Overview[edit | edit source]
The Cyber Unified Coordination Group (UCG) serves as the primary method for coordinating between and among Federal agencies in response to a significant cyber incident as well as for integrating private sector partners into incident response efforts, as appropriate.
A Cyber UCG is formed at the direction of the National Security Council (NSC) Principals Committee, Deputies Committee, or the Cyber Response Group (CRG), or when two or more Federal agencies that generally participate in the CRG, including relevant sector-specific agencies (SSAs), request its formation.
A Cyber UCG is also formed when a significant cyber incident affects critical infrastructure owners and operators identified by the Secretary of Homeland Security as owning or operating critical infrastructure for which a cyber incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security.
From Presidential Policy Directive 41 (PPD-41): United States Cyber Incident Coordination, a common schema for describing the severity of cyber incidents has been developed, which can include credible reporting of a cyber threat, observed malicious cyber activity, or both. The schema establishes a common framework for evaluating and assessing cyber incidents to ensure that all Federal departments and agencies have a common view of the severity of a given incident, the consequent urgency of response efforts, and the need for escalation to senior levels.
The schema describes a cyber incident's severity from a national perspective, defining six levels, zero through five, in ascending order of severity. Each level describes the incident's potential to affect public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence. An incident that ranks at a level 3 or above on this schema is considered "significant" and will trigger application of the PPD-41 UCG coordination mechanisms.