On July 26, 2016, the White House approved a Presidential Policy Directive (“PPD”) on coordinating responses to cyber incidents that occur in the United States.  The PPD seeks to clarify who in the federal government is responsible in the event of a cyber incident.  The PPD also sets forth principles governing the federal government’s response to any cyber incident, whether it involves the government or the private sector. 

The PPD maintains that the federal government will be guided by the following principles in carrying out incident response for cyber incidents: (1) shared responsibility between individuals, the private sector and government agencies; (2) risk-based response based on an assessment of the risks posed to factors including national security, the economy, and the safety and health of the public; (3) respecting the need for confidentiality, privacy, and civil liberties; (4) unity and coordination of governmental efforts; and (5) enabling restoration and recovery of the affected entity.

The White House also released the Cyber Incident Severity Schema, which establishes a common framework for evaluating and assessing cyber incidents.  The Schema details a system that will be used to describe the severity of a given incident, the urgency of response required, the seniority level necessary for coordinating a response, and the level of investment needed.  The Schema goes from Level 0 Baseline (White) up to Level 5 Emergency (Black).

Under the PPD, any incident ranking Level 3 High (Orange) and above is categorized as “significant” and will trigger a national response.  The Department of Justice (“DOJ”), acting through the Federal Bureau of Investigation (“FBI”), will be the lead federal agency for “threat response” activities; the Department of Homeland Security (“DHS”) will be the lead agency for “asset response” activities; and the Office of the Director of National Intelligence (“DNI”) will be the lead agency for “intelligence support and related activities.”

In a statement released by DHS, Secretary Jeh Johnson called the PPD “one more crucial step” by the Administration to improve the nation’s cybersecurity.  Secretary Johnson said that the PPD “reinforces the reality that cybersecurity must be a partnership between the government and the private sector, and among the law enforcement, homeland security and intelligence components of the government.”

The United States Cyber Incident Coordination PPD is available here and the annex to the PPD is available here.