Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/26/2016
05:10 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

Obama Issues Federal Government Policy For Cyberattack Response

New Presidential Policy Directive, PPD-41, solidifies just how key federal agencies coordinate, respond to cyberattacks on federal and private networks.

President Obama today issued a key directive formalizing just how federal agencies operate, coordinate, and respond to major cyberattacks and cyber incidents considered a danger to national security, the government, the economy, and critical infrastructure.

The new Presidential Policy Directive, PPD-41, specifies the FBI and the National Cyber Investigative Task Force of the US Department of Justice as the lead agencies for threat response, while the US Department of Homeland Security is the lead agency for “asset” response, via the National Cybersecurity and Communications Integration Center, aka the NCCIC. The Office of the Director of National Intelligence – via the Cyber Threat Intelligence Integration Center -- is the lead agency for intelligence support and related efforts, the directive states.

A “significant” cyber incident is defined by PPD-41 as one where the outcome could be harmful to national security interests, foreign relations, the US economy, public confidence, civil liberties or public health and safety of US citizens, according to the directive. Cyber incidents include vulnerabilities, system security procedures, internal controls, or implementations that could be abused by an attacker.

“While the vast majority of cyber incidents can be handled through existing policies, certain cyber incidents that have significant impacts on an entity, our national security, or the broader economy require a unique approach to response efforts. These significant cyber incidents demand unity of effort within the Federal Government and especially close coordination between the public and private sectors,” the directive reads.

President Obama’s new directive basically forms a game plan for agencies to work with one another on major cybersecurity events, notes Tom Kellermann, who previously served on the Commission on Cybersecurity for the 44th Presidency. “It also highlights how … the nature of responses [required now] for attacks that could be destructive and [the] increasing hostility of the environment shows the need for more cooperation,” says Kellermann, who is CEO of Strategic Cyber Ventures LLC.

The directive comes in the wake of the massive Office of Personnel Management (OPM) breach in 2015, and as the FBI is investigating the possible involvement of the Russian government in the recent breach of the Democratic National Committee’s (DNC) email system. Some of the DNC’s emails, many of them indicating the commission’s bias toward Hillary Clinton over Bernie Sanders, were dumped online by WikiLeaks this week just in time for the Democratic National Convention and presidential nomination of Clinton.

Chris Blask, chair of the ICS-ISAC, says the President's new directive basically formalizes how the federal government will respond and coordinate in cyber incidents and attacks. “The private sector can get some insight into where the feds are now. It’s another indication of the escalation of interest and capabilities inside the federal government to support private industry” partners, Blask says.

Missing from the President’s new policy, however, is a so-called “Cyber 911” for the private industry, Kellermann says. “My one suggestion is they need to have a Cyber 911,” a cyber incident emergency plan for commercial entities, he says. “When you call 911 in an emergency, you get police, ambulance, or fire” department support, he says.

But with cybersecurity, the private sector today gets only police support when it calls the FBI. “Metaphorically, this is a great action plan … but it should be expanded to the private sector,” where many organizations lack the resources to handle and recover from major cyberattacks, he says.

The private sector should have a streamlined process for getting help with “systemic” attacks. “DHS US-CERT and NCCIC should work in tandem with FBI to limit secondary infections,” he says.

Black Hat’s CISO Summit Aug 2 offers executive-level insights into technologies and issues security execs need to keep pace with the speed of business. Click to register.

“The problem for the past ten years is that [they’ve] failed at exterminating the cyber-presence of adversaries who have colonized” US networks, Kellermann says. “There was no quick enough response to react in time … nor a national coordination perpsective. This PPD is all about decreasing the dwell time to prevent further colonization” of nation-states and other attackers, he says.

The FBI said the policy codifies the bureau’s role in cyberattack response. James Trainor, assistant director of the FBI cyber division said in a statement, “This new policy will also enhance the continuing efforts of the FBI—in conjunction with its partners—to protect the American public, businesses, organizations, and the economy and security of our nation from the wide range of cyber actors who threaten us.”  

PPD-41 also lists five incident response principles for the feds: shared responsibility among individuals, government, and the private sector in protecting networks from attack; risk-based response; respecting affected entities (think privacy and civil liberties); unity of effort, meaning keeping all relevant agencies in the loop; and enabling restoration and recovery as soon as possible.

Related Content:

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/27/2016 | 12:04:21 PM
Re: Positive, but concerned
" floundering compared to more tech-minded countries overseas "

I hear you, I would not think the other countries are better than US. Most are more repressive even in the western worlds, it is just we are not hearing about them as often.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/27/2016 | 12:01:47 PM
Encryption?
 

Is there anything related to device encryption on this policy? Remember Apple vs. government?
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/27/2016 | 12:01:26 PM
DNC email system leak
 

DNC email system leak is not a new attack but somehow is surfaced these days, there seems there is politics playing a role in this too.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/27/2016 | 12:00:57 PM
Re: Positive, but concerned
" I feel like either of them would make horrible technological decisions and leave the U.S."

I would say it is more like their advisers, not the presidents who make the decision. Presidents would make a decision based on the support of the public.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/27/2016 | 11:58:38 AM
PPD-41
If it does what title says it does there is no harm on this policy. Federal agencies are supposed to operate, coordinate, and respond to major cyberattacks.
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
7/27/2016 | 8:03:11 AM
Positive, but concerned
While it's been pleasing to see Obama take more of an interest in digital security over the past year or so, I am truly worried that neither Clinton nor Trump would understand technology well enough to take it seriously. Clinton's handling of her email server is a prime example. I feel like either of them would make horrible technological decisions and leave the U.S. floundering compared to more tech-minded countries overseas.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25137
PUBLISHED: 2020-09-25
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message parameter to the /a...
CVE-2020-25138
PUBLISHED: 2020-09-25
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alert_check/action=delete_alert_checker/alert_test...
CVE-2020-25139
PUBLISHED: 2020-09-25
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for delete_syslog_ru...
CVE-2020-25140
PUBLISHED: 2020-09-25
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php.
CVE-2020-4531
PUBLISHED: 2020-09-25
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the sy...