Channeling George W. Bush’s infamous Homeland Security Advisory System, the Obama Administration in its final days has bizarrely launched a color coded “Cyber Incident Severity Schema” as part of a new Presidential Policy Directive on United States Cyber Incident Coordination.

The new policy is aimed at establishing clear principles that will govern the Federal Government’s activities in cyber incident response by being able to differentiate between significant cyber incidents and steady-state incidents.

Categorizing the Government’s activities into specific lines of effort and designating a lead agency for each line of effort is said to unify Government responses to attacks, while creating mechanisms to coordinate overall response, including a Cyber Unified Coordination Group that will respond to incidents in a similar way to incidents with physical effects, complete with enhanced coordination procedures.

In the event of a significant cyber attack, as defined by the Government, the FBI, and the National Cyber Investigative Joint Task Force would take the lead in “threat response activities.”

One potentially positive note is that the policy states that Federal response activities will be conducted in a manner to facilitate restoration and recovery of an entity that has experienced a cyber incident, while “balancing investigative and national security requirements, public health and safety, and the need to return to normal operations as quickly as possible.”

Color codes

The Cyber Incident Severity Schema is divided into six levels running from 0 through 5, with 0 naturally being the lowest level.

Level 1 (green) and Level 2 (yellow) impacts cover attacks that are unlikely or may impact in public health and safety, national security, economic security, foreign relations, civil liberties or public confidence.

Level 3 (orange) and above are where things get serious until ultimately the Schema hits Level 5 (black) where a hack is said to pose an imminent threat to all and sundry; only a Level 3 or above attack will trigger a coordination effort to address the threat.

“While the vast majority of cyber incidents can be handled through existing policies, certain cyber incidents that have significant impacts on an entity, our national security, or the broader economy require a unique approach to response efforts,” the Administration said in a statement. “These significant cyber incidents demand unity of effort within the Federal Government and especially close coordination between the public and private sectors.”

The release of the policy comes less than a week after Wikileaks released nearly 20,000 emails obtained from the Democratic National Committee in a hack blamed by the party, and President Obama himself, as being undertaken by the Russian Government on behalf of Republican Presidential candidate Donald Trump.

Image credit: 75662964@N00/Flickr/CC by 2.0