Monaco noted that before the National Security Division (NSD) was created within the Department of Justice (DOJ) in 2006 as a response to 9-11, the DOJ’s counterterrorism and counterespionage prosecutors and its intelligence lawyers worked separately without coordinating their actions or sharing information. Now they are well integrated with regard to the terrorist threat, and they are also working to apply those lessons to the cyberthreat. To that end, last year the agency created a nationwide network of National Security Cyber Specialists that “brings together the department’s full range of expertise on national security-related cyber matters, drawing on experts from the NSD, from the U.S. Attorney’s Offices, from the Criminal Division’s Computer Crime and Intellectual Property Section, and from other DOJ components,” she said. “It is a one-stop shop within the DOJ for national security cyber intrusion activity.”
But the same level of coordination does not exist among departments or between the public and private sectors.
A major issue, McConnell explained, is that the legal language that exists to grant agencies the authority to act on various aspects of the problem does not cut across jurisdictions; it exists as separate authorities: Title 18 for the DOJ, Title 50 for intelligence, and Title 10 for the Department of Defense (DoD), for example, with the Department of Homeland Security (DHS) authority being yet another statutory silo. So it is not clear that the National Security Administration (NSA) can share with the DHS information about a U.S. company suffering a cyberattack or that the DHS can share that with a sector that works with the compromised company or the company itself. In fact, McConnell said, if it were a physical attack, “we would not allow that perpetrator to cross our border,” but in the cyber realm, the intelligence agencies may well be aware of a foreign nation’s intrusion into a business and yet not be legally able to warn them about it or stop the intrusion.
To combat the rising threat, McConnell explained, there has to be a connection between the function of listening in on (what he called exploiting) an enemy’s network to learn its capabilities and plans, and being able to respond to those plans in some fashion, perhaps with a countercyberattack if necessary for national defense. On the military side, that’s why it’s so important that the U.S. Cyber Command, established by the military in 2010, continue to report to the Director of the NSA, so that exploiters (the NSA’s intelligence gatherers) and attackers (under the Cyber Command) work hand in glove within the same agency, he said.
Some military and think-tank experts have advocated separating the Cyber Command from the NSA, but McConnell says, “They have never walked in my shoes. Bureaucratically, all cooperation would stop.” If that were done, he says, “I can absolutely assure you...that the heads of those agencies and the members will battle to the death. They absolutely will not cooperate.” It’s just the nature of government bureaucracy, he says, that overlapping missions lead to turf battles.
For that reason, there also needs to be new legislation that removes overlap and conflict and sets a framework for cooperation on the cyberthreat generally throughout government and with the private sector, McConnell said.