U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


  1. Home
  2. About Us
  3. Site Links
  4. Archived
  5. News Archive
  6. Cyber Incident Response at DHS

Archived Content

In an effort to keep DHS.gov current, the archive contains outdated information that may not reflect current policy or programs.

Cyber Incident Response at DHS

Release Date: July 28, 2016

Today, Deputy Secretary Alejandro Mayorkas reflected on the state of cybersecurity at DHS and the implications of the new Presidential Policy Directive (PPD) on Cyber Incident Coordination at the International Conference on Cybersecurity in New York. The PPD was announced by Lisa Monaco, Assistant to the President for Homeland Security and Counterterrorism, at the same conference earlier in the week. 

Deputy Secretary Mayorkas called the issuance of the directive a “seminal” moment for cybersecurity and laid out the important role DHS plays in securing the nation’s critical assets, under the new directive.  The PPD spells out the lines of responsibility within the federal government for responses to a significant cyber incident, and specifies who to contact in the government in the event of an incident. DHS is unique among federal agencies in that we have responsibilities in both threat response – investigating the crime - and asset response – helping the victim(s) and identifying the point of vulnerability.

"The asset response is a very different framework because what it is designed to do is to identify the nature of the attack, to expel the harm," said the Deputy Secretary.

Threats in cyber space are unlike traditional crimes because they can easily be automated and reproduced, making asset response critical to keeping the nation safe.  Put simply, the more quickly we fix vulnerability, the less likely the damage will spread to other victims.

With this in mind, DHS is working towards fully automated information sharing among federal entities and private sector partners.  Deputy Secretary Mayorkas acknowledged that while this approach may be “antithetical to normal threat response, the sharing of information is critical in the cyber world.”  In fact, effective asset response depends on efficient, rapid, information-sharing about the incident.

Under the PPD, DHS will also take a lead role in drafting a National Cyber Incident Response Plan.

“We’ll take a page out of FEMA’s playbook,” explained the Deputy Secretary, in creating a plan to describe how the federal government will work with the private sector and state, local, and territorial governments in responding to a large-scale cyber incident. That plan will be ready in September.

For more information about the President’s Policy Directive, visit here. For more information on cybersecurity at DHS, visit www.dhs.gov/cyber.


Last Updated: 09/20/2021
Was this page helpful?
This page was not helpful because the content