agency will assist in locating the adversary on the network, protecting the company’s assets, bringing the systems back online and strengthening any weaknesses in the network.

The aid to businesses underscores one of the policy’s major points — that the private sector and government have a “shared vital interest” in defending and avoiding cyberattacks.

While each agency has its own primary responsibility, the directive calls for coordination to fill in gaps of intelligence.

The DHS and FBI will coordinate and share information in areas where there is investigative overlap. The Office of the Director of National Intelligence will bolster the information-gathering process by providing supplementary intelligence.

“We’re not going to wait for the next attack to hone these new procedures and capabilities,” Monaco said. She added that over the next few months agencies will be tested on the new guidance in exercises aimed at preparing the government for a massive cyberattack. The tests are to be done with industry organizations as well as the Departments of Energy and Treasury, she said.

Next week, industry and government experts will give “vital feedback on how best to implement” the policy directive, Monaco said.

Democratic Rep. Jim Langevin (R.I.), co-founder and co-chair of the Congressional Cybersecurity Caucus, said the president’s policy directive “builds on the lessons learned from the numerous cybersecurity incidents the administration has had to respond to.”

“The cyber incident coordination plan is another important step in moving away from ad hoc processes that are simply inadequate to deal with the threat we face,” said Langevin, who sits on both the House Armed Services Committee and the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies.

Cyberattacks, especially state-sponsored ones, play a significant role in foreign relations in the modern world. Creating a consistent procedure sets clear rules for cyberspace and incorporates it with existing U.S. government policies.

“When it comes to cyber actors, the global landscape is increasingly diverse and dangerous,” Monaco said Tuesday. “Nations like Russia and China are growing more assertive and sophisticated in their cyber operations.”

Hackers hit the Office of Personnel Management and compromised the personal information of about 22 million individuals last year. The Chinese government was initially believed to be behind the attack, but the government later said the attack was a criminal act perpetrated by Chinese hackers. The Washington Post reported that the Chinese government arrested hackers in connection with the OPM cyberattack in December.

The U.S. and China reached an agreement in September that they wouldn’t “knowingly” conduct cyber theft or espionage, and that they would develop norms and accepted behavior in cyber space. Monaco said Tuesday the U.S. will “carefully monitor compliance with these arrangements.”

More recently, the Russians have raised alarms for American cybersecurity.

Reports surfaced last month that Russian government actors allegedly hacked the Democratic National Committee and accessed the party’s opposition research on Republican presidential nominee Donald Trump. A spokesman for the Kremlin told Reuters he “completely” ruled out Russian involvement.

Following a WikiLeaks dump on Friday of almost 20,000 emails sent to and from top Democratic National Committee officials, concerns about Russian government hacking has resurfaced.

Hillary Clinton’s campaign manager, Robby Mook, said on several news programs that experts have told the campaign that Russian state actors hacked the DNC’s systems to help Trump win.

Several reports citing cybersecurity experts point to confidence that Russian state actors had a hand in hacking the DNC, though a Kremlin spokesman shook off the allegations Tuesday as “maniacal attempts to exploit the Russian theme in the U.S. election campaign,” according to Reuters.

So far the White House has avoided pointing any fingers.

“We know that there are a variety of actors, both state and criminal, who are looking for vulnerabilities in the cybersecurity of the United States, and that includes Russia,” White House Press Secretary Josh Earnest said at a Monday press briefing. “The FBI is going to lead a careful investigation, and if there is a decision that’s made to release information about conclusions that have been reached about the attribution of this attack then it’s likely that the FBI would be the first one to make that announcement.”

Morning Consult