Got a cyber emergency? Call out the National Guard.
- By Kevin McCaney
- Jan 30, 2014
In the event of a natural disaster, state governors can call out the National Guard. In the event of a cyber disaster? They’d like to do the same thing — and Guard units increasingly are ready to respond.
The Guard has been looking to expand its cybersecurity operations at least since the National Cyber Incident Response Plan, released by the Homeland Security Department in September 2010, - recognized the Guard’s potential for adding cyber response to the tasks it already performs, which include information sharing, situational awareness and communications in times of emergency.
In November, Gen. Frank Grass, chief of the National Guard Bureau, said he wanted the Army and Air Guard to emulate the military services in how they respond to cyber incidents and have their teams available to state and homeland security officials, Politico reported.
The idea also is getting additional support from the White House and Congress. The National Defense Authorization Act, signed into law in December, requires DOD to consider the Guard’s capabilities for cybersecurity, and a bipartisan group of senators last year introduced the Cyber Warrior Act, which would mandate cybersecurity civil support teams within the Guard.
The talent is there, spread through Guard units in all 50 states, with guardsman who have civilian jobs as programmers, network administrators and other IT-related jobs, according to the National Guard Association of the United States. “The potential for collaboration between DHS, the lead agency on cyber security, and the Guard in the cyber domain is significant,” the organization says. “The National Guard can channel and utilize its intrinsic hometown history as a force multiplier, bringing together local, state and federal leaders to educate and develop best practices. “
The National Guards in several states have already created cyber units. As Melissa Maynard writes for the Pew Charitable Trusts’ Stateline new service, Washington was the first state where the Guard took up cybersecurity, after officials noticed that many of its soldiers had regular jobs with companies such as Microsoft, Google, Cisco and Boeing. That presented a pool of talent might have been hard to come by otherwise.
“It is generally accepted that we will never be able to recruit, train and retain sufficient numbers of [active duty] cybersecurity specialists in the military to meet our national security requirements,” said Maj. Gen. Tim Lowenberg, who led the state’s forces as from 1999 to 2012. “With the National Guard, we found a combination of leading-edge technical knowledge and long and stable career commitment that are really unique.”
The Guard in Washington has done planning for cyber emergencies and run “red team” exercises to find vulnerabilities in state systems, such as the network of the Department of Licensing, which was implementing an enhanced license for use across the Canadian border and needed to prove its security in order to gain access to DHS databases, Stateline reported.
The Missouri National Guard also is setting up a cyber-threat response team to respond to threats or attacks at both the state, and even national, level, according to the Guard. Funding for the Computer Network Defense Team was approved in February 2013, and the team earned praise at a national defense cyberspace exercise last summer at Fort Meade, Md. The team currently has about a dozen members, but will by October have more than 25, Guard officials said.
"Cyber attacks are now a domain of war and Missouri is taking the lead in cybersecurity," said Staff Sgt. Katie Herrell, readiness sergeant at the team’s headquarters at the Jefferson Barracks in south St. Louis County. "We want to be the unit others think of when it comes to cybersecurity response and threat prevention. This is the future of warfare; it's something that is going to happen and I am very excited to be a part of this team."
In addition to Washington and Missouri, Guards in Maryland, Delaware, Utah, Rhode Island and other states have established cyber response teams.
The Guard’s new emphasis on cybersecurity mirrors the efforts of the U.S. Cyber Command and the cyber commands of the military services, which are significantly expanding their operations, with plans to train a new generation of cyber warriors. One difference is that the full-time military needs to recruit and retain qualified people for the commands, which Defense Secretary Chuck Hagel has admitted could be a challenge. The Guard, of course, will have a different mission than the cyber commands, but for many units, the talent is already in place.
Kevin McCaney is a former editor of Defense Systems and GCN.