Who Is In Charge if a Massive Cyber Attack Strikes the U.S?

Cyber physical attacks on infrastructure may be an unlikely sneak attack, but if it happens, the chain of command is far from clear. 

The threat of a massive cyber attack on civilian infrastructure, leading to loss of life and perhaps billions in damages, has kept lawmakers on edge since before former Defense Secretary Leon Panetta warned of it back in 2012 (or the fourth Die Hard movie in 2007). Many experts believe that a sneak attack would be highly unlikely. The Department of Homeland Security has the lead in responding to most cyber attacks. But if one were to occur today, DHS and the Defense Department wouldn’t know all the details of who is in charge of what.

The Department of Defense Cyber Strategy, published in April, carves out a clear role for the military and Cyber Command in responding to any sort of cyber attack of “significant consequence,” supporting DHS. Specifically, the strategy tasks the 13 different National Mission Force teams, cyber teams set up to defend the United States and its interests from attacks of significant consequence, with carrying out exercises with other agencies and setting up emergency procedures. It’s the third strategic goal in the strategy. It’s also “probably the one that’s the least developed at this – at this point,” Lt. Gen. James K. McLaughlin, the deputy commander of US Cyber Command, said at a Center for Strategic and International Studies event last month. He went on to describe the role that the military would play in such an event as “building the quick reaction forces and the capacity to defend the broader United States against an attack.” It’s something that the Defense Department, the Department of Homeland Security and the FBI and other agency partners all train for together in events like the Cyber Guard exercises, the most recent of which took place in July. The Defense Department, DHS and others worked through a series of scenarios related to a major attack on infrastructure.

McLaughlin described it as helpful in clarifying the difficult legal and policy issues that rear up when US troops are brought in to perform some military operation on US soil. But that doesn’t mean that all the kinks were ironed out.
 “I think we feel comfortable that if one of those events happened today you’d see the right discussion about the sort of the political leadership, you know, has this reached that threshold? To be honest, it will never be black and white, have a perfect recipe … we have a structure within the government to have that discussion, and the ability for a request to come forward where US Cyber Command forces would go.”

A structure to have a discussion is a bit different than a clear sense of who is in charge of what when the power goes out.
Army Brig. Gen. Karen H. Gibson, deputy commanding general of Joint Force Headquarters-Cyber at United States Army Cyber Command, essentially reiterated that point when Defense One caught up with her at the AUSA conference last month. When asked if there existed a specific doctrine that spelled out the leadership roles for the Defense Department and for DHS in event of an attack of significant consequence, she said “There are a number of exercises to work through those very issues and how do we leverage the National Guard to help? It is a high priority and they are working it but I don’t think there’s a ‘Hey, here’s the solution,’ yet. It’s just a high priority.”

One of the various legal considerations muddying the prospect of a clear strategy could be laws related to posse comitatus, which forbid anyone to use “any part of the Army or the Air Force as a posse comitatus or otherwise to execute the laws,” except “under circumstances expressly authorized by the Constitution or Act of Congress.”
This kind of attack is a perennial boogeyman, but the actual likelihood of a digital sneak attack that rises to the level of “significant consequence” is harder to pin down. In his novel Ghost Fleet, a fictional account of World War III, strategist Peter Singer makes a convincing argument that a cyber-physical attack is most likely to occur as part of hostilities already underway, not as a first strike.

However unlikely, were such an attack to occur today, the question of who is in charge of what remains somewhat open.
DefenseOne: http://bit.ly/1Y4aLOZ

 

 

 

« EU votes Snowden Human Rights Asylum
Energy Under Hacktivist Threat »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Rollbar

Rollbar

Rollbar is a full-stack error monitoring platform for web and mobile applications. We help developers find and fix bugs fast. Built by developers for developers.

Convercent

Convercent

We offer comprehensive and integrated compliance management, reporting, and analytics. A 360-degree view of compliance drives efficiency by aligning initiatives and data into a single dashboard.

Aveshka

Aveshka

Aveshka is a professional services firm focused on addressing complex threats and challenges including Cybersecurity and Information Technology.

International Accreditation Forum (IAF)

International Accreditation Forum (IAF)

The IAF is the world association of Conformity Assessment Accreditation Bodies. Its primary function is to develop a single worldwide programme of conformity assessment.

Bace Cybersecurity Institute (BCI)

Bace Cybersecurity Institute (BCI)

Bace Cybersecurity Institute focuses on understanding, empowering and taking action across four critical areas driving continual improvement toward a safer, more secure cyber world.

Bellvista Capital

Bellvista Capital

Bellvista Capital connects entrepreneurs with capital and unmatched business expertise in the technology areas of Cloud Computing, Cyber Security and Data Analytics.

BullGuard

BullGuard

BullGuard is an award-winning cybersecurity company focused on providing the consumer and small business markets with the confidence to use the internet in absolute safety.

Axio Global

Axio Global

Axio is a leading cyber risk management SaaS company. Our Axio360 platform gives companies visibility to their cyber risk, and enables them to prioritize investments to protect their business.

Cipher

Cipher

Founded in 2000, Cipher is a global cybersecurity company that delivers a wide range of Managed Security Services.

TwoThreeFour

TwoThreeFour

ThreeTwoFour provide tailored cyber security solutions, delivered by highly-skilled, experienced consultants who respond to the real needs of you and your business.

Cyberfort Group

Cyberfort Group

Cyberfort exists to provide our clients with the peace-of-mind about the security of their data and the compliance of their business.

Cybaverse

Cybaverse

Cybaverse (formerly North Star Cyber Security) was founded to create the perfect blend of a Managed Security Service Provider (MSSP) and a Cyber Security Consultancy in one.

Rhodian Group

Rhodian Group

Rhodian Group (formerly Adar) specialize in providing Technology, Cybersecurity, and Compliance services to the insurance industry.

Trickest

Trickest

Trickest enables Enterprises, MSSPs, and Ethical Hackers to build automated offensive security workflows from prototype to production.

Munio

Munio

Munio is a leading Fortified IT Support and Cyber Security companies in the south east of the UK.

Silence Laboratories

Silence Laboratories

Silence Laboratories is a cybersecurity company that focuses on the fusion of cryptography, sensing, and design to support a seamless authentication experience.