Cybersecurity

The thin line between military and civilian cyber defense

Lt. Gen. James

Lt. Gen. James "Kevin" McLaughlin, deputy commander of U.S. Cyber Command

How will military and civilian cyber response teams collaborate in the event of a cyberattack on U.S. critical infrastructure?

It's not clear yet, but the maturing U.S. Cyber Command does not currently entertain ideas of going it alone in defense of critical infrastructure.

"In every case that we currently imagine, we would do that in support of another government agency," said Lt. Gen. James "Kevin" McLaughlin, the command's deputy, at an Oct. 9 cybersecurity forum at the Center for Strategic and International Studies.

McLaughlin said there is a "broad framework" in place for determining the threshold at which his command will aid DHS in response to a cyberattack, adding that attacks that cause loss of life certainly qualify. The annual Cyber Guard exercise is an opportunity to tease out these legal and policy questions, he said.

McLaughlin's boss, Adm. Michael Rogers, has identified the industrial control systems that underpin the power grid as increasingly vulnerable targets. McLaughlin said CyberCom is training personnel to specialize in defending against attacks on industrial control systems. In terms of defending the Pentagon's own infrastructure, McLaughlin said defense officials were prioritizing critical components of platforms to make sure they are resilient in the face of a hack.

Harvey Rishikof, a senior counsel at the law firm Crowell & Moring, speaking at the same event, said the threshold at which the Defense Department feels compelled to respond to a cyberattack "ultimately will be a policy determination." Use of cyber force is not a straightforward legal issue, either: a raft of legal provisions governing the national guard, the armed forces and the intelligence community come into play, Rishikof said.

Holding military officers accountable

The Pentagon also is working to hold military officers more accountable for the cybersecurity of the programs under their watch, McLaughlin said. "Accountability -- to the individual level and really at the leader level -- is a key part of the cultural change that's occurring."

Deputy Defense Secretary Robert Work has called for that accountability by comparing negligence in the cyber and physical worlds. "Right now, if you discharge a weapon, you are held accountable for that…What we need to do is inculcate a culture where a 'cyber discharge' is considered just as bad," Work told a Sept. 29 hearing of the Senate Armed Services Committee.

In his Oct. 9 remarks, McLaughlin also reflected on the irony of assigning a separate command for cyberspace but also asking military officers from multiple domains to focus on the field.

"We have to operate in a way that's beyond what we typically have been comfortable doing with other parts of the military, other combatant commands," McLaughlin said. "Cyber warfare doesn't just live nicely within one either geographic area [or] one functional area."

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.