White House breaks down cyberattack response roles

White House breaks down cyberattack response roles

The White House on Tuesday released a new directive clarifying the government’s role in the event of a cyberattack.


The document designates which federal agency will take the lead in different areas of response efforts in the event of a “significant” cyberattack. It divvies up the responsibility between the Department of Justice (DOJ), the Department of Homeland Security (DHS) and the Office of the Director of National Intelligence (ODNI).

The DOJ — through the FBI — will take the lead in rooting out the bad actor responsible for the attack, while the DHS will assist victims in repairing their systems. The ODNI will provide intelligence support.

The DHS will also be responsible for writing a national cyber incident response plan laying out how the federal government will interact with the private sector, as well as state and local governments, to respond to a significant incident.

The directive also provides a five-level model officials will use to rank incidents.

While a Level 1 incident is “unlikely to affect public health, national security ... or public confidence,” a Level 5 incident “poses an imminent threat to wide-scale critical infrastructure services, national government or to the lives of U.S. persons.”

The document has been largely met with support from the security industry and Capitol Hill. Lawmakers from both sides of the aisle have expressed increasing concerns that the U.S. is unprepared to deal with the fallout from a massive cyberattack.  

“I have long called for more centralization of cybersecurity efforts within government, and the cyber incident coordination plan is another important step in moving away from ad hoc processes that are simply inadequate to deal with the threat we face,” Rep. Jim Langevin (D-R.I.) said in a statement commending the directive.

The document is “an important clarification of the unique roles and responsibilities that the U.S. government and the private sector bring to bear to combat cyber threats,” said Ryan Gillis, a former National Security Council official and now the vice president of cybersecurity strategy at Palo Alto Networks.

“It is undoubtedly the government’s responsibility to prepare for the worst case scenario, and we applaud this important step to foster shared understanding about cybersecurity roles and responsibilities across the ecosystem,” he said.