Galaxy Z Flip 4 Preorder Quest 2: Still the Best Student Internet Discounts Best 55-Inch TV Galaxy Z Fold 4 Preorder Nintendo Switch OLED Review Foldable iPhone? 41% Off 43-Inch Amazon Fire TV
Want CNET to notify you of price drops and the latest stories?
No, thank you

Obama: FBI to lead cyber incident response

The president puts the federal agency in charge of government responses to major hacks in a new policy directive.

WASHINGTON, DC - AUGUST 20: The exterior of the J. Edgar Hoover Building, which is the headquarters of the FBI is seen on Thursday August 20, 2015 in Washington, DC. The agency is looking for a new location for their headquarters. (Photo by Matt McClain/The Washington Post via Getty Images)
Matt McClain, The Washington Post/Getty Images

Who's in charge of responding to "cyber incidents" in the US? As of today, it's the Federal Bureau of Investigation.

President Barack Obama outlined a new policy for responding to cyberattacks on both the government and US industry on Tuesday, making the FBI the lead agency regardless of where the attack seems to be coming from. The federal agency will coordinate responses to attacks even if it turns out they're coming from foreign hackers, including foreign governments.

"[C]ertain cyber incidents that have significant impacts on an entity, our national security, or the broader economy require a unique approach to response efforts," Obama wrote in the policy directive released Tuesday.

The announcement comes as the FBI launches an investigation into who hacked the Democratic National Committee and reportedly leaked sensitive emails from Democratic Party leaders to WikiLeaks. It also comes as the government and private industry grapple with whether the US should retaliate against hacking attacks.

The policy doesn't touch on how the FBI might interact with the US military. The US Cyber Command, run by the director of the NSA, is in charge of carrying out military cyberattacks for the US as well as securing military networks and information.

According to a fact sheet released with the policy directive Tuesday, the new approach is meant to focus on "significant" incidents, which could likely "result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people."