White House Issues Directive on Cyber Attacks

In response to a growing list of “increasingly significant cyber incidents,” the White House on Tuesday released a presidential policy directive intended to create a “more coordinated, integrated, and structured response” to cyber attacks. The directive creates a six-level rating system for cyber incidents based on their impact and establishes policies and mechanisms to guide the government’s response, including forming a Cyber Unified Coordination Group that is similar to those used to react to physical incidents. The directive also declares there is a “shared responsibility” among the government, individuals, and the private sector to protect the nation from “malicious incidents” and to help manage the consequences. Congressional attempts to develop a national system to minimize and respond to cyber attacks have stalled, largely due to the reluctance of industry, financial institutions, and public utilities to share information on cyber intrusions. The PPD vows to protect privacy and civil rights while acting against cyber attacks. The rating of cyber incidents ranges from zero to six based on the potential to affect public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence. Level three and above are considered “significant” and are likely to result in “demonstrable harm.”