Take a backseat, weather – cybersecurity breaches are taking over headline news. From the Sony Pictures hack to the IRS data leak, these breaches are a growing concern to the private and public sector alike.
According to a 2014 CNN report, cyber attacks involving government agencies increased a staggering 35 percent between 2010 and 2013. Because they typically occur outside of a traditional physical medium, determining which law enforcement agency has the jurisdiction to respond to cyber attacks has proved a significant, costly challenge to the U.S. government.
Heather Hogsett’s goal is to fix this problem. As Staff Director for Federal Relation for the National Governor’s Association, Hogsett helped promote the Cyber Warrior Act. This bill aimed to improve cyber defenses at both the state and federal levels by requiring the Department of Defense to institute cyber incident response teams made up of National Guard members. While the bill did not pass, it did spark a conversation among leaders about using more effective tactics to address cyber security issues.
In a recent interview on the DorobekINSIDER program, Hogsett discussed the essential role that she believes the National Guard can play in defending Americans from cyber breaches.
Cyber Threats & Citizen Soldiers
Hogsett contends, “Cybersecurity is something that is a growing and dynamic threat that really underpins our economy and our way of life.” Many state governors are scrambling to find better ways to secure their citizens’ information and identities online. Because of its unique qualities, Hogsett sees the National Guard as a key resource for the federal and state governments to address cyber threats.
The National Guard is comprised of “citizen soldiers.” Rather than being full-time soldiers, most Guard members also have day jobs. Many of these jobs involve information technology. As a result, Guard members bring a set of private sector skills that are incredibly useful for cyber security.
In addition to the sets of skills each Guard member brings to the table, the National Guard’s lower cost and flexible jurisdiction make it an especially appealing option for governing authorities. Because their role as a soldier is part-time, authorities at the federal and state levels can hire Guard members as they are needed rather than hiring soldiers full-time. This significantly reduces the total cost of employing “cyber soldiers.”
Unlike physical threats, the origin of cyber threats may be ambiguous or unknown, making it difficult to determine under whose authority to operate. The National Guard is “one of the few entities that can cross multiple lines of authority” because it can be employed by both state and federal authorities. The Guard’s lower cost, multiple roles and flexible jurisdiction are thus incredibly helpful when dealing with uncertain circumstances like those that cyber threats often present.
Where It’s Working
Several states are already implementing Guard personnel on their cyber threat response teams. In Washington State, the Air National Guard has directly partnered with the Air Force to form cybersecurity teams. Under the governor’s authority, this team partners with Civilian Emergency Response and Homeland Security to do “red teaming,” essentially screening for network and system vulnerabilities. Whenever a weakness is found, they work to mitigate potential threats. Similar teams have been set up in Michigan, Maryland and Virginia.
While many states are beginning to implement the National Guard on cyber teams, it is far from a normal practice. Legislation like the Cyber Warrior Act would have standardized cyber threat response teams like those in Washington State to every state in the nation.
Despite failing to pass, Hogsett contends that the Cyber Warrior Act changed many agencies’ perspectives of the Guard’s usefulness. The Department of Defense previously overlooked the National Guard until its cyber teams were already in place. But since the bill’s failure, the DoD has begun incorporating National Guard members into their cyber mission force structure. Similarly, the Army and Air Force are now working with the Guard to put cyber threat teams in places across the country to mitigate, respond to and recover information from cyber attacks.
Despite these changes, federal and state governments still face a large obstacle to fully utilizing the National Guard: funding. There are currently no separately allocated resources exclusively for cyber security to the National Guard. All funds are coming from either the Army or Air Force. According to Hogsett, the National Defense Authorization Act for fiscal 2016 offers some potential for funding, but sequester caps and budget cuts present particularly difficult challenges to funding cybersecurity teams.
Hogsett argues that employing the National Guard on cyber threat response teams would be the most practical, cost effective practice at both the state and federal levels. Because you only have to pay for them when you need them, authorities could get two to three “cybersecurity soldiers” for the price of one active duty soldier. With proper legislation in place, select National Guard personnel would be adequately funded and able to focus on securing cyber data. As technology advances, so does the potential for cyber attacks. Hogsett offers a unique, innovative solution to this growing problem.
*Photo credit: US Department of Defense Current Photos