The Presidential Directive that defined roles and responsibilities of Federal agencies in the event of a cyber incident is being applauded as a step in the right direction by private sector cybersecurity companies.
“Better defined coordination amongst government cybersecurity stakeholders is welcomed,” said Blue Coat CTO Aubrey Merchant-Dest. “Clarification on who to contact is important, but the larger challenge is identification and classification of the threat level defined in the schema, and how quickly that determination can be made. It’s a step in the right direction and heightens the need for improved incident preparedness and coordination. We’re getting a step closer to a national cybersecurity weather map.”
Much like a weather map, a schema released in conjunction with the directive provides a color-coded graph to measure incident severity and ensure that all parties involved measure their cyber incidents on the same scale.
The directive also emphasizes information sharing among agencies, states, and localities, and private industry, noting that agencies like the Department of Justice and Department of Homeland Security should coordinate with private industries.
“FireEye appreciates the explicit recognition that industry plays a critical role in effectively responding to significant cyber incidents,” said Shane McGee, chief privacy officer at FireEye. He added that having a plan ahead of time will enable the government to respond more quickly and effectively to cyber incidents.
“It is undoubtedly the government’s responsibility to prepare for the worst-case scenario, and we applaud this important step to foster shared understanding about cybersecurity roles and responsibilities across the ecosystem,” said Ryan Gillis, vice president of Cybersecurity Strategy and Global Policy at Palo Alto Networks. “Especially as cyberattacks become increasingly destructive, it has become clear that a focus on detection and response after a breach has occurred is a supplement—not an adequate substitute—for cyber threat prevention. Prevention must be the primary objective, and should inform how an organization detects and responds to a cybersecurity incident should one occur.”
In addressing prevention and reaction, the administration has released a number of plans and directives that focus on the Federal government’s ability to respond to cyber threats both within the government and private industry, such as the Cybersecurity National Action Plan (CNAP).
“The Directive represents one pillar of a multipronged strategy the U.S. government has deployed to holistically address cybersecurity issues,” Gillis said. “The policy’s focus on cyber incident management is an important complement to the long series of policies the administration has put in place to deter and prevent malicious cyber threats.”