President Barack Obama’s top cybersecurity adviser said the next president should keep focusing on cybersecurity concerns by forming strong partnerships between government and the private sector.
Michael Daniel, cybersecurity coordinator for the Obama administration, said earlier this month the next administration may want updated legislation to help government tackle massive cyber breaches.
“I fully expect the next administration, whatever it is, will have to continue to build partnerships between the federal government and industry, states and locals, and our international partners,” Daniel said Aug. 4 at the U.S. Chamber of Commerce in Washington, which represents more than 3 million businesses.
Cybersecurity issues crashed into the public debate recently when Russia was accused of hacking the Democratic National Committee’s computers right before the start of the Democratic National Convention. The Kremlin denied the accusations.
Last month, the White House made public a directive — the type of document that is typically classified — to let the public know how federal agencies coordinate in the face of significant cyber incidents.
To be considered significant, a cyberattack or breach must be seen as likely to wreak demonstrable harm to public health or safety, national or economic security, or foreign relations, or civil liberties.
The Obama administration also revealed how it determines whether a cyber incident is “significant” and how it grades the severity of an event. Using a scale of Level 0 to Level 5, an incident that ranks at a Level 3 or above is recognized as significant.
The directive will remain effective upon a change in the presidency next January and stand until new presidential action is taken, according to the Justice Department.
Daniel said balancing the public’s right to know against the prospect of triggering panic depends on the circumstances of specific incidents.
“We want to make sure we are getting the right information out, so that other companies and institutions can protect themselves against whatever issues we are dealing with,” Daniel said.
Andy Ozment, assistant secretary for cybersecurity and communications at the Department of Homeland Security, encouraged businesses and organizations to build relationships with local and federal law-enforcement agencies. Build a response plan, sign up for government alerts, and report cyber incidents, he said at the Chamber event.
About 20 percent of companies that suffered computer intrusion report cyber breaches to law enforcement, according to David Johnson, associate executive assistant director at the FBI.
Ozment said Homeland Security does not share with government regulators information it comes across in response to cyber incidents.
Editor’s note: A version of this story was first published by Federal Times on Aug. 5, 2016, as a partnership between Medill and Federal Times.
Photo at top: Obama’s adviser highlights partnerships to address significant cyber incidents. (Blue Coat Photos/flickr)