What you Need to Know About IDI and Why

Posted on August 5, 2016August 5, 2016 by Denise Simon

This Company Has Built a Profile on Every American Adult

Every move you make. Every click you take. Every game you play. Every place you stay. They’ll be watching you.

Bloomberg: Forget telephoto lenses and fake mustaches: The most important tools for America’s 35,000 private investigators are database subscription services. For more than a decade, professional snoops have been able to search troves of public and nonpublic records—known addresses, DMV records, photographs of a person’s car—and condense them into comprehensive reports costing as little as $10. Now they can combine that information with the kinds of things marketers know about you, such as which politicians you donate to, what you spend on groceries, and whether it’s weird that you ate in last night, to create a portrait of your life and predict your behavior.

IDI, a year-old company in the so-called data-fusion business, is the first to centralize and weaponize all that information for its customers. The Boca Raton, Fla., company’s database service, idiCORE, combines public records with purchasing, demographic, and behavioral data. Chief Executive Officer Derek Dubner says the system isn’t waiting for requests from clients—it’s already built a profile on every American adult, including young people who wouldn’t be swept up in conventional databases, which only index transactions. “We have data on that 21-year-old who’s living at home with mom and dad,” he says.

Dubner declined to provide a demo of idiCORE or furnish the company’s report on me. But he says these personal profiles include all known addresses, phone numbers, and e-mail addresses; every piece of property ever bought or sold, plus related mortgages; past and present vehicles owned; criminal citations, from speeding tickets on up; voter registration; hunting permits; and names and phone numbers of neighbors. The reports also include photos of cars taken by private companies using automated license plate readers—billions of snapshots tagged with GPS coordinates and time stamps to help PIs surveil people or bust alibis.

IDI also runs two coupon websites, allamericansavings.com and samplesandsavings.com, that collect purchasing and behavioral data. When I signed up for the latter, I was asked for my e-mail address, birthday, and home address, information that could easily link me with my idiCORE profile. The site also asked if I suffered from arthritis, asthma, diabetes, or depression, ostensibly to help tailor its discounts.

Users and industry analysts say the addition of purchasing and behavioral data to conventional data fusion outmatches rival systems in terms of capabilities—and creepiness. “The cloud never forgets, and imperfect pictures of you composed from your data profile are carefully filled in over time,” says Roger Kay, president of Endpoint Technologies Associates, a consulting firm. “We’re like bugs in amber, completely trapped in the web of our own data.”

When logging in to IDI and similar databases, a PI must select a permissible use for a search under U.S. privacy laws. The Federal Trade Commission oversees the industry, but PI companies are largely expected to police themselves, because a midsize outfit may run thousands of searches a month.

Dubner says most Americans have little to fear. As examples, he cites idiCORE uses such as locating a missing person and nabbing a fraud or terrorism suspect.

IDI, like much of the data-fusion industry, traces its lineage to Hank Asher, a former cocaine smuggler and self-taught programmer who began fusing sets of public data from state and federal governments in the early 1990s. After Sept. 11, law enforcement’s interest in commercial databases grew, and more money and data began raining down, says Julia Angwin, a reporter who wrote about the industry in her 2014 book, Dragnet Nation.

Asher died suddenly in 2013, leaving behind his company, the Last One (TLO), which credit bureau TransUnion bought in bankruptcy for $154 million. Asher’s disciples, including Dubner, left TLO and eventually teamed up with Michael Brauser, a former business partner of Asher’s, and billionaire health-care investor Phillip Frost. In May 2015, after a flurry of purchases and mergers, the group rebranded its database venture as IDI.

Besides pitching its databases to big-name PIs (Kroll, Control Risks), law firms, debt collectors, and government agencies, IDI says it’s also targeting consumer marketers. The 200-employee company had revenue of about $40 million in its most recent quarter and says 2,800 users signed up for idiCORE in the first month after its May release. It declined to provide more recent figures. The company’s data sets are growing, too. In December, Frost helped underwrite IDI’s $100 million acquisition of marketing profiler Fluent, which says it has 120 million profiles of U.S. consumers. In June, IDI bought ad platform Q Interactive for a reported $21 million in stock.

IDI may need Frost’s deep pockets for a while. The PI industry’s three favorite databases are owned by TransUnion and media giants Reed Elsevier and Thomson Reuters. “There’s no shortage,” says Chuck McLaughlin, chairman of the board of the World Association of Detectives, which has about 1,000 members. “The longer you’re in business, the more data you have, the better results.” He uses TLO and Tracers Information Specialists.

Steve Rambam, a PI who hosts Nowhere to Hide on the Investigation Discovery channel, says marketing data remains a niche monitoring tool compared with social media, but its power can be unparalleled. “You may not know what you do on a regular basis, but I know,” Rambam says. “I know it’s Thursday, you haven’t eaten Chinese food in two weeks, and I know you’re due.”

Wait…there is another problem you don’t know about.

Comcast Lobbies To Charge Customers More To Protect Their Online Privacy

Internet providers are still hashing out issues with the FCC. In particular, Comcast is currently defend its “pay-for-privacy” model to the FCC [PDF]. Comcast has even contended that “the FCC has no authority to prohibit or limit these types of programs.”

So what exactly is the “pay-for-privacy” system? Essentially, companies like Comcast offers discounts to customers in exchange for allowing ISP’s to use their data. Comcast then floods these customers with various behaviorally-targeted ads. Customers who prefer privacy over pricing are charged a premium.

image: http://hothardware.com/ContentImages/NewsItem/38236/content/small_comcast_office.jpg

Several weeks ago a number of lawmakers urged the FCC to ban the “pay-for-privacy” system. They argued that this pricing pyramid is particularly harmful to elderly customers who do not necessarily understand how ISP’s work and low-income customers who cannot afford to pay the privacy premium. Members of Congress noted that Comcast’s policies are “counter to our nation’s core principle that all Americans have a fundamental right to privacy.”

Comcast argued that the “pay-for-privacy” model actually benefits elderly and low-income customers. They insisted that its “prohibition would harm consumers by, among other things, depriving them of lower-priced offerings.” They noted that this system is commonly used throughout the United States economy.

image: http://hothardware.com/ContentImages/NewsItem/38236/content/small_fcc.jpg

Comcast also argued that its ensures “through contractual provisions that vendors who handle customer-related data have strong measures in place to protect that customer-related data, and that the vendors are prohibited from using that data for any purposes other than as directed by Comcast.”

The company concurs that opt-in agreements should be required when dealing with sensitive information. This kind of information would include financial, health, and children’s information, Social Security numbers, and precise geo-location information. All other information, however, would be subject to opt-out or, in most instances, “implied” consent. The FCC is currently considering privacy rules that would require broadband providers to obtain consumers’ opt-in consent regardless of whether the information was sensitive or not. Hat tip to HotHardware

IRS Targeting Case Advances, Court Reverses Lower Decision

Posted on August 5, 2016August 5, 2016 by Denise Simon

CONCLUSION

For the reasons set forth above, we affirm the district

court’s dismissal of appellants’ Bivens actions and statutory

claims, but reverse the district court’s dismissal of the actions

for injunctive and declaratory relief and remand for further

proceedings consistent with this opinion.

****

United States Court of Appeals

FOR THE DISTRICT OF COLUMBIA CIRCUIT

Argued April 14, 2016 Decided August 5, 2016

No. 14-5316

TRUE THE VOTE, INC.,

APPELLANT

INTERNAL REVENUE SERVICE, ET AL.,

APPELLEES

Appeal from the United States District Court

*****

Appellants appeal from judgments of the district court

dismissing some of their claims under Rule 12(b)(6) for failure

to state a claim for relief, and others under Rule 12(b)(1) for

lack of jurisdiction, by reason of mootness. See True the Vote,

Inc. v. IRS, 71 F. Supp. 3d 219 (D.D.C. 2014); Linchpins of

Liberty v. United States, 71 F. Supp. 3d 236 (D.D.C. 2014).

Each of the above-named appellants together with numerous coplaintiffs

in the Linchpins of Liberty litigation, filed applications

with the Internal Revenue Service for recognition of tax

exemption as charitable or educational organizations pursuant to

26 U.S.C. § 501(c)(3), (4). As to what happened thereafter, we

construe the complaints in the light most favorable to the

plaintiffs, see Missel v. DHSS, 760 F.3d 1, 4 (D.C. Cir. 2014),

although there is very little factual dispute between the parties

as to the conduct committed by the IRS.

Instead of processing these applications in the normal

course of IRS business, as would have been the case with other

taxpayers, the IRS selected out these applicants for more

rigorous review on the basis of their names, which were in each

instance indicative of a conservative or anti-Administration

orientation, as we will set out in more detail below, and as was

admitted by the Department of Treasury in the 2013 report of

the Treasury Inspector General for Tax Administration

(TIGTA).

The appellants before us, plaintiffs below, are applicants

who were afforded this unequal treatment. They brought the

present actions against the IRS and several of its individual

employees, seeking money damages by way of relief under

Bivens v. Six Unknown Named Agents of Fed. Bureau of

Narcotics, 403 U.S. 388 (1971), and equitable relief by way of

injunction and declaratory judgment. Additionally, the

complaints alleged that the IRS invaded the plaintiffs’ statutory

rights by violating 26 U.S.C. § 6103, by conducting

unauthorized inspection and/or disclosure of tax return

information from their applications and the other information

improperly obtained from them. Read the full decision here.

Edward Snowden has Gone Hollywood

Posted on August 5, 2016August 5, 2016 by Denise Simon

The U.S. v. Edward Snowden criminal complaint is under seal but the cover is here.

New Snowden Movie Depicts Traitor as Hero; Profiting from His Treason May Violate Law

JudicialWatch: The upcoming Hollywood movie about traitor Edward Snowden—criminally charged by the U.S. government under the Espionage Act—portrays the National Security Agency (NSA) subcontractor who leaked top secret information as a courageous patriot. Nothing surprising there considering the film’s Academy award-winning director, Oliver Stone, referred to Snowden as a “hero”back in 2013 when he fled to Moscow to avoid prosecution after betraying his country. Snowden’s illegal disclosures have helped terrorist groups like Al Qaeda and led to the death of innocent people. Last year Snowden began openly engaging with ISIS and Al Qaeda members and supporters via social media.

Buzzfeed

“Snowden has done incalculable damage to the NSA and, in the process, to American national security,” according to University of Virginia Law School Professor Robert F. Turner, who specializes in national security issues and served as Counsel to the President’s Intelligence Oversight Board at the White House. “Officials in position to know said good people have already lost their lives thanks to Snowden. Countless more are likely to lose theirs now that our enemies know our most closely guarded sources and methods of communications intelligence collection.” Turner adds that Snowden is hailed as a hero and “whistleblower” by those who are clueless to the devastation he’s done. “When all of the smoke clears, it may very well be proven that Snowden is the most injurious traitor in American history.”

This would make it illegal to profit from his crimes and the Department of Justice (DOJ) should confiscate all money made by the violators. Snowden is no whistleblower. In fact he violated his secrecy agreement, which means he and his conspirators can’t materially profit from his fugitive status, violation of law, aiding and abetting of a crime and providing material support to terrorism. It’s bad enough that people are profiting from Snowden’s treason, but adding salt to the wound, the Obama administration is doing nothing about it. Judicial Watch has launched an investigation and is using the Freedom of Information Act (FOIA) to obtain records. True whistleblowers and law-abiding intelligence officers such as Lt. Colonel Anthony Shaffer, FBI Special Agent Robert G. Wright and Valerie Plame got release authority in accordance with their secrecy agreement and did not seek money or flee to Russia. A federal appellate court has ruled that government employees, such as Snowden, who signed privacy agreements can’t profit from disclosing information without first obtaining agency approval. The case involved a CIA agent (Frank Snepp) who violated his agreement with the agency by publishing a book. A federal court denied Snepp royalties from his book and an appellate court upheld the ruling, reiterating that the disgraced agent breached the “constructive trust” between him and the government.

Furthermore, Snowden, Stone and the producers of a 2014 Oscar-winning Snowden film titled “Citizenfour” may be in violation of the Anti-Terrorism Act (ATA), which forbids providing material support or resources for acts of international terrorism. Many deep-pocketed institutions have been sued under the law for providing terrorist organizations or affiliates resources that assisted in the commission of terrorist acts. Just last month the families of victims killed and injured by Hamas filed a $1 billion lawsuit against Facebook under ATA for providing the terrorist group with material support by letting it use its services to help carry out attacks. A number of banks have also been sued under the law for financing terrorist activities, albeit unknowingly.

Both Stone and “Citizenfour” director Laura Poitras had clandestine meetings abroad with Snowden. Stone told a Hollywood trade publication he met Snowden in Russia and that he moved production overseas because filming in the U.S. was too risky. “We didn’t know what the NSA might do, so we ended up in Munich, which was a beautiful experience,” Stone said. Poitras actually collaborated with Snowden’s defection to China then Russia and had email communication with him before he committed his crimes so she had foreknowledge. This is all included in her documentary. On May 20, 2013 Snowden flew to Hong Kong to meet with British journalists and Poitras. He gave them thousands of classified documents and Poitras became known as the woman who helped Snowden spill his secrets, or rather commit treason. When Citizenfour won the 2015 Academy Award, Poitras was joined by Snowden’s girlfriend during her acceptance speech at the Dolby Theater in Hollywood, California. “The disclosures that Edward Snowden revealed don’t only expose a threat to our privacy but to our democracy itself,” Poitras said in her acceptance speech. “Thank you to Edward Snowden for his courage and for the many other whistleblowers.”

Snowden remains a fugitive from U.S. law protected by Russia. On June 14, 2013, federal prosecutors charged him with “theft of government Property,” “unauthorized communication of national defense information” and “willful communication of classified communications intelligence information to an unauthorized person.” Al Qaeda keeps using information leaked by Snowden to help its fighters evade surveillance technology, according to a British newspaper report. “The terrorist group has issued new video guidance based on what they have learnt about Western spying methods from the Snowden disclosures which have been made public on the internet,” the article states. “The move confirms the worst fears of British and American intelligence chiefs who warned that Snowden’s betrayal would play into the hands of the terrorists. The video even uses footage of news reports of the Snowden leak, highlighting how ‘NSA is tracking millions of phones.’”

There is Video of the $400 Million to Iran

Posted on August 5, 2016August 5, 2016 by Denise Simon

But Trump was telling a fib when he said he saw it…he has not had any intelligence briefings yet and likely will not until the end of August. Meanwhile, the Iranians are going at the United States with all propaganda they can muster. John Kerry and the White House not only look like fools, they ARE fools.

Another question for those investigative journalist: Were the 7 Iranian spies that also included in this transaction on that same plane as the money?

Other facts:

The United States is buying 32 metric tons of Iranian heavy water, a key component for one kind of nuclear reactor, The Associated Press reported.

The purpose of the transaction is to help Iran meet the terms of last year’s nuclear deal under which it agreed to curb its atomic program in exchange for billions of dollars in sanctions relief, according to the news agency.

The State and Energy departments said a sales agreement would be signed Friday in Vienna by officials from the six countries that negotiated the nuclear deal.

The agreement calls for the Energy Department’s Isotope Program to purchase the heavy water from a subsidiary of the UN atomic watchdog, for about $8.6 million, officials said. They added the heavy water will be stored at the Oak Ridge National Laboratory in Tennessee and then resold on the commercial market for research purposes. More here.

Another nefarious fact:

In late May, Russian Envoy to International Organizations Vladimir Voronkov said that Russian nuclear agency Rosatom was considering the possibility of buying Iranian heavy water.

“Steps are to be finalized for sale of 40 tons of heavy-water reactor to Russia and the deal will be signed in the very near future,” Salehi said, as quoted by the IRNA news agency.

According to Salehi, deputy head of the organization Behrouz Kamalvandi may in the near future visit Moscow to discuss concluding the issue with the Russian side. There is also an option that a Russian delegation will arrive in Iran, he said.

According to the nuclear deal agreed last year, Iran must store no more than 130 tons of heavy water during the first year after signing the agreement. More here.

*****

The footage, which could not be independently verified, shows images of large stacks of hard currency and features claims that the Obama administration sent this money over as part of an effort to free several U.S. hostages. The White House vehemently denied these claims this week following new reports about the cash exchange.

BBC Persian reporter Hadi Nili posted the footage on Twitter, describing it as showing the “pallets of cash” and quoting officials as saying “this was just part of the ‘expensive price’ to release Americans.” More here from FreeBeacon.

Could Trump have been right? Propaganda film suggests Iran DID videotape cash-drop plane and photograph shipment of cash during January prisoner swap

February documentary that aired on Iranian state-run TV shows nighttime flight, pallet of cash matching prisoner-swap scenario reported this week
Donald Trump claimed three times this week that he had seen similar footage and that Iran had filmed the cash transfer to embarrass America
He walked back that claim Friday morning, saying he had only seen archival footage of a different plane delivering hostages safely to Geneva
He may have been right without knowing it: Propaganda broadcast shows the images and boasts the deal was great for Iran but terrible for the U.S.

DailyMail: Iranian state-run media in Tehran did indeed videotape the arrival of a January 17 flight carrying $400 million in cash from the United States – and the money itself – judging from a documentary that aired the following month in the Islamic republic.

Republican presidential nominee Donald Trump has been in a firestorm of controversy since first claiming on Wednesday to have seen ‘secret’ footage of money being offloaded from an aircraft.

He admitted Friday morning on Twitter what his campaign had said more than a day earlier, that he had seen ordinary archival footage of a different plane, carrying American hostages freed from Iran arriving in Geneva Switzerland after the money changed hands.

But it turns out he may have been right without knowing it.

Iranian state television broadcast this image of a shipping pallet stacked with cash in February as part of a propaganda film framing a January U.S. prisoner swap as a victory for Tehran

The documentary described this plane as arriving in the dead of night with the money, exactly the scenario that Donald Trump was criticized for describing three times this week

The Iranian video was aired February 15 on the state-run Islamic Republic of Iran Broadcasting television network, as part of a documentary called ‘Rules of the Game.’

A narrator, speaking in Persian, describes a money-for-hostages transaction over video clips of a plane on an airport tarmac in the dead of night and a photo of a giant shipping pallet stacked with what appear to be banknotes.

The federal government shipped what many are calling a ransom payment in Euros and other non-U.S. currencies.

The copy of the documentary footage DailyMail.com obtained is not of high enough quality to determine which nation’s banknotes are depicted.

None of the footage is stamped with a date or time, making it impossible to know when it was shot.

And the broadcaster blurred out one portion of the screen, covering up something resting on top of the mountain of money.

But the documentary begins with a narration saying: ‘In the early morning hours of January 17, 2016 at Mehrabad Airport, $400 million in cash was transported to Iran on an airplane.’

The film describes the Obama administration’s prisoner swap and Iran’s cash windfall from Tehran’s point of view as ‘a win-lose deal that benefits the Islamic Republic of Iran and hurts the United States,’ according to two English-language translations DailyMail.com obtained.

Trump fell on his sword Friday on Twitter, conceding that he was describing a different plan when he said there was footage of the cash drop – an assertion that turned out to be right

It outlines what Iran’s mullahs promoted at the time as a one-sided transaction loaded with perks for Tehran.

‘The Islamic republic made an expensive offer to the equation: the release of seven Iranian prisoners in the United States, $1.7 billion, and the lifting of sanctions against 16 Iranians who were prosecuted by the U.S. legal system with the unjust excuse of sanctions violations,’ the narrator intones.

‘But this was not all the Iranians’ demands. Lifting sanctions against Sepah Bank was added to Iran’s list. All of this, in return for the release of only four American citizens: a win-lose deal that benefits the Islamic Republic of Iran and hurts the United States.’

Among the four freed Americans were Washington Post journalist Jason Rezaian, pastor Saeed Abedini and U.S. Marine Amir Hekmati.

The Trump campaign did not immediately respond to a request for comment.

The White House was quick to insist on Thursday that the Obama administration had not paid for their release.

‘Let me be clear: The United States does not pay ransom, White House press secretary Josh Earnest said, questioning the motives of Republican who were ‘falsely accusing us of paying a ransom.

The propaganda film was shown a month after the January prisoner release in Iran but was unknown in the West until Friday. It described the swap as ‘a win-lose deal that benefits the Islamic Republic of Iran and hurts the United States’

New Color-coded Cyber Threats

Posted on August 4, 2016August 4, 2016 by Denise Simon

Remember when the Democrats and lobby groups ridiculed George W. Bush for using a color coded threat matrix? Carry on….

The White House now has a color-coded scale for cyber-security threat

TheVerge: As the Obama administration nears its final months, the White House has released a framework for handling cyberattacks. The Presidential Policy Directive on United States Cyber Incident Coordination builds on the action plan that Obama laid out earlier this year, and it’s intended to create a clear standard of when and how government agencies will handle incidents. It also comes with a new threat level scale, assigning specific colors and response levels to the danger of a hack.

The cyberattack severity scale is somewhat vague, but it’s supposed to make sure that the agencies involved in cybersecurity — the Department of Justice, Department of Homeland Security, and Office of the Director of National Intelligence — respond to threats with the same level of urgency and investment. A Level One incident is “unlikely to impact public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence,” while a red Level Four one is “likely to result in a significant impact to public health or safety, national security, economic security, foreign relations, or civil liberties.” One final designation — Level Five, or black — covers anything that “poses an imminent threat to the provision of wide-scale critical infrastructure services, national government stability, or to the lives of US persons.”

The upshot of this is that anything at Level Three or above will trigger a coordination effort to address the threat. In addition to the groups above, this effort will include the company, organization, or agency that was attacked.

Cybersecurity is a growing concern, and both Congress and the White House have spent the past several years pushing various frameworks for shoring it up. This includes a series of hotly debated bills that culminated in the Cyber Information Sharing Act, which has raised privacy questions as it’s been put into practice. At the same time, high-profile hacks have led to serious consequences for companies like Sony Pictures, Target, and Ashley Madison. Most recently, an unknown hacker or hackers — potentially linked to Russia — breached the Democratic National Committee’s servers, releasing large numbers of embarrassing documents and emails. This announcement doesn’t tell us exactly how the federal government will handle future cyberattacks, but along with everything else, it does signal that they’re becoming a more and more standard part of the security equation.

*****

From the White House FACT SHEET: Presidential Policy Directive

The PPD builds on these lessons and institutionalizes our cyber incident coordination efforts in numerous respects, including:

Establishing clear principles that will govern the Federal government’s activities in cyber incident response;

Differentiating between significant cyber incidents and steady-state incidents and applying the PPD’s guidance primarily to significant incidents;

Categorizing the government’s activities into specific lines of effort and designating a lead agency for each line of effort in the event of a significant cyber incident;

Creating mechanisms to coordinate the Federal government’s response to significant cyber incidents, including a Cyber Unified Coordination Group similar in concept to what is used for incidents with physical effects, and enhanced coordination procedures within individual agencies;

Applying these policies and procedures to incidents where a Federal department or agency is the victim; and,

Ensuring that our cyber response activities are consistent and integrated with broader national preparedness and incident response policies, such as those implemented through Presidential Policy Directive 8-National Preparedness, so that our response to a cyber incident can seamlessly integrate with actions taken to address physical consequences caused by malicious cyber activity.

We also are releasing today a cyber incident severity schema that establishes a common framework within the Federal government for evaluating and assessing the severity of cyber incidents and will help identify significant cyber incidents to which the PPD’s coordination procedures would apply.

Incident Response Principles

The PPD outlines five principles that will guide the Federal government during any cyber incident response:

Shared Responsibility – Individuals, the private sector, and government agencies have a shared vital interest and complementary roles and responsibilities in protecting the Nation from malicious cyber activity and managing cyber incidents and their consequences.

Risk-Based Response – The Federal government will determine its response actions and resource needs based on an assessment of the risks posed to an entity, national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.

Respecting Affected Entities – Federal government responders will safeguard details of the incident, as well as privacy and civil liberties, and sensitive private sector information.

Unity of Effort – Whichever Federal agency first becomes aware of a cyber incident will rapidly notify other relevant Federal agencies in order to facilitate a unified Federal response and ensure that the right combination of agencies responds to a particular incident.

Enabling Restoration and Recovery – Federal response activities will be conducted in a manner to facilitate restoration and recovery of an entity that has experienced a cyber incident, balancing investigative and national security requirements with the need to return to normal operations as quickly as possible.

Significant Cyber Incidents

While the Federal government will adhere to the five principles in responding to any cyber incident, the PPD’s policies and procedures are aimed at a particular class of cyber incident: significant cyber incidents. A significant cyber incident is one that either singularly or as part of a group of related incidents is likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.

When a cyber incident occurs, determining its potential severity is critical to ensuring the incident receives the appropriate level of attention. No two incidents are the same and, particularly at the initial stages, important information, including the nature of the perpetrator, may be unknown.

Therefore, as part of the process of developing the incident response policy, the Administration also developed a common schema for describing the severity of cyber incidents, which can include credible reporting of a cyber threat, observed malicious cyber activity, or both. The schema establishes a common framework for evaluating and assessing cyber incidents to ensure that all Federal departments and agencies have a common view of the severity of a given incident, the consequent urgency of response efforts, and the need for escalation to senior levels.

The schema describes a cyber incident’s severity from a national perspective, defining six levels, zero through five, in ascending order of severity. Each level describes the incident’s potential to affect public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence. An incident that ranks at a level 3 or above on this schema is considered “significant” and will trigger application of the PPD’s coordination mechanisms.

Lines of Effort and Lead Agencies

To establish accountability and enhance clarity, the PPD organizes Federal response activities into three lines of effort and establishes a Federal lead agency for each:

Threat response activities include the law enforcement and national security investigation of a cyber incident, including collecting evidence, linking related incidents, gathering intelligence, identifying opportunities for threat pursuit and disruption, and providing attribution.   The Department of Justice, acting through the Federal Bureau of Investigation (FBI) and the National Cyber Investigative Joint Task Force (NCIJTF), will be the Federal lead agency for threat response activities.

Asset response activities include providing technical assets and assistance to mitigate vulnerabilities and reducing the impact of the incident, identifying and assessing the risk posed to other entities and mitigating those risks, and providing guidance on how to leverage Federal resources and capabilities.   The Department of Homeland Security (DHS), acting through the National Cybersecurity and Communications Integration Center (NCCIC), will be the Federal lead agency for asset response activities. The PPD directs DHS to coordinate closely with the relevant Sector-Specific Agency, which will depend on what kind of organization is affected by the incident.

Intelligence Support and related activities include intelligence collection in support of investigative activities, and integrated analysis of threat trends and events to build situational awareness and to identify knowledge gaps, as well as the ability to degrade or mitigate adversary threat capabilities. The Office of the Director of National Intelligence, through the Cyber Threat Intelligence Integration Center, will be the Federal lead agency for intelligence support and related activities.

In addition to these lines of effort, a victim will undertake a wide variety of response activities in order to maintain business or operational continuity in the event of a cyber incident. We recognize that for the victim, these activities may well be the most important. Such efforts can include communications with customers and the workforce; engagement with stakeholders, regulators, or oversight bodies; and recovery and reconstitution efforts.   When a Federal agency is a victim of a significant cyber incident, that agency will be the lead for this fourth line of effort. In the case of a private victim, the Federal government typically will not play a role in this line of effort, but will remain cognizant of the victim’s response activities consistent with these principles and coordinate with the victim.

Coordination Architecture

In order to facilitate the more coordinated, integrated response demanded by significant cyber incidents, the PPD establishes a three-tiered coordination architecture for handling those incidents:

National Policy Level: The PPD institutionalizes the National Security Council-chaired interagency Cyber Response Group (CRG). The CRG will coordinate the development and implementation of United States Government policy and strategy with respect to significant cyber incidents affecting the United States or its interests abroad.

National Operational Level: The PPD directs agencies to take two actions at the national operational level in the event of a significant cyber incident.

Activate enhanced internal coordination procedures. The PPD instructs agencies that regularly participate in the Cyber Response Group to develop these procedures to ensure that they can surge effectively when confronted with an incident that exceeds their day-to-day operational capacity.

Create a Unified Coordination Group. In the event of a significant cyber incident, the PPD provides that the lead agencies for each line of effort, along with relevant Sector-Specific Agencies (SSAs), state, local, tribal and territorial governments, international counterparts, and private sector entities, will form a Cyber Unified Coordination Group (UCG) to coordinate response activities. The Cyber UCG shall coordinate the development, prioritization, and execution of cyber response efforts, facilitate rapid information sharing among UCG members, and coordinate communications with stakeholders, including the victim entity.

Field Level: The PPD directs the lead agencies for each line of effort to coordinate their interaction with each other and with the affected entity.

Integration with Existing Response Policy

The PPD also integrates U.S. cyber incident coordination policy with key aspects of existing Federal preparedness policy to ensure that the Nation will be ready to manage incidents that include both cyber and physical effects, such as a significant power outage resulting from malicious cyber activity. The PPD will be implemented by the Federal government consistent with existing preparedness and response efforts.

Implementation tasks

The PPD also directs several follow-on tasks in order to ensure its full implementation. In particular, it requires that the Administration develop and finalize the National Cyber Incident Response Plan – in coordination with State, Local, Territorial, and Tribal governments, the private sector, and the public – to further detail how the government will manage cyber incidents affecting critical infrastructure. It also directs DHS and DOJ to develop a concept of operations for how a Cyber UCG will operate and for the NSC to update the charter for the CRG.