This publication is from the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) Industrial Control System Cyber Emergency Response Team. "This directive, PPD- 41 [Presidential Policy Directive] and an accompanying annex, identify the 'principles governing the Federal Government's response to any cyber incident, whether involving government or private sector entities.' PPD-41 further delineates between cyber incidents and significant cyber incidents, with a significant incident being 'likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.' The PPD lays out five principles for incident response through three concurrent lines of effort. The five principles include 1) shared responsibility, 2) risk-based response, 3) respecting affected entities, 4) unity of governmental effort, and 5) enabling restoration and recovery. The three lines of effort are 1) threat response, 2) asset response, 3) and intelligence support and related activities. When a federal agency is the affected entity, it will follow a fourth line of effort 'to manage the effects of the cyber incident on its operations, customers, and workforce.'"
Department of Homeland of Security Industrial Control Systems Cyber Emergency Response Team: https://ics-cert.us-cert.gov/