DOD and DHS
DOD
The Department of Defense (DOD) is responsible for the Cyber Command division which conducts offensive cybersecurity efforts on behalf of the United States in foreign nations around the world. When international state and non-state actors enact cybercriminal attacks to networks and critical infrastructures within the United States, DOD makes a determination on how the attack initiated and what level of impact will the nation endure as a result. This initial assessment provides DOD with the basis of evidence to support a strategy to respond to criminal actors through military strategy at Cyber Command. DOD has the authority to execute full-spectrum military cyberspace operations through Cyber Command; operations include enabling operations, cyber disruption, and cyberattack. DOD countermeasures regarding enabling operations include network characterization and internet operation. DOD can engage in cyber destruction, which includes interrupting the flow of information or function of information systems without physical damage or injury. DOD can also conduct cyberattack, which causes physical damage to property or injury to persons. Cyber Command is responsible for identifying attacks by foreign entities and devising a strategy to respond to criminal actors abroad as a part of federal military strategy.
DHS
The Department of Homeland Security (DHS) performs defensive cybersecurity efforts on behalf of the United States as a part of domestic strategy to protect individuals, organizations, corporations and governments from attacks by criminal actors. The creation of DHS combined some cybersecurity offices from the Commerce Department, FBI and DOD. DHS has eight roles and responsibilities for protecting networks and critical infrastructures within the United States: identifying and prioritizing critical infrastructures by considering physical and cyber threats and vulnerabilities, maintain national critical infrastructure centers that provide a situational awareness of capabilities by emerging threats, provide analysis and expertise to critical infrastructure owners and exchange intelligence to strengthen security, conduct comprehensive assessments of the vulnerabilities of the country’s critical infrastructure, coordinate Federal government responses to significant cyber or physical incidents, assist the Attorney General in investigating and prosecuting threats to critical infrastructure, employ commercial satellite and airborne systems, submit a national report on the security of the nation’s critical infrastructure.
Jurisdiction
In certain instances, governance and jurisdiction are a significant obstacle the two departments must overcome in order to effectively respond to cyberattack. Sometimes the lines are blurred between state and non-state actors, and that can make it challenging to decide which agency should handle the response to the criminal activity. In every instance of criminal activity by a state-actor, the correct department to handle the situation would be Cyber Command. In cases of a non-state actor it depends on where the criminal activity took place in order to determine the correct department for responding to the attack. Both departments are challenged by three things Clarke outlined in Cyber War: flaws in the internet, flaws in hardware and software, and the move to put more critical infrastructures online. Examples of flaws in the internet include the openness of the internet and problems with the design of ISPs. When attackers compromise and ISP they can gain access to many people’s devices in a short amount of time, which could ultimately lead to populations being negatively impacted financially, physically, or preventing access to critical infrastructures. Hardware and software also contain bugs even after they are released to use, the process of creating software and hardware is unregulated and thereby it is impossible to monitor malicious code or chips in every piece of technology. Placing critical infrastructure’s SCADA controls online makes them as vulnerable to attack as other parts of a network.
Investments
In order to help the DOD and DHS complete their missions in the United States and around the world, I believe the Federal government should invest more financial resources into the two agencies in order to increase their security efforts domestically and abroad. Providing additional resources could help each agency implement their security strategies more broadly, ultimately assisting in the protection of networks and critical infrastructures while responding to criminal incidents efficiently. Also, adopting a National Cybersecurity policy in much the same way that Clarke is advocating can provide corporations and governments with a uniform standard on how to protect networks and critical infrastructures, which could ultimately reduce the rate at which corporate and government technologies are being compromised today. If the Federal government can provide regulation that would be implemented by governments and corporations by mandate, which could lead to consistent strategies to help entities with protecting their critical infrastructures from common threats both domestically and abroad.
Regulation
In addition to more regulation for governments and corporations, I think creating policies that provide clear description of governance for cybersecurity issues would be an excellent strategy for strengthening both departments. Setting specific eligibility criteria for determining which agency is to handle responses to threats by non-state actors could save the Federal government time and resources while developing and implementing an appropriate military strategy to respond to cyberattacks. Also, more regulation could give governments and corporations the resources to monitor internet traffic among networks in the earliest possible stages in order to prevent the spread of malicious code. More regulation could assist the ISPs in monitoring internet traffic as well. More regulation during the supply chain process could help corporations develop and distribute fewer software and hardware units with malicious code or chips that can be used for cyberwarfare. Another way to assist both departments would be to discover a way to allow SCADA controls to work without the need for internet connectivity. This would reduce attacker’s prospects of gaining unauthorized access to critical infrastructures and thereby serves as a preventive method that can help the DHS and DOD reduce the damage attackers can have on critical infrastructures.