The U.S. Department of Defense (DoD) is traditionally tasked with maintaining national security by protecting citizens from threats originating abroad. When it comes to sophisticated cyber threats, however, the origin and perpetrator can be difficult to identify and the role of the DoD becomes less defined.
A large-scale cyber attack against privately-owned critical infrastructure that causes physical damage could have catastrophic results. How should the DoD assist privately-owned organizations in response to these types of events?
The DoD, U.S. law enforcement agencies such as the FBI, and the private organizations each have a role to play during the recovery operation. The challenge will be managing the relationship between the military and private entities during the process.
Partnerships between the DoD and the civilian sector aren’t without precedent. As the Officer in Charge of the Cyber Security Section at the Army’s Southwest Asia Cyber Center, I saw how well a team of DoD members and highly skilled civilians can work.
The primary DoD cyber mission encompasses the defense of military networks, support for expeditionary forces such as those in the Middle East, and the cyber defense of the homeland. Of these, the defense of the homeland is arguably the most difficult to plan for because the jurisdiction of the DoD, law enforcement, and private industry converge.
A cyber attack of the magnitude necessary to cripple the nation’s critical infrastructure hasn’t occurred yet. However, it is important for the DoD to consider this scenario and plan for its response. Cyber defense being one of its highest priorities, the DoD looks to build its capability to counter the growing cyber threat by developing specialized training pipelines for “cyber soldiers” and organizing an agile Cyber Mission Force.
The U.S. Cyber Command insignia.
For example, the Army has created a new “cyber network defender” military occupational specialty for enlisted members. It has also created an entire branch dedicated to cyberspace, which is considered a peer of the Army’s other more traditional branches such as Infantry, Aviation, Military Intelligence, etc. The Air Force, Navy, Marines, and Coast Guard are rapidly developing their own cyber doctrine for the DoD as well. In 2010, the DoD formed U.S. Cyber Command, a joint body that presides over the cyber operations of the individual services.
The DoD envisions that the Cyber Mission Force will have 133 teams by 2018 and encompass the full spectrum of DoD cyber operations. There are four types of teams in the current organization, each with a unique mission:
- Cyber Protection Teams are responsible for the defense of DOD networks
- Combat Mission Teams integrate cyberspace effects in support of contingency operations
- Support Teams provide analytic and planning support
- National Mission Teams defend the U.S. against the most significant attacks
The National Mission Teams are the most relevant to our industry and would be called upon in the event of a large scale cyber attack upon critical infrastructure. The intended targets of these attacks vary and may include utilities, financial organizations, or healthcare institutions, but they all have the potential to do catastrophic damage.
The partnership between the DoD and the private sector is essential to improving U.S. cyber resilience. Tremendous effort has been put into developing the current model of homeland cyber defense, which looks promising. However, the responsibilities of each organization must be clear and the model should be thoroughly tested.