Army Gen. Keith Alexander, head of U.S. Cyber Command, yesterday said that civilian agencies should have the lead in responding to most cyber attacks on U.S. soil.
"From my perspective the domestic actor would be the FBI," said Alexander, responding to a question from Rep. Joe Heck about the command's role in responding to cyber attacks that originate in the United States. "We share our tools with the FBI. They work through the courts to have the authority to do what they need to do in domestic space to withstand an attack."
Cyber Command and FBI Director Robert Mueller have "come up with a way that he would do inside [the U.S.] and we would do outside," Alexander added, in testimony to a House Armed Services subcommittee.
Alexander went on to point out that DOD, the FBI, and the Department of Homeland Security are hammering out ways to share information on cyber threats extremely quickly -- figuring out where the attack is coming from; determining whether it's a criminal, espionage, or destructive attack; and allowing the appropriate agency to take the lead while receiving support from the others.
"There may be points and times where you have, you know, significant attacks where we need to change parts of that [civilian-led response structure], but the key thing is to have him [Mueller and the FBI] do inside the country," said Alexander. "He would work with the courts as appropriate to do his portion of the mission. Outside the country, that's where we would operate." (Click here to read about the offensive cyber teams that DOD is standing up to conduct operations outside the United States.)
It's worth noting that some of the teams that Cyber Command is establishing to "operate and defend" networks will work closely with "DHS and FBI as required," said Alexander.
Still, as Alexander noted, "the Defense Department will do its part to defend the country. It's not going to just defend itself. Our job is to defend the country and the focus would be obviously on critical infrastructure, just as it would be in kinetic and other things."
He elaborated on the key questions that govern the debate as to when the military becomes deeply involved in responding to a cyber incident.
"The issue becomes, when does an exploit become an attack, and when does an attack become something that we respond to? Those are the policy decisions, and the red lines that go to those will be policy decisions" for the White House, said the four-star. "Our job would be to set up the options that the president and the secretary could to stop [destructive cyber attacks from an outside enemy]. And as you may recall, both the former president and the current president have both said that they would keep the options open in this area. I mean, I think that's reasonable, from using State Department to demarche, all the way over to kinetic options or cyber. So they have that whole range."