The media is stirred up again, creating and covering a non-story. They are abuzz that President-elect Trump will violate the old Possee Comitatus Act of 1878, because he announced he will ask the Pentagon – not the Department of Homeland Security (DHS) – to “develop a comprehensive plan to protect America’s vital infrastructure from cyberattacks.” Barking up a storm, they say DHS is responsible for that job, not the Department of Defense (DOD). They contend that U.S. Cyber Command “only defends military networks,” so any shift from DHS to DOD for wider purposes would “violate existing law” and “militarize” defense of our nation’s infrastructure. Simple response: Chill.
Yes, Posse Comatatus is the old limitation on use of military personnel for domestic missions. But even if we interpreted – or misinterpreted – the Trump guidance, which is plainly intended to bring urgency and confidence to the mission of cybersecurity and infrastructure protection, there is no story. For starters, Congress has authorized the U.S. Cyber Command to perform a number of missions that relate to protection of the homeland. Legal experts agree that ambiguity exists, but today military and civilian cyber authorities are both “independent and overlapping.” They support each other, which is appropriate.
As one legal expert recently wrote, “In an ideal world, civilian and military agencies would settle into a working relationship and seamlessly coordinate to defend against cyberattacks under the leadership of the White House Cyber security coordinator.” Short of that, both civilian and military authorities, optimally tops of both chains, will press rolling recommendations for the best possible “comprehensive” defense against cyber threats. With threats multiplying, everyone should be in the game.
Similarly, there is a something called the U.S. Northern Command (NORTHCOM), which shares inside “Continental United States” (CONUS) and border protection authority with civilian agencies. Additionally, the U.S. National Guard is fully entitled to operate within the United States, and often does, for protection of infrastructure, under both State (Title 32) and Federal (Title 10) authorities. Likewise, any effort led by the United States Coast Guard, which is both an armed service and within DHS, is unassailable. But all this is beside the point.
The main point is that this is a tempest in a teapot, another non-story. The Pentagon already has the authority to work on homeland defense issues, and there is an official Assistant Secretary of Defense for “Homeland Defense and Global Security,” complete with authority for “domestic preparedness support initiatives,” the “defense critical infrastructure program,” “homeland defense integration” and “protected critical infrastructure program.” To the extent Congress’ voice is needed, Congress has spoken. They have spoken extensively.
Within the Pentagon, protection of civilian and military infrastructure is already front-and-center. Thus, as an added example, Defense has within the senior policy shop a Deputy Assistant Secretary for “Homeland Defense Integration and Defense of Civilian Authorities,” which is “responsible for the development, coordination, and oversight of integration and implementation of … defense support of civil authorities, programs, and budgets …”
Of special note, all the way back to the 2003 Defense Science Board and Secretary’s report entitled “DOD Roles and Missions in Homeland Security,” there has been understood synergy between Defense and civilian agencies. In fact, as that report observed, “capabilities related to homeland protection will require a holistic approach,” effectively harnessing specialized skills, technologies and knowledge from the Defense Department to support civilian agencies which also protect the Homeland.
Nor is this out of the ordinary. Military personnel have long supported civilian security in both an advisory and select operational roles. For example, under 18 USC Section 831, the Attorney General may request that the Secretary of Defense provide emergency assistance if domestic law enforcement cannot manage a particular threat. Surely, the president has similar authority.
Most recently, the secretary of DHS publicly praised the DHS relationship with Defense, pressing not for less connection but for a “closer” relationship. Specifically, in 2014, he argued Army and DHS have “intersecting missions” that need to “more and more align.” He noted that the Army Corps of Engineers – a centerpiece of critical infrastructure support – has a “vital” role to perform with DHS in assuring Homeland security.
So, yes, in a broad sense, there are longstanding limitations on the use of military personnel inside the United States, but if the president-elect wishes to draw on depth, breadth and specialized expertise resident in Defense to inform and advance greater protection of civilian infrastructure, he should be fully entitled to do so. Indeed, breaking down barriers and stovepipes between disparate federal agencies to keep Americans safe should be counseled and applauded, not condemned and derided.
Operationally and politically, for improved domestic infrastructure protection, the processes that will be followed are plain vanilla. They will be nothing out of the ordinary. When the president-elect asks “the Department of Defense and the Chairman of the Joint Chiefs of Staff to develop a comprehensive plan to protect America's vital infrastructure from cyberattacks," next steps will be the internal canvassing of good ideas from within the Pentagon, then establishment of a National Security Council working group on the topic – led or jointly led by DHS, and a methodical discussion of options, division of authorities, and implementation of recommendations, typically with DHS in the lead, but supported by the Secretary of Defense, US Cyber Command, US NORTHCOM, and National Guard.
There really is no mystery or conspiracy, intrigue or nefarious development here. The question, frankly, is why such a request – at the highest level – for deeper and wider support to the mission of protecting our national infrastructure from threats internal and external, cyber and physical (hacking to power grid), has not occurred before now. And why anyone would question it.
Again, there is a story – but it is not the story that was advanced by the media. The “narrative” or theme advanced was a suggestion of an extra-legal proposal or plot, an attempt to “militarize” some aspect of civilian government. The reality is far simpler: More needs to be done to make the totality of government work for everyday Americans. They are not asking a lot. Just that their government protect them, and that various parts support one another, talk and think toward common aims. That is all. That this is often not happening, even though it should be, is the real story.