The legislatively mandated Quadrennial Defense Review Independent Panel addressed the much debated issue of authority over cybersecurity in the federal space in the report released last week to the Department of Defense.
In the report, the panel expressed concern over the lack of structure in combating potential cyber attacks. While the Department of Homeland Security currently has responsibility over securing cyberspace in civilian agencies, the panel suggested DoD take on a more influential role in its protection.
“Cyber threats against the United States are increasing,” stated the report. “The panel is particularly concerned that the U.S. government remains poorly organized and prepared to defend against those threats. The United States lacks legal authorities for the information age, and capabilities and responsibilities are misaligned within the U.S. government.”
The panel–chaired by Former Defense Secretary William J. Perry and former National Security Adviser Stephen J. Hadley–stated DoD lacks sufficient resources to fully protect the nation against cyber threats and suggested that DoD “should explore innovative ways to harness the enormous intellectual capital in the information realm in the service of the nation.”
Securing the networks of private sector partners was another topic included in the report.
“More than 80 percent of the dDepartment‘s logistics are transported by private companies; mission-critical systems are designed, built, and often maintained by our defense industrial base,” the report said. “The majority of our military‘s requirements are not neatly bounded by the .mil (dot mil) domain; they rely on private sector networks and capabilities.”
While the panel cited the newly established U.S. CYBERCOM as a significant step toward unifying cyber defense, it also suggested Congress consider forming a Joint Cybersecurity and Operations Committee to oversee whole-of-government cyberspace operations.