recommended reading

Americans want Defense -- not DHS -- to guard cyberspace, lawmakers say

Claiming to have the backing of the American people, lawmakers argued the Defense Department -- not the Homeland Security Department -- should guard the country against cyberattacks.

Currently, DHS has the lead in protecting private and civil government networks, including critical infrastructure systems such as the power grid and other utilities, but members of the House Armed Services emerging threats and capabilities subcommittee said at a hearing Tuesday that Defense should take the larger role.

Defense officials told the panel that due to privacy and civil liberty concerns, DHS should have the lead in protecting private and civil government networks.

Rep. Mac Thornberry, R-Texas, chairman of the subcommittee, said in his opening statement at the hearing, "The American people expect the Department of Defense to defend the country in whatever domain it is attacked. That means that Cyber Command must be ready, and Congress and the administration must find a way to ensure that it has the legal authorities it needs and at the same time ensure that the constitutional rights of Americans are protected."

Thornberry, in a comment during the hearing, said this hands Congress a constitutional role that the founders of the country never envisioned: "How do we declare war at the speed of light?"

Army Gen. Keith Alexander, commander of the U.S. Cyber Command, and Madelyn Creedon, assistant secretary of Defense for global strategic affairs, both told the hearing that Defense and the Obama administration plan to release within a month refined rules of engagement in cyberspace that will clarify the roles of Defense and DHS.

House Speaker John Boehner, R-Ohio, and House Majority Leader Eric Cantor, R-Va., plan to bring broad cyber legislation to the House floor in April, according to Thornberry. He said development of cyber policy requires the input of not only Congress and the administration but of an increasingly wired public as well.

Thornberry and other members of the subcommittee expressed frustration with the bifurcated roles Defense and DHS have in protecting private networks, particularly those that manage the power grid and other utilities.

Rep. K. Michael Conaway, R-Texas, said in his mind, the dual role that exists today is equivalent to DHS running the North American Aerospace Defense Command to monitor airspace for a missile or aircraft attack, and if such an attack occurs -- an act of war -- turning over response to that attack to Defense.

Rep. Robert Andrews, D-N.J., said due to the speed of operations in cyberspace and the current rules of engagement, an attack will be over by the time DHS detected it and Defense responded. Andrews said if the country is truly concerned about cyberattacks, then Defense should be the "focal point" of any response.

Alexander told the hearing that cyberspace has "become more dangerous" and when it comes to probes and penetrations today, the offense has the upper hand. "Our interconnectedness is now a national security issue" that has the attention of leaders in both Congress and the administration, he said in written testimony.

"We reserve the right to use all necessary means," including military force, to respond to an attack in cyberspace, he added.

Still, Alexander does not believe Defense should take over the cyber roles and missions in the private sector that are currently assigned to DHS. That department should be "the public face" of private sector cyber defense to ensure "protection of civil liberties and privacy," Alexander said in response to a question from Thornberry.

Alexander said Defense also does not have the resources to take over DHS' cyberspace role. "If we did so, it would sap our manpower," he said.

The best way Defense can assist DHS and the private sector is through information sharing of cyber threats, Alexander said. Such sharing started last year with the Defense Industrial Base Cyber Pilot Program sharing classified intelligence with select military contractors and their communications providers, he said.

Creedon, in her written testimony, said Defense is working with DHS to make cyber threat information sharing with defense contractors a permanent program.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.