White House Directive Coordinates Federal Agencies' Cyberattack Response

attack. The directive delegates the DOJ to take the lead in law enforcement activities related to a cyberattack, while the Department of Homeland Security will aid in mitigating the attack. The White House’s release of the directive came amid the fallout over WikiLeaks’ release of controversial Democratic National Committee emails believed to have been harvested from DNC servers during a 2015 hacking incident. The White House emphasized Tuesday that its planning for the directive significantly predated the DNC hacking incident. The White House’s directive directs the Cyber Response Group within the National Security Council to coordinate development and implementation of U.S. government policies in response to cyberattacks. The CRG or the larger NSC can form a cyber unified coordination group (CUCG) as the “primary method” of coordinating among federal agencies in response to “significant” cyber incidents, Obama said in the directive. The CUCG normally will include the Department of Homeland Security and other lead federal agencies for threat response and support, but also will include the FCC and other sector-specific agencies depending on the nature of the incident, the directive said. The FCC also would be called upon to participate in CRG activities when “its inclusion is warranted by the circumstances and to the extent the [FCC] determines such participation is consistent with its statutory authority and legal obligations,” an annex to the directive said. The White House directive also set up a five-level framework for rating cyber incidents. Level 1 attacks are “unlikely to affect public health, national security” or other U.S. interests, while a Level 5 incident “poses an imminent threat to wide-scale critical infrastructure services, national government or to the lives” of U.S. citizens, the directive said.