Who’s in Charge When US Suffers A Cyberattack?

Uploaded on 2016-04-13 in FREE TO VIEW, GOVERNMENT-National, INTELLIGENCE--USA, NEWS-Cybersecurity News

One of the Pentagon’s key missions is to lend a hand—or a drone—during natural disasters or other domestic emergencies. But it is unclear, in the event of a massive data breach, which element of the Defense Department is in charge of military support, according to Congress’ watchdog agency.

In other words: When there is an Ebola virus epidemic, for example, the assistant secretary of defense for health affairs steps in to help the civilian government. But it’s not clear what military official should organize forces when there is, for instance, a hospital computer virus unleashed by Iran.

US Northern Command says it is the main Pentagon support arm that fends off foreign hackers in the United States, a position at odds with policies and some top brass who say Cyber Command plays the lead in addressing stateside cyberthreats from abroad when asked.

Joseph W. Kirschbaum, Government Accountability Office director for defense capabilities and management, warned that until the Pentagon “clarifies the roles and responsibilities of its components,” the military “may not be positioned to effectively employ its forces and capabilities to support civil authorities in a cyber incident.”

In recent years, CYBERCOM and National Security Agency resources have been deployed to deal with privacy breaches at the Office of Personnel Management perpetrated by Chinese hackers, as well as a destructive attack against Sony Pictures Entertainment allegedly orchestrated by North Korea.
 
“DOD officials stated that the department had not yet determined the approach it would take to support a civil authority in a cyber incident and, as of January 2016, DOD had not begun efforts to issue or update guidance and did not have an estimate on when the guidance will be finalized,” Kirschbaum said.

The Pentagon is required by law to develop a plan by next month for CYBERCOM to support civil authorities in the event of a nation-state cyber strike.

But a NORTHCOM concept plan, which is already Defense secretary-approved, states its commander would coordinate a civilian mission that “may include cyber domain incidents or activities — with other DOD components supporting in conducting the missions,” Kirschbaum said in an audit made public recently.

At the same time, other guidance directs Cyber Command to be responsible for supporting civil authorities during a cyber incident, the report noted.

Specifically, Robert Salesses, a deputy assistant secretary for homeland defense integration, testified in June 2015 CYBERCOM would oversee cyber incident troubleshooting. Likewise, a 2010 formal agreement between DOD and Homeland Security Department names CYBERCOM as the Pentagon component that would respond to a civilian network disaster.
 
For its part, Cyber Command says the Defense secretary likely would call on CYBERCOM, not NORTHCOM, to provide help during a civilian cyber emergency.

Northern Command told a different story. As of September 2015, NORTHCOM officials said, “Their command had not delegated this responsibility to another command.”

Meanwhile, Pacific Command officials told GAO it would take center stage responding to a cyber incident within its area of responsibility with CYBERCOM playing a supporting role, Kirschbaum said. The reasons for the discrepancies in roles and duties are due to the recent emergence of the Cyberthreat, according to the report.

NORTHCOM officials said Defense so far has never received a request for assistance from DHS or any lead federal agency for military support, under a civil authority, for a cyber incident. An official within the office of the deputy assistant secretary for cyber policy said the military “expects to receive more requests to support civil authorities in cyber incidents and acknowledged the need to clarify roles and responsibilities in advance of any requests given the growing focus on cybersecurity,” the audit states.

In reaction to a draft audit, the Pentagon on March 14 said it will spell out the officials and components that will aid, as needed, in the event of a U.S. cyber episode.

Defense will release or update guidelines “that clarify DOD roles and responsibilities regarding civil support for domestic cyber incidents,” said a response sent by Aaron Hughes, deputy assistant secretary for cyber policy.

DefenseOne: http://bit.ly/1Wn5umb

« FBI Says A Mysterious Hacking Group Has Had Access To US Government Networks For Years
Boardroom: Elevating Cybersecurity Discussions »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Markel International

Markel International

Markel International is an international insurance company which looks after the commercial insurance needs of businesses. Specialist services include Cyber Risk insurance.

MACH37

MACH37

MACH37 is a market-centric cybersecurity accelerator program designed to facilitate the creation of the next generation of cybersecurity product companies.

AntemetA

AntemetA

AntemetA specializes in network infrastructure, security and cloud computing, helping companies transform their Information Systems.

Verafin

Verafin

Verafin is one of the North American leaders in fraud detection and AML software.

ShiftLeft

ShiftLeft

ShiftLeft is a continuous application security platform, purpose-built for the modern software development life cycle.

Hellenic Accreditation System (ESYD)

Hellenic Accreditation System (ESYD)

ESYD is the national accreditation body for Greece. The directory of members provides details of organisations offering certification services for ISO 27001.

NSA Career Development Programs

NSA Career Development Programs

NSA offers entry-level programs to help employees enhance their skills, improve their understanding of a specific discipline and even cross-train into a new career field.

Casque SNR

Casque SNR

CASQUE SNR is the next generation of Identity Assurance that has potential to supersede existing solutions. It provides Identity Assurance for both people and things.

NightDragon

NightDragon

NightDragon is a venture capital firm investing in innovative growth and late stage companies within the cybersecurity, safety, security, and privacy industry.

Epiphany Systems

Epiphany Systems

Epiphany enhances your defensive security controls by providing you with an offensive perspective. We expose the most likely attack paths to your most critical IT assets and users.

Grant Thornton

Grant Thornton

Grant Thornton is one of the world’s leading networks of independent assurance, tax and advisory firms.

Mirai Security

Mirai Security

Mirai Security are a cyber security company that specializes in Governance, Risk Management and Compliance, Cloud Security and Application Security.

Green Enterprise Solutions

Green Enterprise Solutions

Green Enterprise Solutions are a Namibian company providing Information and Communication Technology (ICT) services to corporate Namibia.

MAUSHIELD

MAUSHIELD

MAUSHIELD is the national platform for sharing cyber threat information and intelligence that can help organisations to improve their cybersecurity posture, minimize risks and prevent cyber-attacks.

Defimoon

Defimoon

DeFimoon is the International Blockchain Development & Security Agency. We provide professional services and solutions at the highest quality on world-leading chains.

CYSEC Global

CYSEC Global

CYSEC Global is a series of summits dedicated to tackle regional cyber security challenges.