Northern Command nominee: U.S. behind in cyber defense

A Navy admiral nominated to head the joint command responsible for defending the U.S. homeland and aerospace acknowledged in his confirmation hearing that the country is lagging in its cyber-defense of critical infrastructure.

Adm. William Gortney, who was tapped last month by President Barack Obama to head the U.S. Northern Command and the North American Aerospace Defense Command, also told the Senate Armed Services Committee on July 10 that he was unaware of a formal coordinating mechanism between Northern Command and the Department of Homeland Security for responding to cyberattacks.

Northern Command does have a liaison officer in DHS’s National Cybersecurity and Communications Integration Center, the department’s 24/7 hub for monitoring and responding to cyber threats, a DHS official told FCW.

Northern Command would coordinate the military's response to any physical damage to infrastructure caused by cyberattacks, while DHS is the lead civilian agency in that response. The U.S. military set up Northern Command about a year after the Sept. 11, 2001, terrorist attacks as a cross-military-branch effort to protect the country.

Cybersecurity is not a primary area of focus of Northern Command, Adm. James Winnefeld, then head of the command, said in October 2010. U.S. Cyber Command takes the lead in the nation's cyber-defense, but Northern Command would coordinate with Cyber Command in the event of an attack, he said.

"If there were an attack that took down the electrical grid for a significant amount of time, it's going to be CYBERCOM who partners with DHS to help with the recovery from that attack,” the Northern Command website quoted Winnefeld as saying. "My play in that is going to be how do we keep the trains running? How do we keep people fed? And we're exploring the linkage between those two things."

Nearly four years later, civilian and military agencies are still connecting the dots on how they would respond to an attack with cyber and physical dimensions.

"Who is responsible for the active defense of these facilities? Or is anybody responsible?" Sen. Jack Reed (D-R.I.) asked Gortney at his confirmation hearing last week, referring to infrastructure such as transit systems and financial institutions.

"For our civilian infrastructure, to be honest, sir,  Homeland Security has that responsibility," the admiral replied. "And it is my professional opinion that we … as a nation are behind in our ability to defend that critical infrastructure."

"Do you have a coordination with Homeland Security? Again, if [they] are the ones responsible, there should be at least a joint planning effort, not just in response but in deterrence or prevention," Reed said.

While DHS is Northern Command's "closest inter-agency partner" in homeland defense, "I do not know if we have a formal coordinating, and if confirmed, I will make sure I understand that, sir," Gortney said.

The Senate Armed Services Committee has yet to vote on Gortney’s nomination.