National Guard July 2014 : Page 28

CYBER UNCERTAINTY Liability questions must be answered, privacy is-sues must be resolved, and there is great reluctance on the part of many private companies to give gov-ernment officials, including Guardsmen, access to data in private computer systems. There are even questions about Guard cyber units helping other Guard cyber units, Lunderman says. While states have entered Emergency Man-agement Assistance Compacts that enable Guard units to cross state lines to assist other states during hurricanes, floods and wildfires, does a cyberat-tack constitute an EMAC emergency, Lunderman wonders. Can Washington state, with its significant cy-ber capability, come to the aid of Florida during a cyberattack? That’s still under discussion, he says. The NGAUS Take EIGHTEEN MONTHS AGO, the National Guard was largely left out of Pentagon discussions about cybersecurity. So NGAUS and Guard leaders took information about state vulner-abilities and the Guard’s unique cyber capabilities to Congress. Lawmak-ers responded with the Cyber Warrior Act of 2013, which would create a Guard cyber team in each state, territory and the District of Columbia. Though residing still in the ever-growing repository of bills awaiting action, the Cyber Warrior Act forced the Pentagon to include the Guard in the discussion. Since then, the Guard’s cyber potential has been substantiated by reports from the National Commission on the Structure of the Air Force, the Center for Strategic and International Studies and others, each not-ing the role the Guard can play at the local level. They all suggest the Pentagon give the Guard a significant role in cybersecurity. Governors have turned up the heat, too, to include the Guard in this growing mission. The National Governors Association is now working with the Pentagon on cybersecurity plans that leverage the skills that reside in the Guard. All of this is progress. That’s the good news. The bad news is the threat is growing faster than the pace of progress. The governors are acutely aware of state and local vulnerabilities and their potential impact on public safety and the economy, but Washington continues to focus on federal networks. More reliance on the Guard is only part of the solution. Plans, poli-cies and authorizations must be vetted and put in place to enable the governors to employ Guard assets in a cyber disaster the same way they would during a natural disaster, such as a tornado or hurricane. And while governors and adjutants general want to use the Guard for domestic cyberdefense, the wishes of the active component must also be taken into account, Lunderman said. “The services really want the Guard to do ser-vice-mission sets,” he says. Just as the Army supplies the Guard with helicopters, transport planes and trucks primarily to be used in war, but also available for domestic missions, the Army and Air Force say Guard cyber units should be organized and trained for military purposes, but perhaps also be available for use in domestic emergencies, he says. However, precisely “how we respond to cy-ber incidents domestically is still being worked through,” Lunderman says. For governors and other state officials, the slow pace of sorting all this out is frustrating, Mueller says. “The states want butts in seats in case there’s a disaster,” and that includes Guard butts, he says. But what the Guard can do or would do is still un-clear. State officials “would say, ‘Can you help?’ and the Guard would say ‘Yes, sir.’ But there’s no real plan. They’d have to figure it out on the fly,” Muel-ler says. “The problem with cyber and the Guard is that no real policy has filtered down from the Defense Department.” The active-component military is busy building its own cyber capabilities and has not yet focused on the Guard, he says. Congress has tried to help, but so far to little effect. The fiscal 2014 National Defense Autho-rization Act did include a provision ordering the Defense Department to assess the Guard’s cyber capabilities, including how they can be used to meet state needs. The report is due this month. In 2013, lawmakers in both the House and Sen-ate introduced the Cyber Warrior Act that would create a Guard Cyber and Network Incident Re-sponse Team for each state. The teams would lever-age private-sector IT experts who serve part time in the Guard and could be called on by governors and the defense secretary to respond to cyber incidents. The bill would allow the Guard to respond to cyber disasters just as it does to natural disasters, says Sen. Christopher Coons, D-Del., one of eight co-sponsors in the Senate. “Delaware’s 166th Network Warfare Squadron is a model for what can be achieved when the Guard leverages the unique private-sector skills and expe-riences of its members, and this bill will help other 28    NATIONAL GUARD July 2014 WWW . NGAUS . ORG |

Previous Page  Next Page

Publication List
Using a screen reader? Click Here