Government Contracts Monitor

Cyber Incident Reporting for Private Entities

August 15, 2016

In a move that reflects the federal government’s continuing emphasis on the security of cyber networks and content, the Department of Homeland Security (DHS) recently published a unified statement instructing private sector entities on the basics of reporting cyber incidents.

According to the statement, private entities that fall prey to cyber incidents can benefit from federal government assistance in several areas, including the investigation and mitigation of consequences from attacks and minimizing vulnerability to future attacks. The agencies that joined in the unified statement include DHS and its National Cybersecurity & Communications Integration Center and the Secret Service; the Department of Defense’s National Cyber Investigation Joint Task Force; and the Department of Justice (including the FBI and the Internet Crime Complaint Center). The statement provides contact information for these agencies and identifies the particular entity to be contacted for a given type of incident.

The statement defines a “cyber incident” as “an event that could jeopardize the confidentiality, integrity, or availability of digital information or information systems.” It then urges private entities to report cyber incidents that may: result in a significant loss of data, system capability, or data system control; affect large numbers of people; affect the public health or safety, or national security; or impact critical government infrastructure or essential government systems. A cyber incident may be reported at any time, even when complete information is not known.

When a cyber incident is reported, the federal government’s response focuses on two aspects: threat response, which involves the active pursuit and disruption of malicious cyber activity; and asset response, which aims to protect data and systems not already compromised and mitigating further damage where there has been or continues to be an attack.

The statement recognizes that an early and effective response is crucial to successfully defending against cyber attacks. While there are many tools to avoid and mitigate damage from cyber incidents in the private sector, the government’s unified stance provides a helpful resource for those in the private sector who are targeted by malicious cyber activity.

The unified statement came just a few days after the President released a policy directive detailing how the responsible federal agencies will respond in the event of a significant cyber incident. The Obama administration’s cyber policy consists of three pillars: raising the level of cybersecurity in the nation’s public, private and consumer sectors; deterring, disrupting, and interfering with malicious cyber activity aimed at the U.S. and its allies; and responding efficiently to cyber incidents to recover as quickly as possible from them. To achieve these three pillars, the agencies that are parties to the unified statement have delineated the roles and responsibilities each will take in prevention, detection, investigation, and response to cyber incidents in either the private or public sector. The idea is to create a streamlined approach since, in a malicious cyber incident, time is of the essence to ensure a proper response and mitigate damages.