The policy also resurrects something you might have forgotten about since President Bush Jr. left office: color-coded threat levels. A new Cyber Incident Severity Schema gives the government a sense of just how seriously an attack might threaten everything from national security to foreign relations and “public confidence.” If it’s determined to be a green- or yellow-level risk, it’s unlikely to do serious damage. There’s a very tangible concern if an attack is labeled orange or red, and you’d better hope that you never see a black-rated attack — that’s an “imminent threat” where lives and critical infrastructure are in danger.
Once everything falls into place, you won’t see too many conspicuous examples of the directive in action. Even the schema is meant more for internal use than alerting the public. However, you’ll know that it’s working if the feds spend less time scrambling to react to a cyberattack and more time setting things right, whether they’re upgrading defenses or helping victims.