The thin line between military and civilian cyber defense

Lt. Gen. James

Lt. Gen. James "Kevin" McLaughlin, deputy commander of U.S. Cyber Command

How will military and civilian cyber response teams collaborate in the event of a cyberattack on U.S. critical infrastructure?

It's not clear yet, but the maturing U.S. Cyber Command does not currently entertain ideas of going it alone in defense of critical infrastructure.

"In every case that we currently imagine, we would do that in support of another government agency," said Lt. Gen. James "Kevin" McLaughlin, the command's deputy, at an Oct. 9 cybersecurity forum at the Center for Strategic and International Studies.

McLaughlin said there is a "broad framework" in place for determining the threshold at which his command will aid DHS in response to a cyberattack, adding that attacks that cause loss of life certainly qualify. The annual Cyber Guard exercise is an opportunity to tease out these legal and policy questions, he said.

McLaughlin's boss, Adm. Michael Rogers, has identified the industrial control systems that underpin the power grid as increasingly vulnerable targets. McLaughlin said CyberCom is training personnel to specialize in defending against attacks on industrial control systems. In terms of defending the Pentagon's own infrastructure, McLaughlin said defense officials were prioritizing critical components of platforms to make sure they are resilient in the face of a hack.

Harvey Rishikof, a senior counsel at the law firm Crowell & Moring, speaking at the same event, said the threshold at which the Defense Department feels compelled to respond to a cyberattack "ultimately will be a policy determination." Use of cyber force is not a straightforward legal issue, either: a raft of legal provisions governing the national guard, the armed forces and the intelligence community come into play, Rishikof said.

Holding military officers accountable

The Pentagon also is working to hold military officers more accountable for the cybersecurity of the programs under their watch, McLaughlin said. "Accountability -- to the individual level and really at the leader level -- is a key part of the cultural change that's occurring."

Deputy Defense Secretary Robert Work has called for that accountability by comparing negligence in the cyber and physical worlds. "Right now, if you discharge a weapon, you are held accountable for that…What we need to do is inculcate a culture where a 'cyber discharge' is considered just as bad," Work told a Sept. 29 hearing of the Senate Armed Services Committee.

In his Oct. 9 remarks, McLaughlin also reflected on the irony of assigning a separate command for cyberspace but also asking military officers from multiple domains to focus on the field.

"We have to operate in a way that's beyond what we typically have been comfortable doing with other parts of the military, other combatant commands," McLaughlin said. "Cyber warfare doesn't just live nicely within one either geographic area [or] one functional area."

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


  • FCW Perspectives
    human machine interface

    Your agency isn’t ready for AI

    To truly take advantage, government must retool both its data and its infrastructure.

  • Cybersecurity
    secure network (bluebay/

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.