DOD officials push back on civil cyber support critiques
- By Mark Pomerleau
- Apr 22, 2016
Pentagon officials pushed back Friday against criticisms levied against the Defense Department for the lack of clarity in its chain of command for domestic cyberattacks. “We know how to do it; we’re making sure that in the event that it happens we’re ready to execute,” Deputy Commander of Cyber Command Lt. Gen. James “Kevin” McLaughlin said.
In April the Government Accountability Office reported that DOD had not defined how it will support civilian authorities in the event of cyberattacks, identified roles or responsibilities that could be called upon during an incident or identified the role of the dual-status commander who has authority over both federal military and National Guard forces.
Senior staff from the Northern Command and the Cyber Command recently met in Colorado Springs “where we were actually putting meat on the bones” of a cybersecurity support framework, McLaughlin said at the April 22 AFCEA Defensive Cyber Operations Symposium. “We know how to do that as a department in the defense support to civil authorities framework. What’s being added to that is the cyber element.” He added that Cyber Command will be working in lockstep with civilian agencies such as Department of Homeland Security during emergencies.
McLaughlin also highlighted exercises the Cyber Command has orchestrated to plan for distinct cyber problems. Cyber Guard, the annual exercise aimed at building a whole-of-nation approach to defending networks, protecting infrastructure and sharing information, is one example of “a broad interagency exercise that’s usually the non-DOD scenario,” he said.
Any cybersecurity support coming from the Northern Command would have to be coordinated with DHS or the Federal Emergency Management Agency and the states that are affected, Rear Adm. Dwight Shepherd, director of cyberspace operations at Northern Command and North American Aerospace Defense Command (NORAD), said during the same panel.
However, Shepherd said, the Northern Command may not be best positioned to as the cyber component in national incidents. “I can tell you from a NORAD/NORTHCOM perspective, we’re really good at [responding to] hurricanes, tornadoes, but we’re not capable, truthfully, to tackle a cyber event,” he said. In addition to coordinating with DHS, FEMA and the states, the Northern Command would be supporting the cyber expertise of the Cyber Command and the Joint Force Headquarters-Department of Defense Information Networks, which is responsible for maintaining and defending the DOD information network.
“We still have got a little more work at defining authorities…We’re still trying to play catch up on some of the legislation piece,” Shepherd said, noting they’re still working through the authorities piece through Cyber Command. “I think we’ve got the right folks in and the right direction [to] help define that challenge.”
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.