As I sit here blogging at my local Panera, I'm thinking about the people coming and going. They are on their mobile devices and having no thoughts about the national security implications of cybersecurity as it relates to them as individuals. Happy, oblivious and enjoying their bagels!
See the quoted text below that provides a quick summary of responsibilities and guiding principles in PPD-41.
"As a follow-up to our message earlier this week announcing the signing of PPD-41 on Cyber Incident Coordination, DHS and FBI jointly released a fact sheet that explains when, what, and how to report to the Federal Government in the event of a cyber incident. We have attached it to this message so you can easily share it broadly with your stakeholders.
Additionally, in our last message, we talked about the difference between asset and threat response. By analogy, we described a cyber incident as being like an arson in the real world: asset response are the "firefighters" and threat response are the “police.” Those are the two lines of effort with which the private sector will interact, but we wanted to highlight that the government will have three lines of effort overall:
1) Asset Response — DHS, acting through the NCCIC [National Cybersecurity and Communications Integration Center], will be the lead agency for asset response activities.
3) Intelligence Support — ODNI [Office of the Director of National Intelligence], through the Cyber Threat Intelligence Integration Center or CTIIC, will be the lead agency for intelligence support and related activities.
All three lines of effort are critical in a cyber incident. No single agency possesses all of the authorities, capabilities, and expertise to deal unilaterally with a significant cyber incident. This PPD establishes a whole-of-government approach and by working collaboratively the full capabilities of the Government can be applied toward an incident and we can ensure we are coordinated, integrated, yet structured in our response.
We also want to highlight that in our response, the government will follow 5 overarching guiding principles:
1) Shared Responsibility — Individuals, the private sector, and government agencies have a shared vital interest and complementary roles and responsibilities in protecting the Nation from malicious cyber activity and managing cyber incidents and their consequences.
2) Risk-Based Response — The Federal Government will determine its response actions and the resources it brings to bear based on an assessment of the risks posed to an entity, our national security, foreign relations, the broader economy, public confidence, civil liberties, or the public health and safety of the American people
3) Respecting affected entities — Federal Government responders will safeguard details of the incident, as well as privacy and civil liberties, and sensitive private-sector information.
4) Unity of Governmental Effort — Whichever Federal agency first becomes aware of a cyber incident will rapidly notify other relevant Federal agencies in order to facilitate a unified Federal response and ensure that the right combination of agencies responds to a particular incident.
5) Enabling Restoration and Recovery — Federal response activities will be conducted in a manner to facilitate restoration and recovery of an entity that has experienced a cyber incident, balancing investigative and national security requirements, public health and safety, and the need to return to normal operations as quickly as possible."
