The Government Accountability Office has called on the Defense Department to revise its guidance in order to define the responsibilities of DoD components and other entities in providing support to civil agencies during cyber attacks.
GAO said in a report released Monday that it found inconsistencies in some guidance documents on which combatant command would be responsible to support civil agencies in the event of a network breach.
Some documents state that the U.S. Northern Command would be the designated supported command to carry out DoD’s Defense Support of Civil Authorities mission during a cyber incident, while other Pentagon officials said it would be the responsibility of the U.S. Cyber Command.
According to the report, the roles of the dual-status commander and the assistant defense secretary for homeland defense and global security during cyber intrusions at civil agencies are not specified in some DSCA guidance documents and DoD’s Directive 3025.18, respectively.
“DOD concurred with the recommendation and stated that the department will issue or update guidance,” the congressional audit agency noted.