U.S. cyber incident directive follows DNC hack

U.S. cyber incident directive follows DNC hack

One wonders if it took social media to finally motivate the White House to act on cyber incidents.

The Democratic National Committee (DNC) was hacked, and the emails, many quite damning of the governance of the DNC, were released by WikiLeaks. Reports link the hack to the Russian government. Debbie Wasserman Schultz, head of the DNC, resigned—one in any number of political and government officials to fall on their swords after security breach exposés.

Then on Tuesday morning, President Barack Obama announced a U.S. Cyber Incident Coordination Directive. If the directive is actually followed, expect several agencies to drown in complaints, even though private citizen complaints aren’t included. Commercial and governmental complaints appear to be the only complaints covered by the directive.  

The drownings will come as the result of the fact that the U.S., in toto, has been effectively breached. If intruders can get to the DNC, the U.S. Office of Personnel Management (OPM), and the IRS, the banking system is in jeopardy, as well as that little website from which you make pocket money. 

The breadth of the directive is gruesomely huge. It follows another preparedness directive, called PPD-8 for National Preparedness, also with a national breadth.

Threat levels, in the form of a Cyber Incident Severity Schema, are used to code an emergency level, represented by colors ranging from Level 0 white (unsubstantiated or inconsequential) events through to Level 5 Black (emergency level).

It’s my belief that we’re at, and have been at, Level 3 Orange (High) for some time now, gauging the depth and breadth of penetration of private, commercial/industrial and government systems. 

I go to the BlackHat and DEFCON conferences next week. Maybe my opinion/professional rendering will change my opinion to Level 4 Red (severe). If the Russian government can drain the DNC, I suspect there is much more that it’s already done. For that reason, I suspect loud voices, much money spent and perhaps a small modicum of improvement. Maybe. Social media will be strong, there, as well.

Copyright © 2016 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022