Page 52 - Cyber Warnings
P. 52
U.S. Government Announces Framework for Responding to
Critical Infrastructure Cyber Incidents
What Operators of Critical Infrastructure Need to Know About PPD-41
By David Navetta, Boris Segalis, Mia Havel and Kris Kleiner, Norton Rose Fulbright US LLP
On July 26, 2016, the White House issued the United States Cyber Incident Coordination
Directive (Presidential Policy Directive PPD-41, including an Annex).
The Directive sets forth the principles governing the Federal Government’s response to cyber
incidents, including incidents affecting private entities that are part of U.S. critical infrastructure.
The Directive triggers a significant Federal Government role and establishes a framework for its
response to “significant cyber incidents” in particular and is designed to improve coordination
between government agencies and to clarify inter-departmental involvement in response to a
cyber incident.
Key Elements of PPD-41
PPD-41 makes a distinction between a “cyber incident,” which is defined as “[a]n event
occurring on or conducted through a computer network that actually or imminently jeopardizes
the integrity, confidentiality, or availability of computers, information or communications systems
or networks, physical or virtual infrastructure controlled by computers or information systems, or
information resident thereon, and a “significant cyber incident,” which is defined as “[a] cyber
incident that is (or group of related cyber incidents that together are) likely to result in
demonstrable harm to the national security interests, foreign relations, or economy of the United
States or to the public confidence, civil liberties, or public health and safety of the American
people.”
In conjunction with these definitions, the Directive includes a Cyber Incident Severity Schema,
which further categorizes the severity of cyber incidents affecting the homeland, U.S.
capabilities, or U.S. interests:
Under this schema, a threat of Level 3 or higher constitutes a “significant cyber incident.”
A “cyber incident” will not typically trigger federal government involvement beyond “coordinated
efforts to understand the potential business or operational impact of a cyber incident on private
sector critical infrastructure” through the relevant sector-specific agency (“SSA”).
52 Cyber Warnings E-Magazine – August 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide