In an effort to bring more robust awareness and capabilities to share in the cyber security domain, the Departments of Defense and Homeland Security earlier this month entered into an agreement that calls for more focused information sharing on cyber threats as well as better complementing each other in terms of roles and responsibilities when responding to incidents.
Information sharing between DoD and DHS on cyber threat isn’t new but is now on a more robust scale, Ed Wilson, the deputy assistant secretary of defense for Cyber Policy, said on Tuesday at the annual federal symposium hosted by the cyber security firm Symantec [SYMC]. The memorandum of understanding (MoU) puts the “full weight” of DoD behind the needs to help defend the homeland, he said.
Later, at an event hosted by the Carnegie Endowment of International Peace, Wilson said that when it comes to response efforts, DoD is working under DHS authorities.
Already, the DoD has been working with DHS in “live operations” in the area of election security, Wilson said. DoD has been able to help DHS double its manpower in helping bolster election security, he said.
The Defense Department’s focus is external so there is a need to bring information gathered in this context to the larger federal government, such as about threats that may be forming, and share that information “ahead of time,” Wilson said. And given the more aggressive posture the U.S. is taking regarding cyber operations, a choice can be made to disrupt or deny this threat, whether it’s through cyber effects or another means, he said.
The MoU “lays out the pragmatics to build a better relationship, partnership if you will, to be more responsive to the needs of the nation,” Wilson said. The MoU also is based on the fact that homeland security in the cyber domain is “unique” in terms of threats and consequences, he said.
In July, the Office of the Director of National Intelligence published its first unclassified report on sustained efforts by nation state actors, such as China and Russia, to target the software supply chains of U.S. companies. The U.S. intelligence community following the 2016 presidential elections said that Russia conducted a wide-ranging effort to influence the outcome of the election in favor of current U.S. President Donald Trump.
Wilson said if there is a significant incident in the U.S. that “outstrips” the capabilities of other federal departments and agencies, DoD can “bring to bear” its own capabilities to help with homeland security.
While the election security demands have required near-term help from DoD, the department is also working with DHS on “pathfinder” efforts in the financial and energy sectors to understand how to best share information and bring complementary response efforts to bear in case of a significant incident, Wilson said. As lessons are learned from these initial efforts, solutions can eventually be scaled up, he said.
“If we need to push back against a particular threat, the people or the organization in the United States that we’re going to turn to is the Department of Defense,” Wilson said. “And so, by having the partnership, if we understand the threats, we can then be prepared to take action required and so it’s been a very informative relationship.”
With the MoU and the stronger coordination between DHS and DoD, it allows the organizations to think better think through the problems and put “mechanisms” in place, Wilson said.
“We don’t want to be caught flat-footed if called upon,” he said.
With the maturing of U.S. Cyber Command, the DoD is in a better position than it was several years ago to help with the homeland security missions, he said.
While DHS gets help from DoD in terms of better understanding the threat picture and resources to respond to threats, by working with DHS, DoD gets to better understand how to work with critical infrastructures in the U.S. and what the needs of these critical infrastructures are, Wilson said. DoD, like the rest of the U.S., also relies on these critical infrastructures in the U.S., he said.