Federal agencies are responding to a potentially massive cybersecurity incident after a third-party vendor widely used across government was found to be compromised by a sophisticated hacking campaign.
With agencies working to determine which systems were affected and how severely, a myriad of questions swirled. Here’s a look at what we know and what’s been reported as of Tuesday afternoon.
National Security Council Invokes PPD-41
On Tuesday, the National Security Council announced the administration would be invoking Presidential Policy Directive-41, or PPD-41, which “facilitates continuous and comprehensive coordination for whole-of-government efforts to identify, mitigate, remediate and respond to this incident,” according to a statement from NSC spokesperson John Ullyot.
The directive, signed in the last years of then-President Barack Obama’s administration, creates a chain of command for responding to cyber incidents. The directive states the White House Cybersecurity Coordinator—or “an equivalent successor”—will serve as the chair for a Cyber Response Group to develop a strategy while the Cyber Unified Coordination Group will coordinate between federal agencies.
Within the CUCG, the directive designates the FBI and the National Cyber Investigative Joint Task Force, the Department of Homeland Security’s National Cybersecurity and Communications Integration Center, and the Office of the Director of National Intelligence’s Cyber Threat Intelligence Integration Center as the lead agencies for certain types of responses. Agencies, however, maintain operational control over their networks, “unless mutually agreed upon by agency heads or their designees.”
Since the policy was signed, a few organizational changes have occurred. In 2018, then-National Security Adviser John Bolton eliminated the White House Cybersecurity Co ..
Support the originator by clicking the read the rest link below.
