On July 26, 2016, President Obama signed Presidential Policy Directive 41, United States Cyber Incident Coordination, “setting forth principles governing the Federal Government’s response to any cyber incident, whether involving government or private sector entities.” Issued following high-profile attacks such as the Office of Personnel Management (OPM) breach in 2015 and the recent breach of the Democratic National Committee’s (DNC’s) email system, the directive addresses a number of cyber-related issues, including defining various types of cyber incidents as well as departmental roles and responsibilities in responding to such events. The directive defines a cyber incident as an event occurring on or conducted through a computer network that actually or imminently jeopardizes the integrity, confidentiality, or availability of computers, information or communications systems or networks, physical or virtual infrastructure controlled by computers or information systems, or information resident thereon. A significant cyber incident is one that is likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people. Five operating principles are articulated in the response plan:
- shared responsibility among individuals, government, and the private sector in protecting networks from attack,
- risk-based response,
- respecting affected entities,
- unity of effort, and
- enabling rapid restoration and recovery.
- The directive also proscribes a five-level cyber incident severity schema for assessing the severity of cyberattacks, similar to the Department of Homeland Security’s color-