White House officials have finally written out a plan to deal with future cyber-attacks and other hacks that could negatively affect the US homeland or its interests.
The new guidelines, which were released earlier this week, detail how the government will gauge the severity of cyber attacks, who's in charge of orchestrating a response, and how urgently the issue needs addressing – a list of protocols that many claim should have been on the books years ago.
"We are in the midst of a revolution of the cyber threat – one that is growing more persistent, more diverse, more frequent and more dangerous every day," homeland security adviser Lisa Monaco said at a conference.
The newly detailed plan, which comes at a time when the Democratic National Committee is still struggling to deal with a recent leak of more than 20,000 emails, sets a severity level for potential cyber attacks.
The scale ranges from a level zero – something inconsequential – to level five – a full-blown emergency that has the possibility to impact critical systems like the power grid, reports Ellen Nakashima for The Washington Post.
This scale works by evaluating what the intended consequences of the attack are. For example, if the attack is simply supposed to be a nuisance, like a DoS attack, which temporarily knocks servers offline by flooding them with packets, it gets a low rating because – in the grand scheme of things – it doesn’t impact the public.
On the other hand, an attack that can cause physical consequences, such as the power grid getting shut down or physical hardware being destroyed, the attack is rated much higher.
Once the threat is evaluated, most likely by the person who discovered the breach, the plan details who should be notified immediately and what steps should be taken.
The one thing the White House doesn’t say is how the government will respond to these attacks, especially those conducted by sovereign nations.
It’s important to note, though, that despite cyber-attacks becoming more and more common as technology advances and people gain a better understanding of how to use it for ill, there hasn’t been a level five attack on the US government to date.
"There has been no known incident that would be considered a Level Five ... The suspected Russian cyber attack on Ukraine’s electric grid in December that caused widespread power outages probably would have been a Level Four - a 'severe' event that likely would result in 'significant' harm to public safety or national security," The Washington Post reports.
Even so, it’s always good to have a plan on paper for if – or when – an attack might happen. After all, attacks are only getting crazier and crazier as time goes on.
Back in June, hackers from Israel found a way to comb through personal computer data by simply listening to the sound of a machine’s internal fan, meaning that even an 'air gap' isn’t enough protection anymore. Neither is airplane mode.
You can check out a breakdown of the White House’s new guidelines below: