Keep your expectations low if you are a private company calling the federal government for help after a cyber incident — at least that’s what two former Department of Homeland Security officials warn.
Speaking on a panel about private sector cybersecurity at the RSA conference in San Francisco, they said that while Presidential Policy Directive 41 and the National Cyber Incident Response Plan (NCIRP) outline roles and responsibilities for the federal government and private sector in the wake of a cyberattack, many companies still aren’t even sure of what agency to call after a breach.