United States Cyber Command (USCYBERCOM) was formed in 2009 and officially "plans, coordinates, integrates, synchronizes and conducts activities…[to] ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries."
It would seem that cybersecurity would fall exclusively within CYBERCOM’s responsibility and, in the event of a cyberattack, this would be precisely the type of situation for which the agency was formed.
But there is disagreement within the Department of Defense. US Northern Command (NORTHCOM) claims it would have jurisdiction over a cyberattack. The National Security Agency (NSA) is another complicating factor, as the intelligence agency regularly deals with privacy breaches like last year’s US Office of Personnel Management hack.
"DOD officials stated that the department had not yet determined the approach it would take to support a civil authority in a cyberincident and, as of January 2016, DOD had not begun efforts to issue or update guidance and did not have an estimate on when the guidance will be finalized," said Joseph W. Kirschbaum, Government Accountability Office director for defense capabilities and management, according to Defense One.
Kirschbaum stated that until the Pentagon, "clarifies the roles and responsibilities of its components," the US defense apparatus "may not be positioned to effectively employ its forces and capabilities to support civil authorities in a cyberincident."
NORTHCOM has a pre-approved concept plan allowing it to operate civilian cyber missions “with other DOD components supporting in conducting missions,” Kirschbaum said. CYBERCOM, by comparison, does not yet have a formal guideline in place.
US law requires the Pentagon to develop a plan for Cyber Command by next month.
CYBERCOM, for its part, argues that in the event of a cyberattack, the Defense Secretary would likely call on its services, not NORTHCOM, particularly since a number of formal agreements currently list Cyber Command as the authority on the subject.
In June 2015, Robert Salesses, a deputy assistant secretary for Homeland Defense Integration, testified that Cyber Command would oversee the repair process following a cyberattack. A formal agreement between DOD and the Homeland Security Department from 2010 also lists CYBERCOM as the proper authority in the event a cyber emergency.
NORTHCOM does not appear to backing down, however. According to Kirschbaum, the agency stressed it will take the lead in the event of an emergency and that Cyber Command can act in a supporting role.
Until the Defense Department lays some clear ground rules, political infighting could lead to deep confusion and a weak response in the event of a real emergency.