CybersecurityNational Guard units help states ward off cyberattacks

Governors across the United States are mobilizing their states’ National Guard units to combat threats from cyberattacks. Terrorists could seriously damage or disrupt states and regions by hacking into the digital network of water utilities or electric grids. Criminals are eager to steal financial, medical, or other personal data states store in their electronic records.

National Guard units have made strides in securing their own digital infrastructure, and governors are looking to leverage the Guards’ capabilities to meet the cybersecurity needs of their states.

Statelinereports thatan October 2012 survey of states’ Chief Information Security Officers (CISO) reveals that 70 percent of states have experienced a cybersecurity breach. Only 24 percent of CISOs said they felt “very confident” that their state assets were secure against cyberattacks, and only 32 percent said their staffs were capable of protecting computer networks against cyberattacks.

Colorado Governor John Hickenlooper, vice chairman of the National Governors Association,said in the recent annual State of the States speech in Washington, D.C., “as the nation develops resiliency to cyberattacks, the Guard should be mobilized to support federal and state efforts to protect networks and respond to incidents. While the federal government seeks to clarify how it will work with the private sector and states to better secure cyberspace, states are already moving forward to develop and implement new cyber policies to protect their economies and ensure public safety.”

The National Defense Authorization Act, which passed on 26 December 2013, requires the Pentagon to consider the National Guard’s cyber capabilities as it may support the Pentagon’s cybersecurity measures. The Act orders the Pentagon to consult with governors about their states’ cybersecurity needs and their states’ Guard units’ ability to assist in this area.

In March 2013, eight senators introduced legislation to establish “cybersecurity civil support teams” within the National Guard. Governors, or the secretary of defense, would have authority to activate the Guard’s teams in response to a cyberattack.

“The Cyber Warrior Act will ensure that in the first hours and days after a devastating cyberattack, our local responders will have the same support of the National Guard for response and recovery that they do when a hurricane strikes,” said Senator Christopher Coons (D-Delaware), a co-sponsor of the measure.

According to Stateline, the state of Washington was the first state to assign the state’s National Guard cybersecurity responsibilities. The state recognized the potential of its National Guard as a cyberforce when it realized that many of its soldiers, who are full-time employees and part-time soldiers,, worked for tech employers such as Google, Boeing, Cisco, Verizon, and Microsoft.

“It is generally accepted that we will never be able to recruit, train and retain sufficient numbers of [active duty] cybersecurity specialists in the military to meet our national security requirements,” said Major General (Ret.) Tim Lowenberg, now with Gordon Thomas Honeywell and formerly theadjutant general of the Washington National Guard. “With the National Guard, we found a combination of leading-edge technical knowledge and long and stable career commitment that are really unique.”

Washington State has conducted exercises to search for weaknesses in its digital networks. Evidence of a strong cybersecurity team was demonstrated when the Washington Department of Licensing sought permission to implement an Enhanced Driver License, which can be used to cross the Canadian border; the department had to persuade the U.S. Department of Homeland Security that the state operated a high-level network security.

Instead of relying solely on federal agencies to respond to state or regional cyberattacks, cyber-soldiers in the National Guard are familiar with the communities they serve. They understand the state and local infrastructure, which gives them an advantage in quickly responding to cyber incidents. “The National Guard provides a cost-effective and uniquely capable force that can provide capability for the DoD, homeland defense, civil support and intrastate missions,” the National Guard Association of the United States said in a statement. “Most importantly, the National Guard is composed of citizen-soldiers, working in communities and providing knowledge of critical infrastructure at the local level.”

Missouri, Maryland, Delaware, Utah, and Rhode Island are other states that have established National Guard units to combat cyberattacks.