Should the cyber defense of critical infrastructure be exempted from the posse comitatus act?

Lt Col Private RallyPoint Member — Wed, 02 Mar 2016 15:44:24 -0500

Examples would be electrical grid, water systems, Nuclear power plant, Court systems, Policing systems, medical, banking, media infrastructure, banking systems, state/local government, port security, Telecoms, mass transit, gas/fuel pipeline systems, pharmaceutical systems, traffic management systems, etc

Like to know your thoughts....

Response by PO1 William "Chip" Nagel made Mar 2 at 2016 3:54 PM

PO1 William "Chip" Nagel — Wed, 02 Mar 2016 15:54:03 -0500

Interesting Proposition. Can't wait to hear the Legal Beagles way in. In this day and age definitely something we need to work out! Great Post!

Response by Sgt Aaron Kennedy, MS made Mar 2 at 2016 4:17 PM

Sgt Aaron Kennedy, MS — Wed, 02 Mar 2016 16:17:28 -0500

If you carve out exemptions in the Posse Comitatus (and parallel regulations in other services) to use the Military (et al) on US Soil, it defeats the purpose of the PSA. It's putting the proverbial "Camel's nose in the tent."

We have a latticework of electrical & water systems. Knock over a fire-hydrant and the Army is after you instead of the local cops. Police & Courts. They are already LEOs... why would they need additional help from the military "above and beyond" the NG (which is already exempt from the PSA)?

See how quickly we can get into this rabbit-hole? Many things are already considered "Federal" crimes. Being able to use Military as Police on the Citizenry is just a bad deal.

Response by MAJ Ken Landgren made Mar 2 at 2016 4:34 PM

MAJ Ken Landgren — Wed, 02 Mar 2016 16:34:59 -0500

We need new Joint doctrine, technology, or TTPs or we will end up like France, which was unprepared for mobile warfare. It makes no sense exposing Americans' innocence to terrorist plots that we can flush out. How many must die before we realize that a defensive posture is not good enough?

Response by CPT Jack Durish made Mar 2 at 2016 5:50 PM

CPT Jack Durish — Wed, 02 Mar 2016 17:50:06 -0500

This is an interesting question. It would be fair to view the cybersphere similar to the atmosphere. It can't be divided into neat parcels like the geosphere (national boundaries) or cordoned off like the hydosphere (three mile limits, etc) It transcends such limiting concepts. Tasking separate agencies to defend each section would be impossible because it simply can't be "sectioned". And, even if you could, threats could traverse sections multiple times at lightning speeds thus confounding attempts to coordinate defenses. Of course, the question could be sidestepped by simply assigning defense of America's vital interests in the cybersphere to a "civilian" agency.

Response by MAJ Private RallyPoint Member made Mar 2 at 2016 7:33 PM

MAJ Private RallyPoint Member — Wed, 02 Mar 2016 19:33:54 -0500

MAJ Brewer, I agree with Sgt Kennedy -- no exemption. Though industrial control systems are a potential target for those who wish to do our country harm, ultimately it is the responsibility of the utility or company operating the service to secure their assets. There seems to be a desire at times to hand off risk management to others, including the government. This is the wrong approach and can have unintended consequences that are not desirable.

Most of the utilities are updating their security on these systems, but the challenge is taking 20, 30 and sometimes 50 year old technology and securing it from modern threats. Great career field for someone transitioning.