Forget paranormal activity, in 2016 we are facing cyber-security threats that target individuals for fraud or our public systems for disruption. When there’s a cyberattack, who you gonna call? Not Ghostbusters. The Obama Administration says check their new colorful chart for answers.
In the past, there’s been confusion over who is in charge of massive hackings and data breaches. The White House has a plan to organize federal agencies for coordinated responses to cyberattacks. A new directive is supposed to tell the public which agency handles what. In addition, the White House has developed a color-coded cyber incident schema that categorizes the severity of threats and assigns a level of urgency, senior staff, and investment. The problem is that it’s vague and doesn’t actually explain how the government should respond.
Green Level 1 and yellow Level 2 threats are low and medium level threats that are unlikely or may impact public health or safety, national security, or economic security. Orange Level 3 and red Level 4 threats are likely to pose an impact and warrant government action. Black Level 5 emergencies “pose an imminent threat to the provision of wide-scale critical infrastructure services, national government stability, or to the lives of U.S. persons. An alien invasion or the 100-foot Stay Puft Marshmallow Man roaming the New York City streets (from the 1984 Ghostbusters movie) should warrant a Level 5 Emergency categorization while the OPM hacking may be a Level 4.
The agencies involved in cybersecurity include the Department of Justice, Department of Homeland Security, and Office of the Director of National Intelligence. The question is: Who determines what level a threat poses and what is the appropriate response?
The Washington Post notes:
“We are in the midst of a revolution of the cyberthreat — one that is growing more persistent, more diverse, more frequent and more dangerous every day,” said Lisa Monaco, Obama’s adviser for homeland security, at a conference Tuesday at Fordham University.
Monaco also said the scale of the government’s response will be based on an assessment of the risks posed by an incident. “How might it affect our national security or economy? Does it threaten the life or liberties of American people?”
The directive does not discuss how the government should respond to a significant event — whether it should impose sanctions, pursue indictments or even just publicly blame another country, for instance. Each case is fact-specific and responses depend on a range of factors, including geopolitics. But having the scheme helps officials “calibrate” whether they are giving an incident due attention, the official said.
The Obama Administration has been working on its cyber security plans for several years, they claim, but it took this week’s hacking of the Democratic National Committee’s computers and subsequent release of embarrassing emails days before the Democratic convention to accelerate their efforts. As American taxpayers we should feel slighted that it takes a preferred political party getting hacked for the White House get its act together. Never mind the loss of data about millions of Americans in various hackings over the past few years, protecting party secrecy is paramount.
We’ll see how well the new directive and color chart will work. Undoubtedly, another hacking will occur, but will Washington’s response be to cover it up and hope it goes away or to address the breach swiftly and ensure the victims are protected? I’m not hopeful that it will be the latter.