NEW YORK — White House cybersecurity chief Lisa O. Monaco announced a new presidential directive that, starting today (July 26), makes clear which federal agencies will act in response to a cyberattack or cyberthreat vital to U.S. national security.
Monaco said the FBI would take the lead in coordinating incident response, including collecting evidence and establishing attribution in the wake of an attack; the Department of Homeland Security would aid victims of an attack and minimize the spread of the threat, clean out affected computer networks and shore up software vulnerabilities. The Cyber Threat Intelligence Integration Center (CTIIC), a year-old intelligence "fusion center" under the auspices of the Director of National Intelligence, would be responsible for integrating intelligence about the threat and combating it.
"We're not going to wait for the next attack to hone these procedures," Monaco, whose official title is Assistant to the President for Homeland Security and Counterterrorism, said at the International Conference on Cyber Security here. "Agencies will be incorporating these directives immediately."
The new directive, posted on the White House website under the title of "United States Cyber Incident Coordination" and signed by President Barack Obama, is meant to clarify to which agencies both public and private entities should turn in the event of a major cyberattack or disclosed threat, Monaco said.
Coordination among state and federal government agencies and private companies is seen by most experts and officials to be essential in maintaining national network defenses and responding to threats and attacks. But that coordination has been hampered by legal and bureaucratic obstacles, as agencies squabbled over jurisdiction and the private sector stayed wary of government involvement in its affairs.
Most of the internet's backbone in the United States is in private hands, but the FBI, DHS and National Security Agency all have some responsibility for protecting it. Imagine if the national road and highway system were not publicly owned, but instead run by dozens of private companies, yet policed by overlapping and sometimes competing government agencies.
The Cybersecurity Information Sharing Act of 2015, signed into law by Obama last December, alleviates some of the concerns private companies had in sharing data with the federal government. Monaco said today's presidential directive would further smooth incident responses and threat deterrence.
"Humans invented cyberspace," she said, "and we can manage the challenges that it generates."
In other remarks, James C. Trainor, Jr., assistant FBI director in charge of the bureau's Cyber Division, made the case for a new military branch dedicated to fighting cyber conflicts. He made the analogy to the period immediately after World War II, when the Pentagon recognized that aerial combat was a new form of warfare and that the Army's and Navy's air wings would no longer be adequate. As a result, Trainor said, the U.S. Air Force was formed as a separate branch.
Finally, during questions, the elephant in the room materialized: the issue of the purported Russian hack of the Democratic National Committee's servers and the subsequent leak of embarrassing emails just as the Democratic National Convention got underway in Philadelphia this week.
"Was Russian intelligence behind the DNC hack," a reporter asked, "and if so, what is the White House response?"
"I'm not going to get ahead of the FBI investigation," Monaco replied. "But I'm confident it will be thorough."