Cybersecurity

The thin line between military and civilian cyber defense

Lt. Gen. James

Lt. Gen. James "Kevin" McLaughlin, deputy commander of U.S. Cyber Command

How will military and civilian cyber response teams collaborate in the event of a cyberattack on U.S. critical infrastructure?

It's not clear yet, but the maturing U.S. Cyber Command does not currently entertain ideas of going it alone in defense of critical infrastructure.

"In every case that we currently imagine, we would do that in support of another government agency," said Lt. Gen. James "Kevin" McLaughlin, the command's deputy, at an Oct. 9 cybersecurity forum at the Center for Strategic and International Studies.

McLaughlin said there is a "broad framework" in place for determining the threshold at which his command will aid DHS in response to a cyberattack, adding that attacks that cause loss of life certainly qualify. The annual Cyber Guard exercise is an opportunity to tease out these legal and policy questions, he said.

McLaughlin's boss, Adm. Michael Rogers, has identified the industrial control systems that underpin the power grid as increasingly vulnerable targets. McLaughlin said CyberCom is training personnel to specialize in defending against attacks on industrial control systems. In terms of defending the Pentagon's own infrastructure, McLaughlin said defense officials were prioritizing critical components of platforms to make sure they are resilient in the face of a hack.

Harvey Rishikof, a senior counsel at the law firm Crowell & Moring, speaking at the same event, said the threshold at which the Defense Department feels compelled to respond to a cyberattack "ultimately will be a policy determination." Use of cyber force is not a straightforward legal issue, either: a raft of legal provisions governing the national guard, the armed forces and the intelligence community come into play, Rishikof said.

Holding military officers accountable

The Pentagon also is working to hold military officers more accountable for the cybersecurity of the programs under their watch, McLaughlin said. "Accountability -- to the individual level and really at the leader level -- is a key part of the cultural change that's occurring."

Deputy Defense Secretary Robert Work has called for that accountability by comparing negligence in the cyber and physical worlds. "Right now, if you discharge a weapon, you are held accountable for that…What we need to do is inculcate a culture where a 'cyber discharge' is considered just as bad," Work told a Sept. 29 hearing of the Senate Armed Services Committee.

In his Oct. 9 remarks, McLaughlin also reflected on the irony of assigning a separate command for cyberspace but also asking military officers from multiple domains to focus on the field.

"We have to operate in a way that's beyond what we typically have been comfortable doing with other parts of the military, other combatant commands," McLaughlin said. "Cyber warfare doesn't just live nicely within one either geographic area [or] one functional area."

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.