File picture: Kacper Pempel / Reuters. File picture: Kacper Pempel / Reuters.
Washington DC - The US Department of Defense has developed guidelines about supporting civil authorities in the event of cyber emergencies caused by hostile attacks, but has failed to clearly define its role in such crises, a Government Accountability Office (GAO) report revealed.
“[The Defense Department's] guidance does not clearly define its roles and responsibilities for cyber incidents,” the report, issued on Monday, stated.
The GAO pointed out that Defense Department guidance also does not clarify the roles and responsibilities of key entities such as the military command required to provide support or the government agency, or local or state government under attack that requires federal aid.
The relevant Defense Department directive does not specify the responsibilities of its components, such as the Assistant Secretary of Defense for Homeland Defense and Global Security, “in supporting civil authorities for cyber incidents,” the report said.
Various Defense Department guidance documents are inconsistent on which combatant command would be designated the supported command and have primary responsibility for supporting civil authorities during a cyber incident, the GAO added.
Defense Department officials acknowledged to GAO investigators they had not yet determined the approach it would take to support a civil authority in a cyber incident. In January 2016, the Defense Department had not begun to issue any such guidance and did not know when the guidance would be completed, the report concluded.
Sputnik