21 Sep 16. Despite the fact the U.S. military has a component fully dedicated to cyberspace, this command is typically not involved in the majority of major cyber incidents that occur. If you talk about the number of things that happen that you see in the press, “most of those, people always ask: ‘Is Cyber Command involved?’ Typically we’re not,” Cyber Command’s deputy commander, Lt. Gen. Kevin McLaughlin, said at the Air Force Association’s Air, Space and Cyber Conference on Sept. 20. “We track it all and we pay close attention to it, but the attacks of significant consequence is a threshold. It’s not specifically defined … we want enough flexibility as a nation.”
McLaughlin was pointing to the threshold in which the military gets involved in cyber incidents that occur within the U.S. border. Under the military’s support to civil authorities, which also transitions to the physical world — especially during natural disasters — Cyber Command will lend a hand only in “attacks of significant consequence,” in line with one of the command’s three mission sets.
Acting Assistant Secretary of Defense for Homeland Defense and Global Security Thomas Atkin told the House Armed Services Committee in June that the government has a responsibility to defend against attacks of significant consequence, determined by whether there is loss of life, physical damage, an economic impact or an impact on American foreign policy, noting that these factors are determined on a case-by-case basis.
“As far as an attack of significant consequence, which [the Department of Defense] DoD would respond to in the homeland, we don’t necessarily have a clear definition that says this will always meet it,” Atkin said, noting the decision is based upon the four aforementioned criteria. “There are some clear lines in the road, which we would evaluate any specific cyber act or incident in how we would respond to that.”
“U.S. Cyber Command isn’t the entity that decides whether something that happened was an attack on the United States, that’s a policy decision,” he said. “Our contribution to it is having the robust and experienced ISR intelligence capacity connected with other parts of DoD and then we connect that more broadly within the government.”
McLaughlin also added that the government has laid out the policy and responsibilities for those involved during such a crisis. Most of the things you read about in the paper, he said, are either a law enforcement issue or it’s some activity — not against a DoD target but against a broader U.S. target in which DHS has responsibility.
“Our part is making sure we have great, robust intelligence capabilities that contribute to that and that we are ready as soon as something happens that trips that threshold, whether it’s a nation-state attack that DoD is responding to or it’s that attack of significant consequence. At that point, our forces deploy and are ready to respond in any way that we can,” he said.
These ISR roles also include looking for the top cyberthreats in terms of what they are doing, what they are planning and what they are executing in terms of operations. While the theft of credit card data and criminal activity in cyberspace used to be a major problem — to the extent it persists — McLaughlin noted that this is not what the key trends are anymore. Rather, the key trends today are data being stolen for other purposes and network intrusions.
“We’re really interested in securing our data. We’re the big repository for the personal data of where our forces are kept [and] we’re beginning to watch where adversaries actually want to fight and own and take over your networks,” he said. “So can you trust that the network that you have, your cyber terrain that you’re in charge of, that the data within it has good integrity? So we see examples of adversaries that increasingly want to take over and fight for control or ownership of your own networks. That’s different than stealing data … it’s a differen