The White House today approved a new presidential policy directive to better coordinate the federal government’s response to cyber incidents, clarifying the role of government when the private sector experiences a cyber attack.

This guidance was issued through a presidential policy directive numbered PPD-41. A policy directive is a form of executive order used in national security matters and is usually kept secret.

Homeland security adviser, Lisa Monaco, said the change was necessary because it’s not always clear whether those responsible for a hacking incident are other countries, terrorists or criminals.

This approach is embodied in the Cybersecurity National Action Plan, or CNAP, which was released in February, Monaco told a cybersecurity conference at Fordham University in New York Tuesday.

“The CNAP guides the actions we’re taking now and puts in place a long-term cybersecurity strategy—both within the federal government and across the country.  And it’s intended to serve as a roadmap not only for this Administration, but for how future presidents—and the country as a whole—can tackle our cyber challenges for years to come,” said Monaco.

Specifically, it directs the federal government to increase cybersecurity awareness, give Americans the tools to control their digital lives, and make wise cyber investments for the future.

This includes everything from expanding the government’s use of secure payment cards and launching a new website for victims of identity theft to investing in innovative IT systems and hiring more cybersecurity experts.

The new policy also directs federal agencies to assess their most vulnerable assets and wean themselves off of “outdated legacy systems” which are slow, inefficient and “impossible to secure.”

The directives will be implemented along three lines of effort:

  • The FBI will take the lead in coordinating the response to immediate threats in terrorism cases. This includes bringing the full range of law enforcement and national security investigative tools to bear—from collecting evidence and gathering intelligence to attributing attacks and bringing malicious cyber actors to justice.
  • The Department of Homeland Security will take the lead in coordinating help for organizations dealing with the impact of a cyber attack or intrusion and preventing the attack from spreading elsewhere.
  • The Office of the Director of National Intelligence, through CTIIC, will be responsible for integrating intelligence and analysis about threats and identifying opportunities to mitigate and disrupt them.

“We’re not going to wait for the next attack to hone these new procedures and capabilities.  Over the next few months, agencies will be incorporating the new guidance into exercises like Cyber Guard and Cyber Storm—the nation’s largest cyber exercises,” Monaco said.