via Defense Systems
Although the United States is building up a series of organizations and systems to defend its vital infrastructure from cyberattack, coordinating and managing this massive edifice remains a challenge. This lack overall authority and strategic direction was a key topic brought up by government and private-sector groups in congressional testimony last week.
Speaking at a House Armed Services Subcommittee hearing on Emerging Threats and Capabilities, members of Congress and other speakers raised their concerns about the challenges facing national cyber defense. Defining clear lines of authority remains an issue that must be worked out. Subcommittee chairman Max Thornberry (R-Texas) noted that if enemy aircraft or ships attack U.S. territory, there are clear rules to invoke a military response. But how should the nation respond if there is an attack from cyberspace, he asked. Specifically, he wondered if the Defense Department or the federal government is able and authorized to commit to a response.
Determining what part of the government should respond to an attack remains a challenge due to a variety of factors, such as the nature of the attack, determining if and when an attack is taking place and where the attack came from. The Stars and Stripes reported that there is still no definite agreement between Congress, the White House, the intelligence community, the Defense and Homeland Security departments and industry stakeholders about who should watch over certain networks and respond in different cyberattack scenarios.
Some steps have been taken. The Stars and Stripes noted that two bills introduced last year seek to establish explicit lines of federal authority. The administration has also ordered the DOD and DHS to assign observers to sit in on each other’s cybersecurity operations to promote better coordination.