A Fordham cybersecurity conference was the site for a White House announcement today that a new presidential directive will shore up the federal government’s response to cyber threats.
The new policy delineates the role that government agencies will play going forward in preventing and responding to potential as well as active cybersecurity incidents, said Lisa Monaco, assistant to the president for homeland security and counterterrorism. She made her remarks at the opening session of the International Conference on Cyber Security (ICCS), cosponsored by Fordham and the FBI.
“[The policy] commits to unifying the government’s response across agencies, and it emphasizes that our response will be focused on helping victims of cyber incidents recover quickly,” Monaco said.
“This directive establishes a clear framework to coordinate the government’s response to such incidents. It spells out which federal agencies are responsible. And it will help answer a question heard too often from corporations and citizens alike—in the wake of an attack, who do I call for help?”
The FBI will lead responses to any immediate threat (just as it does in cases of terrorism, Monaco said) to find out whether those responsible are terrorists, other countries, or criminals.
The Department of Homeland Security will assist the victims of an attack or intrusion, supplying federal resources to aid recovery and providing technical assistance to protect the attacked organization’s assets, bring systems back online, and decrease vulnerabilities.
Finally, the newly formed Cyber Threat Intelligence Integration Center (CTIIC), which operates under the Director of National Intelligence, will serve as the point agency for all cyber-related intelligence. Having a single entity integrating and analyzing this information will allow for more rapid and streamlined efforts to disrupt threats, Monaco said.
“In all these efforts, the framework we apply when considering the use of cyber operations is quite similar to how we approach other operations in the physical world. Any actions we take must be consistent with our values, and after we assess the potential for collateral damage and consider other potential options. We consider the likely reaction of the target, our allies, and other countries who may be affected, and we consider whether the effects of a cyber operation could lead to escalation and greater conflict,” she said.
“I believe we can do this. Humans invented cyberspace and we can manage the challenges it generates. Over the past seven and a half years, we’ve made tremendous progress. The framework and actions we’re putting in place today are another strong step forward.”
Monaco’s announcement followed the keynote address from James Trainor, assistant director of the FBI’s cyber division, who stressed the importance of collaboration in the face of cyber threats.
Trainor cited the U.S. Intelligence Community’s annual Worldwide Threat Assessment, which for the last three years has ranked cyber threats as the No. 1 danger to national and economic security—a “bigger [threat]than standard forms of espionage and bigger even than terrorism,” Trainor said. “From where I stand, the issue is getting worse by the day.”
For this reason, it is critical to form strong partnerships among law enforcement, government agencies, and the private sector. The faster that a cyber threat or attack is reported to the FBI, the faster that those responsible can be caught and evidence preserved.
“We need to use indictments, engagements with foreign partners, diplomatic pressures, sanctions, technical disruption operations, and even actions taken at the World Trade Organization-level with trade operations,” Trainor said.
“In my view, pressure works… Our adversaries know we will come after them in more ways than one. The FBI is doing everything it possibly can at every level to make it harder for cyber criminals to operate. I believe that many of them are starting to think twice before putting their fingers on the keyboard.”