The only comment I can make is that right now NORAD's requirement is to protect NORAD assets. Whether or not it should then be responsible for tracking other cybersecurity threats—for instance, civilian apparatus—it would mean that we need to change the nature of NORAD and the command and control structures to be able to do that.
