Obama’s New Policy for Cyber Incidents

By Kevin Duffey

The White House just published this Presidential Policy Directive. The last nine PPDs are still classified for National Security reasons.

This PPD defines who’s in charge of response to cyber incidents in the USA.  The answer is multiple agencies:

  • Policy will be led by the Cyber Response Group, reporting to the NSC
  • Operations for cyber incidents will be led by ad-hoc Cyber Unified Coordination Groups
  • Threat response will be led by the Department of Justice, through the FBI & NCIJTF
  • Asset response will be led by the Department of Homeland Security, through NCCIC
  • Intelligence support will be led by the Director of National Intelligence, through CTIIC

For businesses who have wondered who to go to in government for help responding to specific cyber threats, this is enormously helpful.  The answer is clearly the FBI, who highlight here that the new policy “solidifies” their role as a key cyber leader.

But some Governments have gone further in simplifying their response to cyber challenges. For example, the UK will put all cyber capability under one person, Ciaran Martin, beginning in October.  Time will tell how far cyber response can be unified by national authorities. Consider – there are 850 official organisations promoting cyber security around the world, including 31 just in the City of London.  The “alphabet soup” of cyber agencies will continue for some time.

So business leaders should use this announcement to ask “Who will do what in our business if we suffer a catastrophic cyber incident?”  Leaders must ensure their teams are certain of the chain of command during the cascade of commercial consequences that come with a major breach.

Working effectively with law enforcement is just one of several with leadership challenges we think CEOs must face up to.

Businesses should engage with the Global Cyber Alliance, which is uniquely placed to have a measurable impact on cyber threats.  As President Obama’s new Presidential Policy Directive rightly says, “Cyber incidents are a fact of contemporary life, and significant cyber incidents are occurring with increasing frequency.”


Cyber Rescue is a Membership organisation, that helps CEOs lead effective recovery of revenues and reputation after a cyber attack that couldn’t be blocked.

The author, Kevin Duffey, is the Managing Director of Cyber Rescue, a partner of the Global Cyber Alliance. You can follow them on Twitter @KevDuffey and @CyberRescue.

Editor’s Note: The views expressed by the author are not necessarily those of the Global Cyber Alliance. 

Image courtesy of Shutterstock.com.