The Defense Department, not the Department of Homeland Security, should take the lead role in defending networks operated by utilities, banks and other private sector companies, members of the emerging threats and capabilities panel of the House Armed Services Committee told top ranking Defense officials at a hearing today.
Addressing Army Gen. Keith Alexander, commander of the U.S. Cyber Command, Teresa Takai, Defense chief information officer, and Madelyn Creedon, assistant secretary of Defense for global strategic affairs, a frustrated Rep. Robert Andrews, D-N.J., said the administration had misidentified the critical infrastructure cyber problem.
DHS has the lead in protecting private and civil government networks based on the anticipated targets of an attack, not on the potential origins of a cyberattack, Andrews said. The administration needs to turn that around and focus on "where the attack is from, not to."
Based on this approach, Andrews suggested (and other panel members agreed with him) that Defense and not DHS should take the lead role in protecting critical networks.
Alexander and Creedon did not directly address this suggestion, but both said they expected new rules of engagement for operations in cyberspace will be issued within a month.
Check out our news pages tomorrow for more on this.