President Obama issued a Presidential Policy Directive (PPD) on cyber incident coordination last month. The PPD identifies federal agencies to lead specific aspects of incident response in the event of a significant cyber incident. The federal government has responded to several significant cyber incidents over the past few years. This PPD builds upon lessons learned from responding to those incidents, as well as the federal governments experience in all types of disaster response (hurricanes, bombings, etc. etc.) The lead federal agency responsible for asset response is the Department of Homeland Security.”]
Source: https://www.csoonline.com/article/3114241/cyber-incident-response-who-does-what.html