Pentagon Doesn’t Know Who’d Be In Charge In Cyber Attack

This post is also available in: עברית (Hebrew)

Much has been said recently of preparedness for cyberattacks. Intelligence, homeland security, and defence departments and agencies are tasked with setting up defences, coming up with clear plans of actions, and executing them when the time comes. Turns out, the latter might be somewhat problematic in the most technologically advanced nation on Earth, as no one knows who should be in charge in the event of an attack.

A report by the US Government Accountability Office (GAO) criticised the Department of Defence (DoD) for not clearly defining who is in charge in the event of a cyberattack on the United States. The Pentagon, the report reads, does “not clearly define its roles and responsibilities for cyber incidents.”

In an attack, the DoD would support the Department of Homeland Security (DHS) – the civilian agency tasked with leading the defence effort – that is the only relationship that is clearly set out. The who or what or when beyond that is a bit more vague.

The murkiness is a result of two conflicting rule-sets by two military divisions. The US Northern Command says it would be responsible for supporting civil agencies during an attack. The US Central Command says exactly the same.

“This absence has caused uncertainty about who in DOD would respond to support civil authorities in a cyber incident and how they would coordinate and conduct such a response,” the report states.

According to the report, the DoD is not able to “reasonably ensure” that it would be able to properly support civil agencies and organisations during an attack, because of the convoluted and muddled bureaucracy.

“The gap, and the uncertainty that results, could hinder the timeliness or effectiveness of critical Defense Dept. support to civil authorities during cyber-related emergencies,” said the report in its damning conclusion.