President Obama has approved a new presidential policy directive to better coordinate the federal government’s response to cyber incidents, clarifying the role of government when the private sector experiences a cyberattack, Inside Cybersecurity reports today.
Advertisement
The policy, years in the making, comes amid mounting suspicion that hackers working for Russian Federation may be leaking emails stolen from the Democratic National Committee in an attempt to affect the USA presidential election.
Lisa Monaco, President Barack Obama’s homeland security and counterterrorism adviser, said while Russian Federation and China grow “more assertive and sophisticated” online, Iran has attacked US banks and North Korea is showing a willingness to attack companies and countries alike.
“To put it bluntly, we are in the midst of a revolution of the cyber threat – one that is growing more persistent, more diverse, more frequent and more risky every day”, she said.
According to a fact sheet released with the policy directive Tuesday, the new approach is meant to focus on “significant” incidents, which could likely “result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people”. At the same time, it will use an executive order authorizing sanctions against those who attack US critical infrastructure. It also comes as the government and private industry grapple with whether the U.S. should retaliate against hacking attacks.
Asked about the DNC hack, Monaco said it would be a thorough investigation “and I’m sure there will be more to say later”.
The Obama administration released a new directive Tuesday outlining how the USA government intends to respond to significant cyberattacks.
The Kremlin dismissed the allegations as absurd.
Further, it applies such policies and procedures to incidents in which a federal agency is a victim of a cyber attack and is aimed at assuring that cyber responses are “consistent and integrated with broader national preparedness and incident response policies” in order to “seamlessly integrate with actions taken to address physical consequences caused by malicious cyber activity.”.
Advertisement
The new directive largely codifies existing practices and norms rather than change policy, said Ari Schwartz, a former top cyber security adviser at the White House who is now with the law firm Venable.
