Dive Brief:

• A report published by the Government Accountability Office this week said the Pentagon does not adequately define who would take charge in the event of a nationwide cyberattack.
• While it’s clear that the Defense Department would support the Department of Homeland Security, little else is well-defined, according to the report. Homeland Security would be the civilian agency in charge of a cyber-incident. 
• The problem arose because of conflicting orders from the United States Military Northern and Central Command, both of which say they would support civil command during an attack.

Dive Insight:

Government agencies and enterprises alike are struggling to dictate who is in charge in case of a cyberattack, whether its ransomware or DDoS attack. 

A survey of more than 1,500 C-level executives from a variety of industries released earlier this week found most aren’t giving cybersecurity enough credence, even though a breach has the potential to seriously harm their business. Most executives remain unprepared for, and even "willfully ignorant," of cybersecurity threats, according to the survey from Tanium, NASDAQ and the University of London found.

The Defense Department "has developed overarching guidance about how it is to support civil authorities as part of its Defense Support of Civil Authorities (DSCA) mission, but DOD's guidance does not clearly define its roles and responsibilities for cyber incidents," the GAO said in its report. The agency fears that bureaucracy could impede a swift cybersecurity response. 

The lack of clarity is causing confusion over who should "coordinate and conduct" a response to support civil authorities. Expressing concern over the situation, the watchdog report recommended that the Defense Depart update and clarify roles for military command in case of a domestic cyber incident.