Published by The Lawfare Institute
in Cooperation With
The Department of Homeland Security has the lead in protecting the “.gov” and “.com” domains, but the Pentagon must leverage its ten years of concerted investment in cyberdefense to support broader efforts to protect critical infrastructure. The U.S. government has only just begun to broach the larger question of whether it is necessary and appropriate to use natural resources, such as the defenses that now guard military networks, to protect civilian infrastructure. Policymakes need to consider, among other things, applying the National Security Agency’s defense capabilities beyond the “.gov” domain, such as to domains that undergird the commercial defense industry. U.S. Defense Contractors have already been targeted for intrusion, and sensitive weapons systems have been compromised. The Pentagon is therefore working with the Department of Homeland Security and the private sector to look for innovative ways to use the military’s cyberdefense capabilities to protect the defense industry.In addition, the Director of the NSA, General Keith Alexander, is in charge of Cyber Command. Cyber Command defends the ".mil" network, but according to a 2009 Memorandum from the Secretary of Defense, it must also provide “support to civil authorities” in their cybersecurity efforts. Lynn recently stated that Cyber Command “works closely with private industry to share information about threats and to address shared vulnerabilities.” Finally, the NSA is quietly building a $1.5 billion, 1 million square foot cybersecurity data center at Camp Williams near Salt Lake City, Utah. The Camp Williams facility will reportedly “provide intelligence and warnings related to cybersecurity threats, cybersecurity support to defense and civilian agency networks, and technical assistance to the Department of Homeland Security.” I am glad that NSA is involved in domestic cybersecurity beyond the “.mil” network, in these and doubtless other ways. Cyber threats are an enormous challenge to our economic and national security, and we should use every tool at our disposal to meet them. NSA has unparalleled technical expertise and experience in cyberdefense. The problem, of course, is that many people fear NSA involvement in the domestic realm and especially in the private network. As I wrote elsewhere, a “major challenge for the government, and one it has not yet figured out how to accomplish, is to give the NSA wider latitude to monitor private networks and respond to the most serious computer threats while at the same time credibly establishing that the agency is not doing awful things with its access to private communications.” The government seems to be addressing this challenge, slowly and quietly, and thus far without much controversy or pushback.