Cybercom event explores agency roles in cyber incident response

Cybersecurity and incident response are practices engrained in most every 21st century federal agency. But when it comes to a massive cyber attack requiring the aid of multiple, partnering groups, which agency does what? Last week, the U.S. Cyber Command demonstrated a specific framework for how several critical agencies can play complementary roles in the national cyber incident response process.

With Cybercom at the lead, the FBI hosted the two-week Cyber Guard 14-1 event — a series of cyber incident prevention, mitigation and recovery exercises —  at its Quantico, Virginia, headquarters, bringing together members of the National Guard, National Security Agency and reserves to test operations and coordination in supporting the Department of Homeland Security’s response to national cyber attacks.

While DHS is the highest in command during a domestic cyber threat, Cybercom emphasized a cooperative structure for federal agencies in their support. For instance, the FBI and Justice Department will follow DHS’ lead in prevention and response by investigating, attributing, disrupting and prosecuting cyber threats, as well as dealing with any domestic threat intelligence, according to a Defense Department release. DOD components are thereafter charged with defending the nation from further attack and collecting, analyzing and distributing any foreign threat intelligence, as well as backing DHS in its core roles. A the state level, the National Guard assists governments in recovery from the cyber incident, leaving DHS to focus on the federal effort.

“Practicing as an interagency team is essential to ensure national response to cyber events produce results that are effective and efficient,” said Greg Touhill, deputy assistant secretary of cybersecurity operations and programs at DHS, in a statement. “Exercises like Cyber Guard help us develop and refine key information sharing and coordination processes, understand each other’s capabilities and authorities, and operate in a manner that keeps us in the right formation to present the best national response.”


Cybercom describes Cyber Guard as a “whole-of-nation” effort, one that not only involves the critical defense and intelligence agencies, but also members of academia, industry and state government. In its third iteration, the interagency exercise brought in 550 participants, double the number of last year’s Cyber Guard.

“We talk all the time about physical networks connecting computers and communications,” Robert Anderson, executive assistant director of FBI’s criminal, cyber response and services office, said to participants. “But we must remember that on both ends of that computer network, there is a network of people working toward a common goal: to defeat our adversaries. Cyber Guard helps us get better at using the network of warriors on the front lines — like you — to achieve our goal.”

Attendees, like Coast Guard Rear Adm. Kevin Lunday, Cybercom’s director of training, noted how the event continues to simulate more realistic and intense cyber attacks, which strengthens the units responding in the exercises. The result is a stronger cyber incident response should a major domestic attack occur.

“What you’re doing here is critically important to how we will respond on behalf of our nation to a major cyberattack,” Lunday said to the crowd. “The more we know and share about the adversary and the better-defined our processes are, the better we can defend the nation.”

Latest Podcasts