The new rules allow the Department of Homeland Security to take advantage of the military's cyber-warfare experts and the intelligence capabilities of the National Security Agency in case of attack.
The Obama administration changed federal policy allowing the military to
step in and assist during a cyber-attack on domestic soil, reported the
New
York Times on Oct. 21.
With the exception of natural disasters, the military cannot deploy units
within the country's borders. Even for natural disasters, a presidential order
is required before moving the troops out.
Under the new agreement between the Department of Defense and Department of
Homeland Security, the military's cyber experts can be called upon in case of
an attack targeting critical computer networks inside the United
States, according to the article.
Robert J. Butler, the Pentagon's deputy assistant secretary for cyber
policy, told the Times that the rules change will allow agencies to focus on how
to respond to attacks on critical computer networks.
The two agencies "will help each other in more tangible ways than they
have in the past," Butler said
in an article in
Defense
News, an Army Times publication. He also said closer collaboration will provide
"an opportunity to look at new ways that we can do national cyber incident
response."
With the new rules, the officials in charge of domestic security can take
advantage of the Pentagon's military expertise and the intelligence expertise
of the
National
Security Agency.
"DoD's focus is really about getting into the mix. We want to plan
together and work together with other departments" to ensure that they
understand the military's cyber capabilities and that the military understands
what other agencies and private companies can do for cyber defense, Butler
said.
The memorandum was signed by Homeland Security Secretary Janet Napolitano
and Defense Secretary Robert Gates. The memorandum makes a quick and legal
response to a cyber-attack possible and prevents time-wasting debates over
who's in charge and who has the authority to do what, said the New York Times.
The Department of Homeland Security will still lead cyber-defense efforts,
but the Department of Defense will provide cyber-attack expertise to various
government entities and a handful of private corporations, said Butler.
Officials who helped draft the rules said the goal was to ensure a rapid
response to a cyber-threat while balancing civil liberties concerns that may
result from misuse of military power.
Butler said teams of lawyers
would watch for potential violations of civil liberties.
Once the president gives the order, a team of Pentagon cyber experts will be
sent to Homeland Security's operations center, and a team of Homeland Security
officials will be dispatched to Fort Meade, where the National Security Agency
and the Pentagon's
Cyber
Command are located, according to the Times article.
The greater part of the government's computer network capabilities are also
located at Fort Meade.
Officials decided on the policy change because most of the government's
computer network defense capabilities and expertise are within the Pentagon,
while most of the key targets are on domestic soil, officials told the New York
Times. Targets may be within the government but can also be public-facing
operations like financial networks and
regional
power grids, the paper said.
Improving agency and industry "situational awareness" in
cyberspace is a central objective for the Department of Defense, according to
Defense News. Developing and maintaining a clear picture of the threats in
cyberspace remain difficult because the Internet is evolving every day, Butler
said.
In the event of a cyber-attack, it's still extremely difficult to tell who
is attacking. It's not even clear what constitutes an attack.
"As we move forward, one of the key things we have is to agree on is
the taxonomy," Butler said.
There is a lot of discussion about "cyber-war," "cyber-attacks,"
and "hostile intent," but there is no agreement on exactly what those
terms mean.
Homeland Security conducted Cyber Storm 3, a national cyber-incident
response framework exercise on how to handle a cyber-attack, at the end of
August. Butler said the exercise,
which included federal and state entities, private sector, and international
partners, helped government officials think through
possible
scenarios, said Defense News.
"We were able to work out what the threat was, what the appropriate
response was, who takes action, how do you determine conditions and
postures," he said.
Email
Print
