DOD says it's prepared to support civilian response to a cyberattack

Defense Department officials pushed back Friday against criticisms levied against the lack of clarity in chain of command for domestic cyberattacks. “So there’s been a lot of discussion, ‘We don’t know how to do this’ or there [are] disconnects there, but I don’t think that’s the case at all,” Lt. Gen. James “Kevin” McLaughlin, deputy commander of the U.S. Cyber Command, said. “I think we know how to do it; we’re making sure that in the event that it happens we’re ready to execute,”

A Government Accountability Office report earlier this month said that DOD has not defined how it will support civilian authorities in the event of cyberattacks, nor identified roles or responsibilities that could be called upon during an incident, including the role of a dual-status commander – that is, a commander who has authority over both federal military and National Guard forces. 

However, Cyber Command senior staff met about two weeks ago in Colorado Springs with Northern Command and the Combatant Command that encompasses the United States within its area of responsibility to map out an organized response, McLaughlin said. “[W]e were actually putting meat on the bones – so what is the framework in a national incident,” whether it involved a natural disaster or some kind of incident caused by an adversary that calls for the involvement of the military, he said April 22 at the AFCEA Defensive Cyber Operations Symposium in Washington, D.C. “We know how to do that as a department in {support of the] civil authorities framework. What’s being added to that is the cyber element,” he said, adding that Cyber Command will be working in lockstep with civilian agencies such as Homeland Security Department during emergencies.     

McLaughlin also highlighted exercises his command has orchestrates to simulate and plan for these distinct cyber problems.  “We have an exercise called Cyber Guard that we have done for multiple years in a row…and we run that as a command but it really is a broad interagency exercise that’s usually the non-DOD scenario,” he said. Cyber Guard is an annual exercise aimed at building a whole-of-nation approach to defending networks, protecting infrastructure and sharing information across established lines.

“From a cyber standpoint, we would have to coordinate with DHS because DHS or [The Federal Emergency Management Agency] may be the leading federal agencies and we’d have to coordinate obviously with the states that are affected,” Rear Adm. Dwight Shepherd, director of Cyberspace Operations for the Northern Command and North American Aerospace Defense Command, said during the same panel, outlining how his command would approach these issues.

Shepherd conceded, however, that Northcom is not best suited for the cyber component in national incidents. “I can tell you from a NORAD/Northcom perspective we’re really good at hurricanes, tornados [response] but we’re not capable, truthfully, to tackle a cyber event,” he said. “So we, in my mind, would be supporting of Cybercom or JFHQ-DODIN along with” coordinating with DHS or FEMA or the states. He said the real cyber expertise comes from Cyber Command and the Joint Force Headquarters-Department of Defense Information Networks, which is responsible for maintaining and defending the DOD Information Network. 

“We still have got a little more work at defining authorities. … We’re still trying to play catch up on some of the legislation piece,” Shepherd said, noting that the Northern Command is still working through the authorities piece through Cyber Command. “I think we’ve got the right folks in and the right direction [to] help define that challenge.”