*Administration of Barack Obama, 2016 *

**Directive on United States Cyber Incident Coordination **

*July 26, 2016 *

Presidential Policy Directive/PPD–41

*Subject:* United States Cyber Incident Coordination

The advent of networked technology has spurred innovation, cultivated knowledge, encouraged free expression, and increased the Nation's economic prosperity. However, the same infrastructure that enables these benefits is vulnerable to malicious activity, malfunction, human error, and acts of nature, placing the Nation and its people at risk. Cyber incidents are a fact of contemporary life, and significant cyber incidents are occurring with increasing frequency, impacting public and private infrastructure located in the United States and abroad.

United States preparedness efforts have positioned the Nation to manage a broad range of threats and hazards effectively. Every day, Federal law enforcement and those agencies responsible for network defense in the United States manage, respond to, and investigate cyber incidents in order to ensure the security of our information and communications infrastructure. The private sector and government agencies have a shared vital interest in protecting the Nation from malicious cyber activity and managing cyber incidents and their consequences. The nature of cyberspace requires individuals, organizations, and the government to all play roles in incident response. Furthermore, effective incident response efforts will help support an open, interoperable, secure, and reliable information and communications infrastructure that promotes trade and commerce, strengthens international security, fosters free expression, and reinforces the privacy and security of our citizens.

While the vast majority of cyber incidents can be handled through existing policies, certain cyber incidents that have significant impacts on an entity, our national security, or the broader economy require a unique approach to response efforts. These significant cyber incidents demand unity of effort within the Federal Government and especially close coordination between the public and private sectors.

*I. Scope *

This Presidential Policy Directive (PPD) sets forth principles governing the Federal Government's response to any cyber incident, whether involving government or private sector entities. For significant cyber incidents, this PPD also establishes lead Federal agencies and an architecture for coordinating the broader Federal Government response. This PPD also requires the Departments of Justice and Homeland Security to maintain updated contact information for public use to assist entities affected by cyber incidents in reporting those incidents to the proper authorities.

*II. Definitions *

*III. Principles Guiding Incident Response *

In carrying out incident response activities for any cyber incident, the Federal Government will be guided by the following principles:

*IV. Concurrent Lines of Effort *

In responding to any cyber incident, Federal agencies shall undertake three concurrent lines of effort: threat response; asset response; and intelligence support and related activities. In addition, when a Federal agency is an affected entity, it shall undertake a fourth concurrent line of effort to manage the effects of the cyber incident on its operations, customers, and workforce.

Threat and asset responders will share some responsibilities and activities, which may include communicating with affected entities to understand the nature of the cyber incident; providing guidance to affected entities on available Federal resources and capabilities; promptly disseminating through appropriate channels intelligence and information learned in the course of the response; and facilitating information sharing and operational coordination with other Federal Government entities.

When a cyber incident affects a private entity, the Federal Government typically will not play a role in this line of effort, but it will remain cognizant of the affected entity's response activities, consistent with the principles above and in coordination with the affected entity. The relevant sector-specific agency (SSA) will generally coordinate the Federal Government's efforts to understand the potential business or operational impact of a cyber incident on private sector critical infrastructure.

*V. Architecture of Federal Government Response Coordination for Significant Cyber Incidents [Additional details regarding the Federal Government’s coordination architecture for significant cyber incidents are contained in an annex to this PPD.] *

In order to respond effectively to significant cyber incidents, the Federal Government will coordinate its activities in three ways:

*VI. Unified Public Communications *

The Departments of Homeland Security and Justice shall maintain and update as necessary a fact sheet outlining how private individuals and organizations can contact relevant Federal agencies about a cyber incident.

*VII. Relationship to Existing Policy *

Nothing in this directive alters, supersedes, or limits the authorities of Federal agencies to carry out their functions and duties consistent with applicable legal authorities and other Presidential guidance and directives. This directive generally relies on and furthers the implementation of existing policies and explains how United States cyber incident response structures interact with those existing policies. In particular, this policy complements and builds upon PPD–8 on National Preparedness of March 30, 2011. By integrating cyber and traditional preparedness efforts, the Nation will be ready to manage incidents that include both cyber and physical effects.

BARACK OBAMA NOTE: An original was not available for verification of the content of this directive.

*Categories:* Directives : U.S. cyber incident coordination :: Policy directive*.*

*Subjects:* Civil rights : Privacy; Defense and national security : Cybersecurity :: Cyber attacks; Defense and national security : Cybersecurity :: Strengthening efforts; Defense and national security : Intelligence; Homeland Security, Department of : Secretary; Intelligence, Office of the Director of National; Justice, Department of : Bureau of Investigation, Federal.

*DCPD Number:* DCPD201600495.