Cyber Command builds critical infrastructure defense skills

As U.S. Cyber Command reaches operational capability in its mission to protect Defense Department networks and support combat commanders, it is also firming up its plans to help the Department of Homeland Security defend critical infrastructure networks, according to one of the command's top leaders.

"We're still fleshing out [how to protect critical infrastructure providers from] attacks of significant consequence," said Lt. Gen. James McLaughlin, Cyber Command's deputy commander, at the Air Force Association's Air, Space and Cyber Conference on Sept. 20.

The command has been concentrating on developing its cyber mission workforce since 2013 and now has more than 6,000 people in 133 cyber mission forces, he added.

That total jibes with the goal McLaughlin set earlier this year in announcing the force. He unveiled the cyber mission forces in testimony in June before the House Armed Services Committee and told lawmakers that as of June 10, Cyber Command's mission forces consisted of 4,684 people, with an eventual target of 6,187 people.

How Cyber Command will use those people in the event of an attack on critical infrastructure networks -- such as those used by banks, electricity and water utilities, and other industries -- is not well defined, he said. But that is intentional, given the fluid nature of cyberattacks, which can range from data theft to physical destruction.

"DHS is the lead for defending .gov" and critical infrastructure networks, McLaughlin told FCW after his speech at the Air Force conference. "We share information and intelligence" with DHS and the National Security Agency.

Although the decision to have Cyber Command step in after an attack is left to higher-level authorities, McLaughlin said the command can augment DHS' expertise.

"Our core skill set for DOD translates to other environments," he said.

DHS and the FBI are on the front lines of finding relatively low-level cyberattackers on the civilian side, McLaughlin added. However, he said a significant attack on critical infrastructure, possibly involving a nation-state actor, could require a broader response from the U.S.

"We're poised to respond" to such a threat, he added.

McLaughlin said Cyber Command has been working closely with NSA to develop the command's initial cyber workforce and capabilities. Although it still shares information with the agency, it is moving away from NSA's closer orbit as it develops its own set of skills and expertise.

Cyber Command and NSA are led by Navy Adm. Michael Rogers.

McLaughlin did not elaborate on what the command would bring to the table with DHS in response to a big attack on critical infrastructure but said that given the pace of cyberthreats, an attack of significant consequence is likely in the coming years.

"You will see us do this in the future," he added.

He said Cyber Command has already been working with critical infrastructure providers through cyberattack exercises. This summer's Cyber Guard 16 simulation involved a broad electronic assault on government, academia, industry and allies. Cyber Command, DHS and the FBI led the exercise, which was hosted by the Joint Staff in a state-of-the-art facility in Suffolk, Va.