White House releases new Cyber Incident Severity Schema
This week, the White House kept its foot on the proverbial cybersecurity gas pedal, releasing a new color-coded system of identifying and labeling cyber threats.
The brand new Cyber Incident Severity Schema puts forth a basis in which to evaluate and assess cyber incidents from within the Federal Government. In a similar vein to the color-coded National Terrorism Advisory System (NTAS) of the post-9/11 era, the new, colorful framework will work to both identify significant cyber incidents and attach relative severity to those incidents.
The Cyber Incident Severity Schema will serve to help determine the severity of individual cyber incidents, gauge what type of urgency should be attached to the incident, mold response efforts to the incident, and resolve what level of investment will be needed to complete response efforts.
The schema contains six levels, ranging from Level 0 to Level 5:
-- Level 0: An inconsequential event.
-- Level 1: A substantiated event that is unlikely to have an impact on public health or safety.
-- Level 2: An event that may impact on public health or safety.
-- Level 3: An event that is likely to result in a demonstrable impact to public health or safety.
-- Level 4: An event that is likely to result in a significant impact to public health or safety.
-- Level 5: An event that poses an imminent threat.
Note: These are summaries. See the official document for more details.
Commitment to cyber security
The Cyber Incident Severity Schema is the latest in a series of moves by the Federal Government that confirms a clear focus on protecting the U.S. from cyber threats.
The moves have been varied -- from committing to hiring thousands of cyber security professionals to creating and naming members of a a cybersecurity commission to extending the national emergency on cyber threats -- so it's difficult to see a clear plan. But all moves address the need to increase cyber security capabilities in the U.S. in the coming years.