The United States should not create a separate military cyber service, former Defense Secretary James Mattis said Wednesday, but rather should establish a way for the Pentagon to operate inside the country in the event of a serious cybersecurity incident.

The remarks from Mattis came on the same day that the House Armed Services Committee adopted into the annual defense policy bill an amendment ordering a study on the possibility of a U.S. Cyber Force, with its author citing limitations in Cyber Command’s role. A similar provision was excluded from a final deal on last year’s defense authorization law.

“CYBERCOM has been an incredibly well-led organization that has made the best of the hand it’s dealt,” Rep. Morgan Luttrell, R-Texas, wrote in Defense News this week. “But the limitations of the current structure — with cyber officers and enlisted personnel spread across the Army, Navy, Air Force, and Marine Corps — are more apparent and the implications are more dangerous than ever before.”

Mattis contended in a conversation at DefenseTalks hosted by DefenseScoop that it would be unwise to break out a separate service.

“The problem with that is if you take good people and bad processes, I’ve learned over many years in the military, bad processes will dominate nine out of 10,” he said. “You don’t want to relieve your military — your Navy, your Army, your Air Force — you do not want to relieve them of the responsibility for protecting their nets and attacking the enemy.”

Given DOD’s capabilities, it would be better to figure out how to let it operate in cyberspace, Mattis said.

“If you look at my job as a secretary of defense, I had 95% of the country’s cyber defense and cyber offense under me, between U.S. Cyber Command and of course, my connection at NSA,” he said. “The organization charged with protecting inside the country, our infrastructure, the Department of Homeland Security, we’ve got 5% of our defense capability. But the bottom line is, we do not want to set up another entire internal defense, and yet I have no authority to operate inside this country. None whatsoever.”

The solution, he suggested, was putting an FBI official in Cyber Command as deputy director, and Congress setting up a special court similar to the Foreign Intelligence Surveillance Court with the ability to work at any time of day.

In a major emergency, such as an attack on hospitals or power or water systems, the court could snap into action, he said.

“Basically, if we find the enemy has penetrated into New York City Power and Light, we could immediately get a warrant, the commander of U.S. Cyber Command would step aside, the deputy commander would take over and bring all of NSA and U.S. Cyber Command together to defend the country,” Mattis said.

The process would also need an inspector general to oversee it, and ample reviews from Congress, which would “drive Congress crazy with their oversight, but they can do it,” Mattis said.

The post Mattis: Don’t create separate military cyber service appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

TimbreStealer Malware Targets Mexican Victims with Tax-Related Lures

February 29, 2024 0 Comments 0 tags

The maker of the Mispadu Trojan started distributing a new infostealer with financial lures to Mexican users, Cisco Talos found

Pharma Giant Cencora Reports Cybersecurity Breach

February 29, 2024 0 Comments 0 tags

The breach was discovered on February 21 2024, according to an SEC filing published on the same day

US Targets Crypto Firms Aiding Russia Sanctions Evasion

March 26, 2024 0 Comments 0 tags

The US Treasury has designated several Russian blockchain and virtual currency firms for sanctions evasion