Cybersecurity

The thin line between military and civilian cyber defense

Lt. Gen. James

Lt. Gen. James "Kevin" McLaughlin, deputy commander of U.S. Cyber Command

How will military and civilian cyber response teams collaborate in the event of a cyberattack on U.S. critical infrastructure?

It's not clear yet, but the maturing U.S. Cyber Command does not currently entertain ideas of going it alone in defense of critical infrastructure.

"In every case that we currently imagine, we would do that in support of another government agency," said Lt. Gen. James "Kevin" McLaughlin, the command's deputy, at an Oct. 9 cybersecurity forum at the Center for Strategic and International Studies.

McLaughlin said there is a "broad framework" in place for determining the threshold at which his command will aid DHS in response to a cyberattack, adding that attacks that cause loss of life certainly qualify. The annual Cyber Guard exercise is an opportunity to tease out these legal and policy questions, he said.

McLaughlin's boss, Adm. Michael Rogers, has identified the industrial control systems that underpin the power grid as increasingly vulnerable targets. McLaughlin said CyberCom is training personnel to specialize in defending against attacks on industrial control systems. In terms of defending the Pentagon's own infrastructure, McLaughlin said defense officials were prioritizing critical components of platforms to make sure they are resilient in the face of a hack.

Harvey Rishikof, a senior counsel at the law firm Crowell & Moring, speaking at the same event, said the threshold at which the Defense Department feels compelled to respond to a cyberattack "ultimately will be a policy determination." Use of cyber force is not a straightforward legal issue, either: a raft of legal provisions governing the national guard, the armed forces and the intelligence community come into play, Rishikof said.

Holding military officers accountable

The Pentagon also is working to hold military officers more accountable for the cybersecurity of the programs under their watch, McLaughlin said. "Accountability -- to the individual level and really at the leader level -- is a key part of the cultural change that's occurring."

Deputy Defense Secretary Robert Work has called for that accountability by comparing negligence in the cyber and physical worlds. "Right now, if you discharge a weapon, you are held accountable for that…What we need to do is inculcate a culture where a 'cyber discharge' is considered just as bad," Work told a Sept. 29 hearing of the Senate Armed Services Committee.

In his Oct. 9 remarks, McLaughlin also reflected on the irony of assigning a separate command for cyberspace but also asking military officers from multiple domains to focus on the field.

"We have to operate in a way that's beyond what we typically have been comfortable doing with other parts of the military, other combatant commands," McLaughlin said. "Cyber warfare doesn't just live nicely within one either geographic area [or] one functional area."

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.