Five Reasons why a Cyber National Guard is a Good Idea
Successful cyber attacks on critical infrastructure, both private and public, are becoming all too commonplace and way to successful. Moreover, the purpose of many of these attacks increasingly is strategic in nature. U.S. military planners believe that cyber warfare actually will precede the outbreak of conventional military hostilities in an effort to undermine the target’s will and ability to defend itself. According to some experts, the war in cyberspace has already begun.
Today there are few U.S. networks and infrastructure, if any, that are adequately defended. The Department of Defense is undertaking a massive effort to secure not only its networks, but all its computer-related systems and even the chips that go into electronic hardware. The Department of Homeland Security has the responsibility for protecting non-defense federal government networks as well as critical infrastructure, but lacks the authorities and resources to do an effective job. At the state and local levels, while there are different approaches to cyber security, the majority do not even have adequate cyber security plans.
Most critical infrastructure is in private hands. Unfortunately, cyber security is still seen by many private companies as a cost with, at best, indeterminate value. They are reluctant to spend a lot of money on a threat that for them is still hypothetical. Sectors such as the electric power grid, which are subject to limits on what they can charge their customers by state regulators, or those facing declining prices and stiff competition, like oil drilling and refining, particularly loathe spending resources in this area. Yet, as one recent article noted, these sectors are especially vulnerable to cyber attack. “In test after test, private specialists reveal what federal authorities say is a growing national security threat -- control systems for valves, pumps, pipelines and refineries are among the most vulnerable targets to cyberattacks.”
Cyber security should primarily be the responsibility of those public and private entities that own the infrastructure. However, there is a clear role for the federal government in cyber defense against attacks by hostile powers. Several members of Congress have proposed the creation of a separate Cyber National Guard. This idea, or an increased role for the current National Guard in cyber defense, makes sense. Here are five reasons why:
- An expanded cyber defense capability fits with the National Guard’s Title 32 responsibilities to engage in homeland defense activities at the direction of state governors. We are all familiar with the role of the National Guard in dealing with natural disasters. A successful attack on even a portion of the electric power grid, for example, could be many times more destructive of lives and property than the worst hurricane ever experienced. State, local and private resources could be overwhelmed. Cyber defense is a logical extension of the National Guard’s traditional activities in response to emergencies at the state level.
- The National Guard already is increasing its capabilities in cyber defense and has begun to develop a sophisticated capability for cyber defense. There are currently 40 National Guard cyber units in 29 states. In addition to meeting defined requirements to support the active duty military under Title 10, individual Guard units have shaped unique capabilities and concepts of operations that reflect the specific conditions and needs of their particular states. Soon all 50 states will have defensive cyberspace operations elements staffed by the National Guard.
- It is a way of attracting and retaining desired talent. The military is having tremendous difficulty recruiting individuals with cyber skills. The Army has instituted a policy that will allow the direct commissioning of cyber experts into the service with a rank up to colonel. But what about those skilled individuals who do not want a military career? Bringing civilian cyber specialists into the National Guard can create linkages to critical infrastructure that may one day require defense, as well as improving the skills of these individuals to perform their private sector jobs.
- There is a natural fit between the roles and responsibilities of the National Guard and the needs of states and the private sector to protect their critical infrastructure. Cyber defense units in California, Maryland, Wisconsin and Washington, for example, have established collaborative relationships with local utilities. In some instances, National Guard units and local utilities have conducted joint exercises. This is extremely important because these exercises provide the National Guard with timely and relevant information to enable effective responses to future attacks. As Air Force General Joseph Lengyel, head of the National Guard Bureau, observed, “We are experts at building enduring partnerships on all levels -- international, federal, state and local.” Effectively defending local infrastructure requires detailed information sharing, ongoing collaboration and trust. All of these are best done at the local level between the National Guard unit and infrastructure managers.
- A Cyber National Guard could help deter attacks on U.S. infrastructure. Adding to the resiliency of critical infrastructure or being able to rapidly restore its functionality may make this a less attractive target. In addition, familiarity with the operations of critical infrastructure could also make the National Guard better at supporting military operations overseas. The ability to attack an adversary’s networks and infrastructure is part of the new military reality we face.