What exactly is the difference between a run-of-the-mill cyber incident and a “significant” cyber incident? Your organization may or may not have had to ponder this question in the past, but the federal government certainly has — and it’s an important question to boot.
The distinction among severity levels will weigh heavily in the government’s response to cyber threats, and it will determine what is expected from organizations when they respond to a breach.
Classifying cyber threats based on their severity is a central concern featured in a policy directive President Barack Obama published this July. Building off of this classification system, the policy outlines the necessary actions for the federal government to take in response to cyber security incidents. It covers five key principles to guide the government’s response efforts. Here’s a closer look at these principles and what each of them aims to accomplish:
- Sharing responsibility: According to the directive, protection against cyber attacks is a responsibility that is shared among individuals, private-sector businesses and the government.
- Response according to risk: The government’s response to an incident will be based on severity, and incidents will be triaged to determine the severity level.
- Respecting affected organizations: When a private business is affected by a cyber attack, the government will protect the details of the affected organization to the extent allowed by law.
- Unifying the government’s efforts: Government agencies need to work collaboratively to effectively combat a security incident. The first agency to respond to an incident should notify others.
- Supporting rapid recovery: In responding to an incident, the government’s aim must be to help the affected party “return to normal operations” as quickly as possible.
Any organization that conducts business with the federal government must keep in mind the policy directive and the five principles the government will follow in responding to threats. Partnering with the government to share risk information and resolve incidents can benefit both the private and public sectors, but organizations must maintain adherence to these principles in their security efforts.
As an industry leader with a long history of experience with federal government security, Lunarline can help your organization ensure adherence to federal standards, whether that means full FedRAMP compliance, incident response improvements or enhancements in any other area of cyber security.