Posted on Mar 2, 2016
Should the cyber defense of critical infrastructure be exempted from the posse comitatus act?
16.7K
15
13
1
1
0
Examples would be electrical grid, water systems, Nuclear power plant, Court systems, Policing systems, medical, banking, media infrastructure, banking systems, state/local government, port security, Telecoms, mass transit, gas/fuel pipeline systems, pharmaceutical systems, traffic management systems, etc
Like to know your thoughts....
Like to know your thoughts....
Posted in these groups: 
17DX: Cyberspace Operations
Homeland SecurityDHS
US Department of Homeland Security
Privacy
17DX: Cyberspace Operations Homeland SecurityDHS US Department of Homeland Security Privacy
Posted 10 y ago
Responses: 4
4
4
0
If you carve out exemptions in the Posse Comitatus (and parallel regulations in other services) to use the Military (et al) on US Soil, it defeats the purpose of the PSA. It's putting the proverbial "Camel's nose in the tent."
We have a latticework of electrical & water systems. Knock over a fire-hydrant and the Army is after you instead of the local cops. Police & Courts. They are already LEOs... why would they need additional help from the military "above and beyond" the NG (which is already exempt from the PSA)?
See how quickly we can get into this rabbit-hole? Many things are already considered "Federal" crimes. Being able to use Military as Police on the Citizenry is just a bad deal.
We have a latticework of electrical & water systems. Knock over a fire-hydrant and the Army is after you instead of the local cops. Police & Courts. They are already LEOs... why would they need additional help from the military "above and beyond" the NG (which is already exempt from the PSA)?
See how quickly we can get into this rabbit-hole? Many things are already considered "Federal" crimes. Being able to use Military as Police on the Citizenry is just a bad deal.
(4)
(0)
Sgt Aaron Kennedy, MS
Col (Join to see) - No deviation from current from current military posture.
That is not to say "do nothing" but operate as we have been. We work to defend against cyber attacks, while the FBI is our reactive force. Each agency & department has a specific charter for a reason. We put limits on those agencies' power for a reason.
But in this line of thought, I'd suggest the following book:
http://www.amazon.com/gp/product/055341996X?keywords=lights%20out%20koppel&qid= [login to see] &ref_=sr_1_1&sr=8-1
That is not to say "do nothing" but operate as we have been. We work to defend against cyber attacks, while the FBI is our reactive force. Each agency & department has a specific charter for a reason. We put limits on those agencies' power for a reason.
But in this line of thought, I'd suggest the following book:
http://www.amazon.com/gp/product/055341996X?keywords=lights%20out%20koppel&qid= [login to see] &ref_=sr_1_1&sr=8-1
Amazon.com: Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath...
Amazon.com: Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath (9780553419962): Ted Koppel: Books
(1)
(0)
(1)
(0)
Col (Join to see)
Just to piggyback on my last response. The book is great. As a companion book, I recommend Cyberwar by Richard Clarke.
(2)
(0)
1
1
0
This is an interesting question. It would be fair to view the cybersphere similar to the atmosphere. It can't be divided into neat parcels like the geosphere (national boundaries) or cordoned off like the hydosphere (three mile limits, etc) It transcends such limiting concepts. Tasking separate agencies to defend each section would be impossible because it simply can't be "sectioned". And, even if you could, threats could traverse sections multiple times at lightning speeds thus confounding attempts to coordinate defenses. Of course, the question could be sidestepped by simply assigning defense of America's vital interests in the cybersphere to a "civilian" agency.
(1)
(0)
1
1
0
Interesting Proposition. Can't wait to hear the Legal Beagles way in. In this day and age definitely something we need to work out! Great Post!
(1)
(0)
Col (Join to see)
Thank you. Just want to know what exactly the legal hurdles are...I also want to hear the slippery slope argument.
(0)
(0)
0
0
0
MAJ Brewer, I agree with Sgt Kennedy -- no exemption. Though industrial control systems are a potential target for those who wish to do our country harm, ultimately it is the responsibility of the utility or company operating the service to secure their assets. There seems to be a desire at times to hand off risk management to others, including the government. This is the wrong approach and can have unintended consequences that are not desirable.
Most of the utilities are updating their security on these systems, but the challenge is taking 20, 30 and sometimes 50 year old technology and securing it from modern threats. Great career field for someone transitioning.
Most of the utilities are updating their security on these systems, but the challenge is taking 20, 30 and sometimes 50 year old technology and securing it from modern threats. Great career field for someone transitioning.
(0)
(0)
Col (Join to see)
There currently is exemptions (sort of) I place. The National Guard has the ability response under title 32. Under the dual status commander concept, title 10 forces can have dual hatted authorities.
What about the criminal courts / policing systems? Fuel pumping systems that provide fuels to our fighters from distro points that traverse states? Telecommunication backhauls carry C2 and intel networks.
The DOD is pursuing the third offset strategy off loading processing of critical information into the cloud utilizing AI to improving the speed of C2 my orders of magnitude. We need to be able to protect them. Are the authorities and laws adequate to address this?
I agree utilities should do more and will but they do not have the capacity to fight off nation states that are already in the system
What about the criminal courts / policing systems? Fuel pumping systems that provide fuels to our fighters from distro points that traverse states? Telecommunication backhauls carry C2 and intel networks.
The DOD is pursuing the third offset strategy off loading processing of critical information into the cloud utilizing AI to improving the speed of C2 my orders of magnitude. We need to be able to protect them. Are the authorities and laws adequate to address this?
I agree utilities should do more and will but they do not have the capacity to fight off nation states that are already in the system
(0)
(0)
MAJ (Join to see)
Though there are exemptions, we have to be careful about how they are used. If the government is going to step up and take over protection, then they have to take over operations as well. You can't control one without controlling the other. This would not be good. Better to help companies protect their assets than take over the responsibility for protecting their assets.
(0)
(0)
Read This Next
Continue with Facebook 
Continue with Google