WASHINGTON — The threat of what the White House calls a “significant cyber incident” against the power grid is so great that the Obama administration has unveiled a major new strategy, complete with a six-level schema that acknowledges the most severe attack could cause widespread blackouts, deaths, and even impact the stability of the federal government.
The Presidential Policy Directive on “United States Cyber Incident Coordination” was released July 26 and intended to “provide clarity and guidance about the Federal government’s roles and responsibilities” during a cyberattack.
“Cyber incidents are a fact of contemporary life, and significant cyber incidents are occurring with increasing frequency, impacting public and private infrastructure located in the United States and abroad,” the directive states.
Modern technology has made life easier and is essential, the directive states, but “the same infrastructure that enables these benefits is vulnerable to malicious activity, malfunction, human error, and acts of nature, placing the Nation and its people at risk.”
Much like the now-defunct Homeland Security Advisory System, the directive unveiled a color-coded system to help the public understand the significance of a specific cyberattack. Dubbed the “Cyber Incident Severity Schema,” it includes six levels:
Level 5 (Emergency or Black) – “Poses an imminent threat to the provision of wide-scale critical infrastructure services, national government stability, or to the lives of U.S. persons.” The critical infrastructure services includes the power grid.
Level 4 (Severe or Red) – “Likely to result in a significant impact to public health or safety, national security, economic security, foreign relations, or civil liberties.”
Level 2 (Medium or Yellow) – “May impact public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.”
Level 1 (Low or Green) – “Unlikely to impact public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.”
Level O (Baseline or White) – A nuisance attack that causes no damage.
In addition to creating a cyber incident schema, the directive also:
- Defines a significant cyber incident as: “A cyber incident that is … likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.
- Establishes the US Department of Justice, acting through the FBI and the National Cyber Investigative Joint Task Force (NCIJTF), as the federal lead agency for investigating cyberattacks.
- Creates a Unified Coordination Group (UCG) that will organize the response to a major cyberattack. The cyber UCG will coordinate response with local, state, regional, tribal and foreign governments.
The US will use sanctions against foreign governments that launch cyberattacks against America, Americans or American allies, White House counterterrorism advisor Lisa Monaco told the media. Monaco did not say what the sanctions would be, but named Russia and China as possible targets.
Obama himself mentioned the possibility of sanctions against China over cyberattacks in September 2015. The president later backed down after a discussion with his Chinese counterpart Xi Jinping.
“We are preparing a number of measures that will indicate to the Chinese that this is not just a matter of us being mildly upset; but is something that will put significant strains on the bilateral relationship if not resolved,” Mr. Obama said in a question-and-answer session with business leaders on economic issues. “We are prepared to take some countervailing actions in order to get their attention.”
The directive came during the same week when authorities confirmed that the Democratic National Committee’s computer system had been hacked. Many observers blamed Russia for that attack.
Do you believe a cyberattack is inevitable? Share your opinion in the section below: