Obama: FBI to lead cyber incident response

The president puts the federal agency in charge of government responses to major hacks in a new policy directive.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce | Amazon | Earned wage access | Online marketplaces | Direct to consumer | Unions | Labor and employment | Supply chain | Cybersecurity | Privacy | Stalkerware | Hacking Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
2 min read
Matt McClain, The Washington Post/Getty Images

Who's in charge of responding to "cyber incidents" in the US? As of today, it's the Federal Bureau of Investigation.

President Barack Obama outlined a new policy for responding to cyberattacks on both the government and US industry on Tuesday, making the FBI the lead agency regardless of where the attack seems to be coming from. The federal agency will coordinate responses to attacks even if it turns out they're coming from foreign hackers, including foreign governments.

"[C]ertain cyber incidents that have significant impacts on an entity, our national security, or the broader economy require a unique approach to response efforts," Obama wrote in the policy directive released Tuesday.

The announcement comes as the FBI launches an investigation into who hacked the Democratic National Committee and reportedly leaked sensitive emails from Democratic Party leaders to WikiLeaks. It also comes as the government and private industry grapple with whether the US should retaliate against hacking attacks.

The policy doesn't touch on how the FBI might interact with the US military. The US Cyber Command, run by the director of the NSA, is in charge of carrying out military cyberattacks for the US as well as securing military networks and information.

According to a fact sheet released with the policy directive Tuesday, the new approach is meant to focus on "significant" incidents, which could likely "result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people."