WASHINGTON: The Homeland Security and Defense Departments don’t expect a significant cyber attack on next week’s elections. But both agencies are eager to avoid a repeat of 2016, so just in case, military Cyber Protection Teams are on standby and able to respond “within hours,” a senior Pentagon official told reporters.
“Back in the spring, we were challenged with, are we doing enough, and should we be doing more?” said the Deputy Assistant Secretary of Defense for Cyber Policy, retired Maj. Gen. Edwin Wilson, referring to high-profile hearings and media coverage questioning the Trump Administration’s lack of preparations. “That’s why we’ve stepped in to partner with DHS. So we asked them where they had gaps.”
“We haven’t deployed anyone, just to be clear,” Wilson said. “We’ll have a traditional prepare-to-deploy order, (and) the members and teams are on recall ready to go within hours.”
“If called upon, we would operate under DHS authorities,” Wilson told reporters, speaking after a joint appearance at the Carnegie Endowment for International Peace with the Assistant Secretary of Homeland Security for Cybersecurity & Communications, Jeannette Manfra.
“There would not be any independent DoD teams,” Wilson emphasized. Instead, the military teams would fall in on Department of Homeland Security structures, with command and control channeled through the DHS National Cybersecurity & Communications Integration Center (NCCIC).
Wilson didn’t specify how many Defense Department personnel were on call, although he did say it was “less than a hundred.” Even those relatively limited numbers, however, roughly doubled the number of skilled cyber personnel available, he said.
While the Department of Homeland Security can organize and deploy its own Incident Response Teams for cyber, “they have a limited capacity to do that,” Wilson explained. So, as the two departments and other agencies brainstormed and wargamed for the elections, “one of the questions was if we had a significant event, (can) the Department of Defense bring additional capacity to those (DHS) teams?”
“We actually have very similar skillsets on the defensive side,” Wilson said. “(In) our Cyber Protection Teams that make up about sixty percent of our Cyber Mission Force, when you look at the skillsets, they’re very transferable.”
Winter Isn’t Coming — But…
All this is simply applying standard Pentagon procedures for Defense Support to Civil Authorities (DSCA) to a new area, cybersecurity, Wilson said: “We want to normalize it.” It’s similar to how the military works with FEMA (also part of DHS) to get packages of military supplies — drinkable water, food that doesn’t require refrigeration, repair materials — physically ready and bureaucratically pre-approved before hurricane season, so FEMA can get help quickly when it calls for it.
None of this is meant to indicate that a major attack is coming, Wilson and Manfra both emphasized. The two departments are sharing intelligence with each other, with the broader intelligence community, with federal, state, and local officials, and with the private sector like never before, they both said.
“With a relatively high degree of confidence, we do not see the threats like we’ve seen in the past,” Wilson said. “But we don’t want to wait for the significant event and all be looking at each other.”
“To be very clear, there is no intelligence or anything that would suggest that we would be in this situation,” Manfra said, “but we wanted to have all of the various different bureaucratic and legal agreements pre-negotiated, settled, we wanted to have a very clear understanding if we did need to call on DoD resources.”
“We have actually worked this in other sectors,” Manfra went on. “So far we have not had to actually take advantage of the DoD assets, but it’s always now a part of our planning… We’ve got all the lawyers, they know each others’ phone numbers, they know what these forms look like.”
Both departments are trying to be more proactive and flexible than in the past, when discussions often degenerated into finely parsing who had responsibility for what and how soon they could dump the problem on someone else. The Pentagon in particular had a deep-seated reluctance to get involved in anything involving domestic security, and it took years after 9/11 to overcome it.
Manfra put it more diplomatically. “A lot of the conversations, both on the policy and on the operations side, in the past, have been a lot about ‘what’s my clearly defined role, what’s your clearly defined role, and how do we hand that off very clearly so it’s very obvious who’s in charge when’ — and it just doesn’t work that way,” she said. “The more we understand what our authorities are…. they’re not overlapping, but they’re complementary.”
While an attack on the election probably won’t happen, it’s working through such highly specific scenarios that let both Homeland Security and Defense figure out how to cooperate better. “Let’s stop talking at a high level about very abstract concepts,” she said. “Let’s take a few key issues where we want to work together and just work through it and be open to adjustments. (Get) the actual operators and analysts together and really start to have conversations at that level, because they’re going to identify a lot of things, both good and bad, that you may not get just by sitting in high level meetings.”