The Pentagon has no clearly designated military official who'd be in charge of support in the event of a massive data breach by foreign hackers, according to Congress's watchdog agency.
They probably proposed such a job, but couldn't find any takers.
In an analysis of the audit by the U.S. Government Accountability Office, Defense One reports the U.S. Northern Command says it's the main Pentagon support arm in such breaches, while policies and some top brass say Cyber Command plays the lead in cyberthreats from abroad.
The Department of Defense needs to clarify its roles and responsibilities in an area of growing concern, Joseph Kirschbaum, GAO's director for defense capabilities and management, warns in the audit.
And until it does, the military "may not be positioned to effectively employ its forces and capabilities to support civil authorities in a cyberincident," Kirschbaum says.
"[Department of Defense] officials stated that the department had not yet determined the approach it would take to support a civil authority in a cyberincident and, as of January 2016, DOD had not begun efforts to issue or update guidance and did not have an estimate on when the guidance will be finalized," Kirschbaum said.
According to Defense One, the Pentagon is required by law to develop a plan by next month for Cyber Command to support civil authorities in the event of a nation-state cyber strike.
But a Northern Command plan, which is already Defense secretary-approved, states its commander would coordinate a civilian mission that "may include cyber domain incidents or activities -- with other DOD components supporting in conducting the missions," Kirschbaum notes in the audit.
The reasons for the discrepancies are due to the recent emergence of the cyberthreat, according to the report.
Northern Command officials say the Pentagon so far has never received a request for assistance from any lead federal agency for military support for a foreign cyberincident, the audit states ‐ but they expect more, Defense One reports. 
|
