WASHINGTON – Despite the Obama administration’s creation of an updated “Cyber Incident Coordination” framework to deal with cyber threats, President Obama’s cybersecurity advisor predicted that the White House would “almost undoubtedly discover we did not get some things entirely right.”
“The other thing that is true on the federal side is that no one agency has all of the expertise we need to bring to bear, and so we actually very deliberately made the choice that we could not simply say one particular agency was in charge of cyber incident response, that we needed the capacity and capability across all agencies in those different lines of effort, so that’s why we divided the work very carefully into those lines of effort and put a lead coordinating agency in charge of those lines of effort,” Michael Daniel, special assistant to the president and cybersecurity coordinator at the White House, said at a cyber coordination discussion at the U.S. Chamber of Commerce in Washington.
“But we didn’t try to merge all of those lines of effort into one place. Now, I am also the first one, some members my of staff are here and they know one of my frequent sayings is no plan ever survives first contact with the enemy, and so I am very well aware that we will almost undoubtedly discover we did not get some things entirely right in how we did the layout,” he added.
To make up for likely not getting everything right with the plan, the White House built in timelines for updates to the “policies and procedures that will flow” from the “Presidential Policy Directive (PPD).”
“I believe we’ve created a framework that will stand the test of time, but the underlying CONOPS [Concept of Operations] and other documents underneath it — those will have to be updated as we learn things,” Daniel said.
“None of the incidents we’ve dealt with that ended up treated as significant cyber incidents have been exactly the same. If you told me when I was interviewing for this job that I would have to brief the president on a foreign nation state attacking a U.S. entertainment company because of a comedy I would have told you you were crazy — but that’s exactly what I had to do because the circumstances demanded it.”
Daniel said the cyber incident coordination plan outlined in the PPD on July 26 would evolve over time.
“I’m sure the bad guys will test our level of creativity because that’s just kind of the nature of cyberspace, and I think we will try to continue learning from the significant and not significant incidents that we face and incorporate those lessons learned just like we do in the physical world with natural disasters and just like we do with our counterterrorism response,” he said.
Last summer, Chinese hackers stole the personal information of more than 18 million federal employees. Daniel was asked if the hacking activity from China has gone or up or down since the federal government hack, but he declined to provide specifics.
“There’s no question the relationship we have with China is one of the most important. You’ve heard the president say that. It’s also one of the most complex that we have with any other country and there are plenty of areas of tension and disagreement. There are also areas where we cooperate and all of that is within a very large geopolitical context that you can never escape,” he said.
“But we did reach some historical commitments last September between the U.S. and China and we have been focused on implementing those commitments. I believe we have seen some shift in behavior but that’s something we, and other folks besides me, haven’t talked about that in public, but I think it’s something we are committed to doing — to track and pay very close attention to.”
When asked to elaborate on his “shift in behavior” comment, Daniel replied, “Unfortunately that’s not something I can really be specific about. I think it’s just an area we continue to pay close attention to and that fully implementing the commitments is really important.”