U.S. Inter-Agency Structure

Cyber-Physical Response and Critical Infrastructure Protection

The American response to cyber-physical threats sits at a crossroads of defense, intelligence, commerce, and agriculture. No single agency owns it; responsibility is distributed across departments with overlapping mandates and competing priorities. This fragmentation is both a strength—providing redundancy and diverse expertise—and a vulnerability that adversaries exploit.

U.S. Inter-Agency Coordination Structure
flowchart TB %% Executive NSC[National Security Council] %% Intelligence Community subgraph IC[Intelligence Community] CIA[CIA - Foreign Intelligence] NSA[NSA - SIGINT and Cyber] DIA[DIA - Defense Intelligence] end %% Homeland Security subgraph DHS[Department of Homeland Security] CISA[CISA - Infrastructure Security] USCG[Coast Guard - Maritime] SS[Secret Service - Financial Crimes] end %% Justice subgraph DOJ[Department of Justice] FBI[FBI - Domestic CI and Cyber] CYBD[Cyber Division] CIS[Critical Infrastructure Section] end %% Defense subgraph DOD[Department of Defense] CYCOM[U.S. Cyber Command] JSOC[Joint Special Operations] end %% Agriculture and Food subgraph AGFOOD[Agriculture and Food Safety] USDA[USDA - Agriculture] FDA[FDA - Food Safety] CDC[CDC - Disease Control] end %% Flows NSC --> IC NSC --> DHS NSC --> DOJ NSC --> DOD NSC --> AGFOOD CIA -.->|foreign intel| FBI NSA -.->|SIGINT support| CYCOM NSA -.->|cyber intel| CISA CISA -->|sector coordination| USDA CISA -->|threat sharing| FBI FBI --> CYBD --> CIS CYCOM -.->|offensive ops| NSA USDA -.->|food chain intel| FDA FDA -.->|outbreak data| CDC %% Styles classDef exec fill:#2b2016,stroke:#ffb35a,color:#e8eef5; classDef intel fill:#1a2430,stroke:#52ffa8,color:#e8eef5; classDef dhs fill:#12313d,stroke:#52ffa8,color:#e8eef5; classDef doj fill:#1a2430,stroke:#52ffa8,color:#e8eef5; classDef dod fill:#2b2016,stroke:#ffb35a,color:#e8eef5; classDef ag fill:#12313d,stroke:#52ffa8,color:#e8eef5; class NSC exec; class CIA,NSA,DIA intel; class CISA,USCG,SS dhs; class FBI,CYBD,CIS doj; class CYCOM,JSOC dod; class USDA,FDA,CDC ag;

The Coordination Challenge

When a threat spans multiple domains—cyber intrusion, biological contamination, agricultural disruption, and foreign intelligence—no single agency has complete visibility. The National Security Council coordinates at the strategic level, but operational response often depends on which agency detected the threat first, creating "first-mover" dynamics that can delay unified action.

In Dark Recipe, this structural fragmentation becomes a plot element. The attack exploits the seams between agencies—too "agricultural" for Cyber Command, too "cyber" for the FDA, too "domestic" for the CIA, and too "foreign" for the FBI's traditional jurisdiction.

Key Agencies

CISA DHS

Cybersecurity and Infrastructure Security Agency

Established in 2018, CISA coordinates critical infrastructure protection across 16 designated sectors, including Food and Agriculture. CISA operates the National Cybersecurity and Communications Integration Center (NCCIC), which serves as the 24/7 hub for cyber threat analysis and incident response. However, CISA's authority is largely advisory—private sector compliance remains voluntary.

Key Programs: Joint Cyber Defense Collaborative (JCDC), Shields Up campaign, Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)

In the novel: CISA analysts are among the first to notice anomalous patterns in agricultural IoT telemetry, but struggle to escalate findings through proper channels.

FBI Cyber Division DOJ

Critical Infrastructure Section

The FBI's Cyber Division investigates domestic cyber intrusions with a nexus to national security. The Critical Infrastructure Section specifically handles threats to essential services. FBI maintains 56 field offices with dedicated cyber squads and embeds legal attachés in embassies worldwide for international coordination.

Key Capabilities: National Cyber Investigative Joint Task Force (NCIJTF), Cyber Action Teams for rapid deployment, InfraGard partnership with private sector (30,000+ members)

In the novel: Agent Steele operates from the Critical Infrastructure Section, navigating the tension between building a prosecutable case and stopping an active attack.

NSA / U.S. Cyber Command DOD

Signals Intelligence and Offensive Cyber Operations

The National Security Agency provides signals intelligence and cybersecurity support to the Intelligence Community and Defense Department. U.S. Cyber Command, co-located with NSA at Fort Meade, conducts military cyberspace operations. Under the "dual-hat" arrangement, the same four-star general commands both organizations.

Key Authorities: Title 10 (military operations), Title 50 (intelligence activities), persistent engagement doctrine, "defend forward" strategy

In the novel: NSA analysts identify the attack's foreign signatures, but classification barriers slow information sharing with domestic responders.

CIA IC

Central Intelligence Agency

The CIA collects foreign intelligence through human sources (HUMINT) and conducts covert operations abroad. While prohibited from domestic surveillance, CIA provides critical context on foreign adversary capabilities, intentions, and cyber doctrine. The Directorate of Science and Technology maintains expertise in technical collection and analysis.

Key Divisions: Directorate of Operations (clandestine service), Directorate of Analysis, Directorate of Science and Technology, Center for Cyber Intelligence

In the novel: CIA case officers provide historical context on Chinese agricultural intelligence programs and identify potential links to MSS operations.

USDA / FDA Agriculture

Food and Agriculture Sector Security

The U.S. Department of Agriculture and Food and Drug Administration share responsibility for food safety—USDA oversees meat, poultry, and eggs; FDA covers everything else. USDA's Office of Homeland Security coordinates sector-specific protection, while FDA's Office of Criminal Investigations handles food defense.

Key Programs: Food and Agriculture Sector Coordinating Council, Carver+Shock vulnerability assessments, FSMA (Food Safety Modernization Act) preventive controls

In the novel: FDA investigators initially pursue a contamination theory, unaware that the source is algorithmic rather than physical—a gap Knox Ramsey must bridge.

The Seams Between Agencies

Every inter-agency structure has seams—boundaries where jurisdiction, authority, and information flow become ambiguous. Sophisticated adversaries study these seams and design operations to exploit them:

  • Classification barriers: Intel agencies hold information at levels domestic responders can't access
  • Jurisdictional gaps: Foreign-origin attacks on domestic targets create FBI/CIA handoff delays
  • Sector silos: "Agriculture" and "cyber" expertise rarely exist in the same team
  • Private sector opacity: Companies fear liability and resist sharing breach information
  • Speed mismatch: Adversary OODA loops operate faster than bureaucratic coordination

In Dark Recipe, Operation Harvest Cloud is specifically designed to fall into these gaps—appearing as a food safety issue to cyber analysts and a cyber issue to food safety inspectors, while the attack clock continues ticking.

"The attack wasn't hidden. It was visible to everyone and owned by no one."

Historical Context: Why This Structure Exists

The current inter-agency framework emerged from hard lessons. The 9/11 Commission identified intelligence "stovepiping" as a critical failure. The 2014 Sony Pictures hack exposed gaps in private sector coordination. The 2020 SolarWinds compromise revealed supply chain blind spots. Each incident prompted reforms, but also added complexity.

The challenge isn't lack of capability—U.S. agencies possess world-class technical resources. The challenge is coordination at speed. When an attack unfolds over six weeks across multiple harvest cycles, traditional incident response timelines become inadequate. The bureaucracy that ensures accountability in peacetime becomes friction during crisis.

Compiled from publicly available government sources, Congressional testimony, and policy research — 2025 edition