An Overview of the Federal Cybersecurity Plan and Attack Rating System

BY:

Oct 6, 2016

an-overview-of-the-federal-cybersecurity-plan-and-attack-rating-system

The White House unveils new cybersecurity measures

This February, the White House unveiled a new cybersecurity directive intended to help protect citizens, businesses, and government agencies against digital attacks. The plan assigns specific responsibilities to each federal agency in the case of a cyberattack, and rates the severity of cyber threats on a scale from 0-5 in magnitude. Keep reading to learn more about the plan, and how it could help protect your business from an ever-increasing threat.

Three efforts, three agencies

The new directive establishes three separate lines of effort for combating cybersecurity threats and assigns a specific agency for each effort:

  • The Department of Justice (acting through the FBI and National Cyber Investigative Joint Task Force) will be responsible for investigation and directly pursuing the threat.
  • The Department of Homeland Security (acting through the National Cybersecurity and Communications Integration Center) will help determine a risk profile for the incident, trying to determine what U.S. businesses, individuals, or government agencies might be vulnerable to attack, the type and potential consequences of the threats against them, and how best to protect them.
  • The Office of the Director of National Intelligence (working through the Cyber Threat Intelligence Integration Center) is responsible for intelligence gathering, research, and supporting other agencies by discovering gaps in knowledge about current and future cyber threats.

The attack rating scale

The White House’s attack rating scale goes from 1-5, and the new directives won’t kick in until a threat is rated three or above on the scale. Here’s how it ranks potential cyber threats:

  • Level 0: Baseline (white): “Unsubstantiated or inconsequential event.”
  • Level 1: Low (green): “Unlikely to impact public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.”
  • Level 2: Medium (yellow): “May impact public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.”
  • Level 3: High (orange): “Likely to result in demonstrable impact to public health or safety, economic security, foreign relations, civil liberties, or public confidence.”
  • Level 4: Severe (red): “Likely to result in a significant impact to public health or safety, national security, foreign relations, or civil liberties.”
  • Level 5: Emergency (black): “Poses an imminent threat to the provision of wide-scale critical infrastructure services, national gov’t stability, or to the lives of U.S. persons.”

Lower-scale threats include minor nuisances, denial-of-service (DoS) attacks, digital defacement, or committing financial crimes. Medium-to-high scale threats involve stealing sensitive information, denying availability to a key system or service, and corrupting or destroying data. Severe and emergency threats include damaging computer or networking hardware and causing other physical consequences.

How will this affect the average business owner?

As of now, the effect on individual Americans, including business owners and executives, is most likely low. However, as the number of threats against U.S. businesses is only increasing, a more effective system of teamwork and cooperation between government agencies should result in a better and faster response to cyber threats affecting businesses in the near-future.

If you want to learn more about securing your cloud-based operations and protecting your business from cyber threats, contact CloudHesive at 800-860-2040 or contact us through our online form.

Related Blogs

  • On a blue background are the letters AI in white. Superimposed over this is a robotic face wrapped with a connectivity symbol. A word bubble says can I help you." alt="">
    How AI Chatbots are Changing the Call Center Game

    With Amazon Lex Chatbots and Contact Lens, you can create tomorrow’s customer experience today. Key Takeaways: AI chatbots are revolutionizing not just call centers, but the way customer service is...

    Learn More
  • Six office workers sit at computers on opposite sides of a table in a brightly lit office." alt="">
    4 Challenges of Managing WorkSpaces at Scale and How to Solve Them

    A skills gap in IT staff and rising employee costs make managed services the right choice Key Takeaways: Research says it takes a minimum of 10 dedicated full-time IT staff members to manage DaaS...

    Learn More
  • The customer call center in an AI world." alt="">
    How Artificial Intelligence Is Reinventing the Call Center

    Today’s most important AI call center trends – is your call center ready for them?  Key Takeaways:  Learn how to improve customer service operations using automation while still providing...

    Learn More