[Infowarrior] - Military Granted Role in Cyberattack Response

Wed Oct 20 21:18:27 CDT 2010

October 20, 2010
Pentagon Will Help Homeland Security Department Fight Domestic Cyberattacks

By THOM SHANKER

http://www.nytimes.com/2010/10/21/us/21cyber.html

WASHINGTON — The Obama administration has adopted new procedures for using the Defense Department’s vast array of cyberwarfare capabilities in case of an attack on vital computer networks inside the United States, delicately navigating historic rules that restrict military action on American soil.

The system would mirror that used when the military is called on in natural disasters like hurricanes or wildfires. A presidential order dispatches the military forces, working under the control of the Federal Emergency Management Agency.

Under the new rules, the president would approve the use of the military’s expertise in computer-network warfare, and the Department of Homeland Security would direct the work.

Officials involved in drafting the rules said the goal was to ensure a rapid response to a cyberthreat while balancing concerns that civil liberties might be at risk should the military take over such domestic operations.

The rules were deemed essential because most of the government’s computer-network capabilities reside within the Pentagon — while most of the important targets are on domestic soil, whether within the government or in critical private operations like financial networks or a regional power grid.

The new approach will begin with a Department of Homeland Security team deploying to Fort Meade, Md., home to both the National Security Agency, which specializes in electronic espionage, and the military’s new Cyber Command. In exchange, a team of military networking experts would be  assigned to the operations center at the Homeland Security Department.

The rules were detailed in a memorandum of agreement signed in late September by Janet Napolitano, the secretary of homeland security, and Defense Secretary Robert M. Gates, but they were not released until last week.

Robert J. Butler, the Pentagon’s deputy assistant secretary for cyber policy, said the memorandum was intended to cut through legal debates about the authority for operating domestically, and to focus on how best to respond to the threat of attack on critical computer networks.

Mr. Butler said teams of lawyers would watch for potential violations of civil liberties. “We have put protection measures in place,” he said.

The Pentagon is expected to release a full National Defense Strategy for Cyber Operations this year, to be followed by broader interagency guidance from the White House, perhaps in the form of a presidential directive, in 2011.

Congress also is weighing legislation that would update domestic law to deal with advances in computer-based surveillance and cyberwarfare.

William J. Lynn III, the deputy defense secretary, underscored the Pentagon’s “need to protect our military networks,” but said that “it’s a national challenge as well.” In an interview with Charlie Rose broadcast Monday by PBS, Mr. Lynn added: “We need to protect our critical infrastructure. We need to protect our intellectual property. And that’s a whole-of-government effort.”

During a visit last week to NATO headquarters in Brussels, Mr. Gates lobbied for new partnerships to  combat computer threats, while warning that the NATO networks were vulnerable.

“On cybersecurity, the alliance is far behind,” Mr. Gates said. “Our vulnerabilities are well known, but our existing programs to remedy these weaknesses are inadequate.”

Mr. Gates said he was not concerned that secret intelligence shared with allies would be compromised, but he said NATO had weaknesses in its defenses for computer networks at its headquarters and throughout the shared command structure.