Page 15 - index
P. 15
operational playbooks that identify roles and responsibilities for various federal departments,
agencies and entities not since been produced? Thus far, nobody in government has been able
or willing to answer these very legitimate questions.
For example, what is the intersection of the seven major cyber centers across the government
during various thresholds of escalation of any cyber event? What is the collaborative role of the
National Infrastructure Coordinating Center (NICC) and the National Cybersecurity and
Communications Integration Center (NCCIC) at DHS, especially given the fact that manmade or
natural disasters with physical impact can also produce a cybersecurity challenge and cyber
events may produce a physical impact, particularly in the critical infrastructure sectors? What
role will the newly proposed Cyber Threat Intelligence Integration Center (CTIIC) play in the
effort to coordinate a national approach to mitigation, response and recovery from cyber events
that may produce a national consequence?
Another example, at what threshold of escalation or impact does a cyber event transition from
being within the purview of the Department of Homeland Security or the Department of Justice,
and become a matter for the Department of Defense and the White House? In each of these
examples, what is the engagement model for including the private sector in the efforts and
deliberations to inform the decision making process for an appropriate response, investigation,
and recovery? These are not questions that should be considered in the heat of the moment in
a real life event, in which today we might not even be able to imagine.
During the Cyber Storm III national level exercise in 2010, many of these very questions were
identified as the exercise scenario evolved. Those issues produced arguments and acrimony
among participating government representatives about who was in charge and where decisions
were to be made. Those questions were not answered during the exercise and remain elusive
even today.
It is important to note that even while there remains a lack of clarity as to the various roles and
responsibilities within the government, the private sector works diligently to deliver resilience
even in the face of ongoing criminal and malicious activity in cyberspace. Mature information
sharing regimes exist within and across the critical infrastructure community and include a broad
range of stakeholders. Improving access to threat intelligence / information, which is primarily
located within the domain of the government, will better enable timely, reliable, and actionable
situational awareness that contributes to improving cybersecurity and resilience.
Imagine a situation where the FBI detects a cyber attack targeting a health insurer, an attack
that appears to be siphoning corporate information and consumer records and has the
characteristics of a nation state intruder. In spite of its own cyber defenses, the health insurer
learns of the attack from the FBI, therefore what should the insurer do once becoming aware of
this event? The immediate concern is to contain the event and any impact from the intrusion.
Given that attribution is often difficult to affirm early in many cyber events, yet the characteristics
are familiar to the government and appear to be similar to recognized nation state tactics,
techniques, and procedures, is the healthcare provider on their own to deal with this matter?
What are the consumer and privacy impacts associated with the event? What if the health
15 Cyber Warnings E-Magazine – March 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
