For Immediate Release
DHS Press Office
As Secretary of Homeland Security, I am often asked “who’s responsible within the federal government for cybersecurity? Who in the government do I contact in the event of a cyber incident?”
Today, President Obama’s Presidential Policy Directive/PPD-41, United States Cyber Incident Coordination, clarifies the answer to these questions. The PPD spells out the lines of responsibility within the federal government for responses to a significant cyber incident, and specifies who to contact in the government in the event of an incident. The PPD delineates between “threat responses” and “asset responses.” A “threat response” essentially involves investigating the crime, so that we can hunt down the bad actor. As the PPD spells out, federal law enforcement is the key point of contact for a threat response. The Department of Homeland Security, through our cybersecurity experts at the National Cybersecurity and Communications Integration Center, will act as the point of contact and lead coordinator for asset response. “Asset response,” like a threat response, is crucial. It involves helping the victim find the bad actor on its system, repair its system, patching the vulnerability, reducing the risks of future incidents, and preventing the incident from spreading to others.
Finally, the PPD directs the Department of Homeland Security to lead the effort to write the National Cyber Incident Response Plan. This Plan will set out how the federal government will work with the private sector and state, local, and territorial governments in responding to a significant cyber incident.
Today’s PPD is one more crucial step by the Obama Administration to improve our nation’s cybersecurity. It not only clarifies the roles of the various government actors involved in cybersecurity, it re-enforces the reality that cybersecurity must be a partnership between the government and the private sector, and among the law enforcement, homeland security and intelligence components of the government.