Obama establishes cyber response hierarchy

The US White House has assigned responsibility to the Department of Homeland Security (DHS) and the Department of Justice to lead the response to cyberthreats against the nation.

President Barack Obama has issued a policy directive declaring the DHS as the point of contact and lead coordinator to “asset response” to cyberthreats.

Asset response involves helping victims of cybercrime to find the bad actor in its system, patch the vulnerability and reduce the risk of future incidents.

The department has also been tasked with leading the effort to develop a National Cyber Incident Response Plan, setting out how the government will work with the private sector and other branches of government to respond to significant cyber incidents.

The directive meanwhile declares that the Department of Justice, acting through the FBI and the National Cyber Investigative Joint Task Force, will take the lead in “threat response” — or investigating attacks.

DHS Secretary Jeh C Johnson noted that the directive is aimed at resolving the question of who in the government is responsible for cybersecurity, a question that has been unclear for years.

“The [directive] spells out the lines of responsibility within the federal government for responses to a significant cyber incident, and specifies who to contact in the government in the event of an incident,” he said.

Johnson added that the directive “is one more crucial step by the Obama Administration to improve our nation’s cybersecurity. It not only clarifies the roles of the various government actors involved in cybersecurity, it re-enforces the reality that cybersecurity must be a partnership between the government and the private sector, and among the law enforcement, homeland security and intelligence components of the government.”