President Obama has issued the Presidential Policy Directive/PPD 41, developing rules and principles to govern responses to huge federal and private sector cyber attacks.
However not particularly focused on cyber tragedies at healthcare agencies, the directive does identify the crucial impact that such tragedies can have on “public health and safety.”
“While the major majority of cyber tragedies can be managed through existing plans, certain cyber tragedies that have key affects on an entity, our national security or the broader economy need a distinctive access to response efforts,” in accordance to the directive. “These key cyber tragedies claims unity of effort within the Federal Government and particularly close coordination between the public and private sectors.”
The plan directive observes any cyber tragedy, develops the lead federal organizations to coordinate responses, and needs the departments of Justice and Homeland Security to maintain updated contact information for public utilization to report tragedies. The Federal Bureau of Investigation also plays a vital role in responses, in accordance to the directive.
The document also explains the important cyber tragedy or a group of related incidents as those that are likely to indicate harm to national security interests, public confidence, the national economy, foreign relations, civil liberties or public health and safety.
The directive spells out 5 guiding rules covering the shared responsibility among people, the private sector and government; resource allocation deployed on threats posed by an attack; safeguarding explanations of a tragedy, privacy and civil liberties and sensitive private sector data; usually deferring to impacted entities in notifying private sector entities and the general public; coordinating among government entities to acquire optimal outcomes, and facilitating restoration and recovery.
Moreover, the government will perform investigations at impacted entity sites, give technical support to secure assets and decrease susceptibilities, collect and spread or disseminate intelligence, facilitate data sharing, and coordinate with impacted private entities to comprehend potential effects of an attack on crucial private sector infrastructure.
The directive lists particular few federal organizations as lead agencies for decreasing 3 effects of an attack: threat response activities (FBI, Justice, and National Cyber Investigative Joint Task Force), intelligence support and related tasks (Director of National Intelligence via Cyber Threat Intelligence Integration Center), and asset response activities (Homeland Security and its National Cyber security and Communications Integration Center).
Homeland Security and Justice are ordered and tasked with spreading a fact sheet to help the private sector in informing relevant federal organizations after a cyber tragedy. Various coordinating federal organizations have 180 days to execute the latest national policy in cyber response exercises.
No comments:
Post a Comment