GAO said in a report released Monday that it found inconsistencies in some guidance documents on which combatant command would be responsible to support civil agencies in the event of a network breach.
Some documents state that the U.S. Northern Command would be the designated supported command to carry out DoDâs Defense Support of Civil Authorities mission during a cyber incident, while other Pentagon officials said it would be the responsibility of the U.S. Cyber Command.
According to the report, the roles of the dual-status commander and the assistant defense secretary for homeland defense and global security during cyber intrusions at civil agencies are not specified in some DSCA guidance documents and DoD’s Directive 3025.18, respectively.
âDOD concurred with the recommendation and stated that the department will issue or update guidance,â the congressional audit agency noted.