Is it NORTHCOM or CYBERCOM? CYBERCOM or the NSA—or both? So many agencies; so little clarity.
One of the Pentagon’s key missions is to lend a hand—or a drone—during natural disasters or other domestic emergencies. But it is unclear, in the event of of a massive data breach, which element of the Defense Department is in charge of military support, according to Congress’ watchdog agency.
In other words: When there is an Ebola virus epidemic, for example, the assistant secretary of defense for health affairs steps in to help the civilian government. But it’s not clear what military official should organize forces when there is, for instance, a hospital computer virus unleashed by Iran.
U.S. Northern Command says it is the main Pentagon support arm that fends off foreign hackers in the United States, a position at odds with policies and some top brass who say Cyber Command plays the lead in addressing stateside cyberthreats from abroad when asked.
Joseph W. Kirschbaum, Government Accountability Office director for defense capabilities and management, warned that until the Pentagon “clarifies the roles and responsibilities of its components,” the military “may not be positioned to effectively employ its forces and capabilities to support civil authorities in a cyberincident.”
In recent years, CYBERCOM and National Security Agency resources have been deployed to deal with privacy breaches at the Office of Personnel Management perpetrated by Chinese hackers, as well as a destructive attack against Sony Pictures Entertainment allegedly orchestrated by North Korea.
“DOD officials stated that the department had not yet determined the approach it would take to support a civil authority in a cyberincident and, as of January 2016, DOD had not begun efforts to issue or update guidance and did not have an estimate on when the guidance will be finalized,” Kirschbaum said.
The Pentagon is required by law to develop a plan by next month for CYBERCOM to support civil authorities in the event of a nation-state cyber strike.
For its part, Cyber Command says the Defense secretary likely would call on CYBERCOM, not NORTHCOM, to provide help during a civilian cyber emergency.
Northern Command told a different story. As of September 2015, NORTHCOM officials said “their command had not delegated this responsibility to another command.”
Full article: The Pentagon Still Hasn’t Decided Who’s In Charge If America Comes Under Cyberattack (Defense One)