Incident & Breach Response , Managed Detection & Response (MDR) , Security Operations

Who's In Charge During a Major Cyber Attack?

House Members Raise Questions; Dissatisfied with the Answers
Who's In Charge During a Major Cyber Attack?
Rep. Peter King asked two straightforward question: If a sophisticated attacked occurred against the United States financial systems, who would coordinate the response and whose authorities would be triggered?

King, the New York Republican who serves as the ranking member of the House Homeland Security Committee, wasn't satisfied with the answers.

At Wednesday's committee hearing on the Department of Homeland Security's cybersecurity role, Greg Schaffer, DHS assistant secretary for cybersecurity and communications, said that ultimately the White House is responsible for coordination, with other agencies being involved. And for the financial industry specifically, he said, "I believe DHS has the lead."

"We're in the process to building out a national cyber incident response plan, and that plan would more clearly define roles and responsibilities of the different departments and agencies," Schaffer said.

King said Schaffer's response didn't build confidence, saying if an attack occurred tomorrow, not everyone would know how to respond. "It seems that you're still trying to work you're way through that," King said.

Schaffer said the administration is working on finalizing a national cyber incident response plan. "Until that is finalized and moved through the interagency process," he said, "there will be some questions but we are in the process of trying to get some clarity here."

Earlier in the hearing, committee chairman Bennie Thompson, D.-Miss., asked a similar question on who would be in charge if the federal government's civilian agencies networks came under a cyber attack. Schaffer response was more definitive: DHS would lead the response. "The various departments and agencies - including the Department of Defense, the NSA (National Security Agency) and various others - would all be involved and engaged, depending on what the nature of the attack looked like, where the attackers were focusing their energies and what was needed in order to execute on the response," he said.

Thompson then turned to Gregory Wilshusen, to get the view of the Government Accountability Office's information security director. Wilshusen replied: "I think that's one of the challenges that needs to be addressed: Who is actually in charge? With the White House cybersecurity coordinator in place now, what is his role relative to at DHS? I think that is certainly a valid challenge that still remains to be addressed."

Thompson asked, "We're not quite sure who's in charge?"

Wilshusen responded: "I think that's the case, yes."

The mystification of who is in charge explains, in part, the enthusiastic support voiced by several committee members for the comprehensive cybersecurity bill introduced last week by Sens. Joseph Lieberman, ID-Conn., Susan Collins, R.-Maine, and Tom Carper, D.-Del. Their bill, Protecting Cyberspace as a National Asset Act, establishes two offices - the Office of Cyberspace Policy in the White House and the National Center for Cybersecurity and Communications (N3C) in DHS - with specific cybersecurity responsibilities assigned to each. Simply, the Office of Cyberspace Policy would be responsible for developing government cybersecurity strategy and N3C would be charged to oversee day-to-day information security defense across the non-military, non-intelligence IT infrastructure of the federal government.

Rep. Jane Harman, D.-Calif., said she spoke with Thompson about sponsoring with King a House version of the Lieberman-Collins-Carper bill, characterizing the Senate measure as an excellent effort. "I'm sure it will change as it goes through the legislative process, but it would be a good thing to work with our counterparts in the Senate on this," she said. "It would give the government new powers and new focus, and perhaps, I hope, provide the sustained leadership ... we urgently need."

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.