On the same day the summary of new National Defense Strategy only vaguely mentioned the Pentagon’s cyber capabilities, Secretary of Defense James Mattis expanded on the topic and discussed the department’s efforts tor reorganize cyber forces.
The only portion of the strategy summary that explicitly addresses cyberspace notes that the Department of Defense will “invest in cyber defense, resilience, and the continued integration of cyber capabilities into the full spectrum of military operations.”
In a speech at Johns Hopkins University addressing the newly unveiled strategy, Mattis explained there will be a reorganization of the fundamental cyber-related organizations, namely U.S. Cyber Command and the NSA.
“They will be organized along different lines,” Mattis said. “We are going to have to then resource them in education with training programs, recruiting programs and mission statements so that the reorganized forces are working together because this is a wild west right now. As you know people in their bed rooms can be doing things that are causing your bank account dire problems at this point.”
He did not provide further details.
DoD is currently focus on elevating Cyber Command to a full unified combatant command out from under Strategic Command.
Mattis also touched upon a recent flashpoint: how DoD protects the U.S. homeland from massive cyber incidents.
“How do we protect life if cyber could shut down all the power in a part of our country that would kill people in hospitals or paralyze economies that are required to keep people alive,” he said. “How do we deal with that when that’s not what you and I would call a military mission? As a matter of fact we have laws that prohibit us –and we are proud of those laws – from doing certain things in this country. You don’t see any military person arresting anyone in this country…not our authority under the constitution.”
DoD has come under fire from both independent government watchdogs and Congress for its polices and procedures in civil cyber defense.
During a testy exchange at an October hearing before the Senate Armed Services Committee, committee chairman Sen. John McCain (R-Ariz.) berated DoD’s witness for expressing DoD should not be the lead for the domestic cyber mission risks, which could upset the traditional civil-military balance.
“You said that it’s not Department of Defense responsibility — suppose if the Russians had been able to affect the outcome of the last election,” McCain charged. “Would that fall under the responsible and authority to some degree of the Department of Defense if they’re able to destroy the fundamental of democracy by changing the outcomes of elections?”
“For you to sit there and say, ‘Well, but it’s not Department of Defense’s responsibility’ — it is; to defend the nation … if you can change the outcome of an election, that has consequences far more serious than a physical attack,” McCain said.
The Government Accountability Office has also been critical of how DoD might assist the U.S. government in the event of a major cyber incident citing lack of training and clear lines of command and control in a November report.
Mattis noted that the Pentagon will have to look at the cyberspace problem much more broadly than it has in the past.
“It’s a very complex issue for right now. I’m focused mostly on making certain that our military can fight and supporting FBI and others when we spot a problem coming in from overseas that we will pick it up and we notify the law enforcement agencies now,” he said. “But there’s a lot more to be done…and I’ve not got that defined yet.”