As stated in PPD-21, Federal departments and agencies provide timely information to the Secretary of Homeland Security and the national critical infrastructure centers necessary to support cross-sector analysis and inform the situational awareness capability for critical infrastructure; the centers in turn share the information back with the appropriate critical infrastructure partners.

Federal departments and agencies that are not designated as SSAs, but have unique responsibilities, functions, or expertise in a particular critical infrastructure sector (such as GCC members) assist in identifying and assessing high-consequence critical infrastructure and collaborate with relevant partners to share security and resilience-related information within the sector, as appropriate.

Presidential Policy Directive 41 (PPD-41) establishes a coordination structure in order to facilitate a more unified response for handling significant cyber incidents.

• National Policy Level Coordination
• Operational Level Coordination
• Sector Coordination

In the event of a significant cyber incident, Federal lead agency responsibilities are identified as follows for coordination:

• Threat Response - The Department of Justice, acting through the Federal Bureau of Investigation and the National Cyber Investigative Joint Task Force, will serve as the lead Federal agency for threat response.
• Asset Response - DHS, acting through the National Cybersecurity and Communications Integration Center (NCCIC), will serve as the lead Federal agency for asset response activities.
• Intelligence Support - The office of the Director of National Intelligence, through the Cyber Threat Intelligence Integration Center, will serve as the lead Federal agency for intelligence support and related activities.

More information on capabilities of partners is provided in Appendix B of the NIPP