likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.In those cases, the directive sets up a hierarchy of entities, from a permanent Cyber Response Group under the National Security Council to an incident-specific Cyber Unified Coordination Group. This seems like a reasonable bureaucratic approach.
The directive also names federal lead agencies for particular response efforts. "Threat response activities" are under the Department of Justice to conduct law enforcement and nati0onal security Asset response activities" such as technical assistance, information sharing, and mitigation are assigned to the Department of Homeland Security. Intelligence activities fall under the Office of the Director of National Intelligence.
What strikes me as significant is the non-mention of the Department of Defense. It has its own cyber responsibilities, but it's notable that the administration is carving out a separate civilian structure for threats to civilian entities.