The departments of Defense and Homeland Security said they have reached agreement on ways to help one another defend their respective sections of cyberspace, including a new plan to identify the pieces of domestic critical infrastructure the military depends on most so that it can be prioritized for cyber protection.
The infrastructure protection approach is just one outgrowth of a newly-signed memorandum of understanding between the secretary of Homeland Security, Kirstjen Nielsen, and the secretary of Defense, James Mattis. It’s the latest of several agreements over the past decade that are specific to cyber cooperation, but officials told a House hearing this week the latest version amounts to a “sea change” in the relationship between DoD and DHS.
Insight by Galvanize: During this webinar Marianne Roth, the chief risk officer of the Consumer Financial Protection Bureau, will provide a deep dive into enterprise risk management at CFPB. Additionally, Dan Zitting, the CEO of Galvanize, will discuss how making better use of data and technology can help federal agencies more rapidly allow decision makers address and mitigate risks.
Jeaneatte Manfra, Homeland Security’s assistant secretary for cybersecurity and communications said the agreement respects DHS’s well-established role in defending U.S.-based networks, while also addressing DoD’s concerns about the fact that the networks it depends on are not always under its control or authority.
“We will jointly prioritize a set of high-priority national critical functions and non-DoD owned mission critical infrastructure that is most critical to the military’s ability to fight and win wars and project power,” she told a joint meeting of the House Armed Services and Homeland Security committees. “Based on this prioritization, we will forge a common understanding of strategic cyber threats that can enable private sector network defenders, critical infrastructure owners and government actors to proactively secure their networks and operations.”
Meanwhile, the MOU is meant to help DHS better protect all of the networks it’s charged with defending – both civilian government and privately owned ones – by tapping into a concept DoD articulated in its latest cyber strategy. The “defend forward” approach, as it’s called, aims to use the military’s offensive capabilities to stop threats before they have an impact on its own domestic networks.
Kenneth Rapuano, the assistant secretary of Defense for homeland defense and global security, said the intelligence and experience DoD gains from those operations can also help inform DHS’s efforts to protect critical infrastructure.
“The 2018 DoD cyber strategy prioritizes the challenge of great power competition and recognizes that the department must adapt a proactive posture to compete with and counter determined and rapidly maturing adversaries,” he said. “It makes clear that DoD’s focus on cyberspace, like in other domains, is to prevent or mitigate threats before they reach American soil. This focus complements the DHS cybersecurity strategy’s emphasis on domestic preparedness and risk management. Together, the DoD and DHS strategies form a natural mutually supporting approach to defense in depth.”
Building off of the secretary-level MOU, earlier this week, the two departments signed a second memo setting up a joint steering group that will oversee joint cyber operations and information sharing between DoD and DHS on an ongoing basis.
Rapuano said the intent is to make sure the departments are actually making progress in day-to-day operations, rather than just superficial agreements to cooperate.
And officials said there’s already evidence that they are. DoD and DHS are working on several of what they term “pathfinder” projects, figuring out how to share resources, expertise, and intelligence. The first major example was in the lead-up to the 2018 midterm elections.
“We go through exercises, but these elections gave us a real-world platform where we started working out a lot of these things,” said Lt. Gen. Bradley Shwedo, the chief information officer for the Pentagon’s Joint Staff.” We’re taking these opportunities in a real-world scenario as opposed to some theoretical war game, and I feel we’re gaining a lot of ground”
Election security is a DHS mission – it is the newest of the “critical infrastructure” portions of domestic cyberspace that department is in charge of protecting. Because of that, DoD officials said they only provided help in their Defense Support to Civil Authorities role, much as they might do in the case of a wildfire or a hurricane.
But Rapuano said DoD delivered a wide variety of help leading up to the midterms, including about a dozen personnel who were detailed to DHS’s National Cybersecurity Communications and Integration Center.
“We provided standing approval for DoD personnel to support DHS cyber incident response activities in the event a significant cyber incident impacted elections infrastructure,” he said. “The National Guard also played an important role in election support: governors from several states used National Guard personnel in state status to support election cybersecurity in accordance with state law and policy. Beyond elections, DoD is focused on how to improve collaboration with DHS and the critical infrastructure sectors. Through a series of pathfinder initiatives, we are enabling private sector entities to defend their networks by sharing relevant threat information. In turn, these pathfinders will enable the Department of Defense to leverage private sector threat information to inform DoD cyberspace operations.”
And going forward, officials said that type of cooperation – aimed at countering nation state threats to critical infrastructure – is going to be more and more vital, considering the information the departments have already gathered about attempts to penetrate those systems.
In some cases, officials said Russian government actors have managed to gain access to systems in the energy, nuclear, water, aviation, and critical manufacturing sectors, part of an ongoing campaign.
“What we are seeing from both Russia and China is they prefer to stay below the level of the threshold of armed conflict,” Shwedo said. “My concern is sometimes the citizenry is the soft underbelly, and I think that’s why it’s so important to make sure that we get it right when we go through these pathfinders to get DHS the information and the support they need.”