‘Cyber Incidents’ First Responder? The FBI

fbi-china-hack-spy-chips

The FBI is now considered a key cyberleader.

According to the Presidential Policy Directive-41 (PPD-41) on U.S. Cyber Incident Coordination Policy, released on Tuesday (July 26) by the Obama administration, the FBI is one of the agencies taking the lead in three different cyber-response areas — threat response, asset response and intelligence support.

“PPD-41 codifies the essential role that the FBI plays in cyber incident response, recognizing its unique expertise, resources and capabilities. And as the bureau continues evolving to keep pace with the cyberthreat, the authorities contained in PPD-41 will allow us to help shape the nation’s strategy for addressing nationally significant cyber incidents,” FBI Assistant Director James Trainor of the Cyber Division explained in a post on the agency’s website.

“This new policy,” Trainor added, “will also enhance the continuing efforts of the FBI — in conjunction with its partners — to protect the American public, businesses, organizations and the economy and security of our nation from the wide range of cyberactors who threaten us.”

The U.S. Cyber Incident Coordination Policy lays out guidelines that govern the federal government’s response to cyber incidents, including which federal agencies will head the different threat response areas.

The Department of Justice, acting through the FBI and the National Cyber Investigative Joint Task Force (NCIJTF), will be taking the lead on threat response activities. While the Department of Homeland Security will be lead agency for asset response activities, acting through the National Cybersecurity and Communications Integration Center. Intelligence support and related activities will be lead by the Office of the Director of National Intelligence, through its Cyber Threat Intelligence Integration Center.

Through its new role, the FBI will be responsible for coordinating an effective, multi-agency response in the event of a significant cyber incident.