With cyberattacks once again dominating the news, particularly in the political arena, the federal government recently released a directive that officially puts the FBI as the agency to call for significant cyberattacks — whether private or public.
As President Barack Obama pointed out while issuing the new policy, by having a central office in charge of reports on major cyberattacks, the government can better improve the management of its response to the criminal activity.
Industry analysts welcomed the decision. One specific agency needed to be identified as taking the lead, according to Alan Paller, president of the Sans Technology Institute, who was quoted in Computer World. And the FBI was a logical choice, he noted.
"The FBI is the only non-DoD agency with a very high concentration of ninjas on staff — people with the advanced forensics skills needed to find out what happened,” he said.
Under the Presidential Policy Directive (PPD) on United States Cyber Incident Coordination, there will be classifications for six levels of cyberattacks to ensure all federal agencies "have a common view of the severity of the incident."
According to the PPD, three of those six levels — which will be defined from zero through five — will be considered threatening enough to trigger application of the PPD’s coordination response.
The levels will be determined by the cyberattack’s potential to impact national security, economic security, public health or safety, civil liberties, foreign relations or public confidence, according to the government’s statement.
“When a cyber incident occurs, determining its potential severity is critical to ensuring the incident receives the appropriate level of attention,” the statement said. “No two incidents are the same and, particularly at the initial stages, important information, including the nature of the perpetrator, may be unknown.”
By instituting a plan that provides clear directions for a coordinated effort, law enforcement and national security will be better able to investigate the extent of a cyber incident — from collecting and analyzing evidence and linking related incidents to identify attribution.