Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/26/2016
05:10 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

Obama Issues Federal Government Policy For Cyberattack Response

New Presidential Policy Directive, PPD-41, solidifies just how key federal agencies coordinate, respond to cyberattacks on federal and private networks.

President Obama today issued a key directive formalizing just how federal agencies operate, coordinate, and respond to major cyberattacks and cyber incidents considered a danger to national security, the government, the economy, and critical infrastructure.

The new Presidential Policy Directive, PPD-41, specifies the FBI and the National Cyber Investigative Task Force of the US Department of Justice as the lead agencies for threat response, while the US Department of Homeland Security is the lead agency for “asset” response, via the National Cybersecurity and Communications Integration Center, aka the NCCIC. The Office of the Director of National Intelligence – via the Cyber Threat Intelligence Integration Center -- is the lead agency for intelligence support and related efforts, the directive states.

A “significant” cyber incident is defined by PPD-41 as one where the outcome could be harmful to national security interests, foreign relations, the US economy, public confidence, civil liberties or public health and safety of US citizens, according to the directive. Cyber incidents include vulnerabilities, system security procedures, internal controls, or implementations that could be abused by an attacker.

“While the vast majority of cyber incidents can be handled through existing policies, certain cyber incidents that have significant impacts on an entity, our national security, or the broader economy require a unique approach to response efforts. These significant cyber incidents demand unity of effort within the Federal Government and especially close coordination between the public and private sectors,” the directive reads.

President Obama’s new directive basically forms a game plan for agencies to work with one another on major cybersecurity events, notes Tom Kellermann, who previously served on the Commission on Cybersecurity for the 44th Presidency. “It also highlights how … the nature of responses [required now] for attacks that could be destructive and [the] increasing hostility of the environment shows the need for more cooperation,” says Kellermann, who is CEO of Strategic Cyber Ventures LLC.

The directive comes in the wake of the massive Office of Personnel Management (OPM) breach in 2015, and as the FBI is investigating the possible involvement of the Russian government in the recent breach of the Democratic National Committee’s (DNC) email system. Some of the DNC’s emails, many of them indicating the commission’s bias toward Hillary Clinton over Bernie Sanders, were dumped online by WikiLeaks this week just in time for the Democratic National Convention and presidential nomination of Clinton.

Chris Blask, chair of the ICS-ISAC, says the President's new directive basically formalizes how the federal government will respond and coordinate in cyber incidents and attacks. “The private sector can get some insight into where the feds are now. It’s another indication of the escalation of interest and capabilities inside the federal government to support private industry” partners, Blask says.

Missing from the President’s new policy, however, is a so-called “Cyber 911” for the private industry, Kellermann says. “My one suggestion is they need to have a Cyber 911,” a cyber incident emergency plan for commercial entities, he says. “When you call 911 in an emergency, you get police, ambulance, or fire” department support, he says.

But with cybersecurity, the private sector today gets only police support when it calls the FBI. “Metaphorically, this is a great action plan … but it should be expanded to the private sector,” where many organizations lack the resources to handle and recover from major cyberattacks, he says.

The private sector should have a streamlined process for getting help with “systemic” attacks. “DHS US-CERT and NCCIC should work in tandem with FBI to limit secondary infections,” he says.

Black Hat’s CISO Summit Aug 2 offers executive-level insights into technologies and issues security execs need to keep pace with the speed of business. Click to register.

“The problem for the past ten years is that [they’ve] failed at exterminating the cyber-presence of adversaries who have colonized” US networks, Kellermann says. “There was no quick enough response to react in time … nor a national coordination perpsective. This PPD is all about decreasing the dwell time to prevent further colonization” of nation-states and other attackers, he says.

The FBI said the policy codifies the bureau’s role in cyberattack response. James Trainor, assistant director of the FBI cyber division said in a statement, “This new policy will also enhance the continuing efforts of the FBI—in conjunction with its partners—to protect the American public, businesses, organizations, and the economy and security of our nation from the wide range of cyber actors who threaten us.”  

PPD-41 also lists five incident response principles for the feds: shared responsibility among individuals, government, and the private sector in protecting networks from attack; risk-based response; respecting affected entities (think privacy and civil liberties); unity of effort, meaning keeping all relevant agencies in the loop; and enabling restoration and recovery as soon as possible.

Related Content:

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/27/2016 | 12:04:21 PM
Re: Positive, but concerned
" floundering compared to more tech-minded countries overseas "

I hear you, I would not think the other countries are better than US. Most are more repressive even in the western worlds, it is just we are not hearing about them as often.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/27/2016 | 12:01:47 PM
Encryption?
 

Is there anything related to device encryption on this policy? Remember Apple vs. government?
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/27/2016 | 12:01:26 PM
DNC email system leak
 

DNC email system leak is not a new attack but somehow is surfaced these days, there seems there is politics playing a role in this too.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/27/2016 | 12:00:57 PM
Re: Positive, but concerned
" I feel like either of them would make horrible technological decisions and leave the U.S."

I would say it is more like their advisers, not the presidents who make the decision. Presidents would make a decision based on the support of the public.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/27/2016 | 11:58:38 AM
PPD-41
If it does what title says it does there is no harm on this policy. Federal agencies are supposed to operate, coordinate, and respond to major cyberattacks.
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
7/27/2016 | 8:03:11 AM
Positive, but concerned
While it's been pleasing to see Obama take more of an interest in digital security over the past year or so, I am truly worried that neither Clinton nor Trump would understand technology well enough to take it seriously. Clinton's handling of her email server is a prime example. I feel like either of them would make horrible technological decisions and leave the U.S. floundering compared to more tech-minded countries overseas.
AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14540
PUBLISHED: 2019-09-15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVE-2019-16332
PUBLISHED: 2019-09-15
In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
CVE-2019-16333
PUBLISHED: 2019-09-15
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.
CVE-2019-16334
PUBLISHED: 2019-09-15
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.
CVE-2019-16335
PUBLISHED: 2019-09-15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.