Obama puts FBI in charge of responding to cyber attacks
A presidential directive signed by President Obama Tuesday will put the FBI in charge of responding to all cyber threats and give the federal government a more active role in investigating, preventing and mitigating attempts to hack into U.S.-based computer networks.
Obama's homeland security adviser, Lisa Monaco, said the change was necessary because it's not always clear whether those responsible for a hacking incident are other countries, terrorists or criminals.
"This directive establishes a clear framework to coordinate the government’s response to such incidents," Monaco told a cybersecurity conference at Fordham University in New York Tuesday. "It spells out which federal agencies are responsible. And it will help answer a question heard too often from corporations and citizens alike — 'In the wake of an attack, who do I call for help?'"
While in the works for months, the directive comes just days after the transparency organization Wikileaks revealed 20,000 e-mails stolen from the Democratic National Committee. Security experts suspect Russia was behind that attack, which roiled the Democratic National Convention by showing that the national party actively conspired to hurt Vermont Sen. Bernie Sanders' presidential campaign. That, in turn, led to the resignation of DNC chairwoman Debbie Wasserman Schultz on the eve of the convention to nominate former Secretary of State Hillary Clinton for president.
Experts: Hard to prove Russians behind DNC hack
Prep for the polls: See who is running for president and compare where they stand on key issues in our Voter Guide
Two other agencies will also have significant roles in helping to prevent and mitigate the effect of cyber intrusions: The Department of Homeland Security and the Cyber Threat Intelligence Integration Center, a multi-agency coordinating body in the intelligence community.
"We’re harnessing all elements of national power, just as we do in dealing with other threats, like terrorism," Monaco said. "No tool is off the table."
The order will also attempt to define for the first time what constitutes a "significant cyber incident" triggering a federal response. It's an incident "likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people."
Obama issued the guidance through a presidential policy directive, a form of executive order used in national security matters and usually kept secret. In fact, the issuance of the directive, numbered PPD-41, implicitly acknowledged the existence of 10 secret orders issued by Obama in the past year. The last known directive was PPD-31, which made changes in hostage policy in June 2015. Twenty-nine of Obama's 41 presidential policy directives remain classified.