via Fierce Government IT
Guidance for government agencies on what constitutes a cyber event and who to call if an incident occurs remain unclear. What’s more, US CERT, the Homeland Security Department’s operational arm for responding to and defending against cyber attacks, doesn’t appear to have the answers.
“If anybody in this room can tell me where that threshold is [for qualifying a cyber event of national significance], then you’ll probably win the new Nobel Peace Prize for cybersecurity, because that is the toughest thing to define,” Randy Vickers, director of US CERT told GovSec conference attendees March 29 in Washington, D.C.
Even when a cyber incident is identified, who to contact is also unclear. US CERT is not an investigative or regulatory entity, said Vickers, and its primary role is to provide expertise and information sharing on cybersecurity.
“There’s been many a discussion and many questions of: Who in the government do we call as it relates to cybersecurity or a cyber event? I would love to sit here and say, ‘US CERT should be your first call.'” But, said Vickers, US CERT is not always the appropriate agency. “Whoever is called, we have to ensure that the middle section is coordinated and US CERT, from a cybersecurity and mitigation aspect, is that lead,” said Vickers.