U.S. Senator Chris Coons (D-Del.) introduced the bipartisan Cyber Warriors Act of 2013 on Friday to establish Cyber and Computer Network Incident Response Teams (CCNIRT), known as "Cyber Guards,' as part of the National Guard.
"The National Guard is always ready when natural or manmade disasters strike at home," Senator Coons said. "The Cyber Warrior Act allows them to respond to cyber disasters, too -- an increasingly common threat to our country from organized crime, terrorists, and even nation-states. The Cyber Warrior Act will ensure that in the first hours and days after a devastating cyber attack, our local responders will have the same support of the National Guard for response and recovery that they do when a hurricane strikes. Delaware's 166th Network Warfare Squadron is a model for what can be achieved when the Guard leverages the unique private-sector skills and experiences of its members, and this bill will help other states build similar capacity."
"I'm excited and very supportive of this legislation," Delaware National Guard Adjutant General Frank Vavala said. "Cyber is an emerging mission that fits perfectly into the skill sets prevalent in our Delaware National Guard and fulfills our sacred trust to protect the nation."
"Our ability to protect information in the cyber realm is not only paramount to our individual privacy but also directly impacts our economic well-being," Delaware Department of Safety and Homeland Security Secretary Lewis D. Schiliro said. "The development of cyber security focused programs and workforces are critical to Delaware and our nation's viability. I fully support this bill and see it as a means to effectively coordinate the use of National Guard, state, municipal, and private sector resources. Delaware's public safety community applauds Senator Coons for his leadership on this important issue."
The legislation is also sponsored by U.S. Senators Kirsten Gillibrand (D-N.Y.), Roy Blunt (R-Mo.), David Vitter (R-La.), Mary Landrieu (D-La.), Patrick Leahy (D-Vt.), Mark Warner (D-Va.) and Patty Murray (D-Wa.).
"Cyber attacks are at the top of the threats that could affect every aspect of our national and economic security," Senator Gillibrand said. "Terrorists could shut down electric grids in the middle of winter, zero-out bank accounts, or take down a stock exchange causing an unimaginable amount of disruption and harm. Meanwhile, our military and homeland cyber defense forces are thousands short of the need identified by our leaders. We must ensure that we can recruit and retain talented individuals who can protect our nation's cybersecurity at home and abroad."
The 2013 World Threat Assessment of the U.S. Intelligence Community, which listed cyber attacks and espionage as the first among the risks facing the U.S., states that, "We judge that there is a remote chance of a major cyber attack against U.S. critical infrastructure systems during the next two years that would result in long-term, wide-scale disruption of services, such as a regional power outage."
Yet our government lacks enough cyber experts. According to Alan Paller of the SANS Institute, the Pentagon alone is short by about 10,000 cyber experts with only 2,000 currently in place. There is also a shortfall of both capability and capacity at the federal, state, and local levels to prepare, respond, and mitigate the effects of cyber events. In today's economic environment, many of the top computer network operations and information technology (CNO/IT) specialists are choosing to work in the private sector, attracted by financial incentives, entrepreneurship training and flexibility.
To remain competitive, the Department of Defense acknowledges that it must develop new and innovative ways and receive the tools needed to recruit and retain cyber warriors. The Department of Defense Strategy for Operating in Cyberspace states that, "the demand for new cyber personnel is high, commensurate with the severity of cyber threats. DoD must make itself competitive if it is to attract technically skilled personnel to join government service for the long-term. Paradigm-shifting approaches such as the development of Reserve and National Guard cyber capabilities can build greater capacity, expertise, and flexibility across DoD, federal, state, and private sector activities."
The Cyber Warrior Act of 2013 would place Cyber Guards in each state and territory, which could provide a scalable response. The governor or secretary of defense could activate this National Guard unit depending on the level of response needed. These cyber teams would combine Active Guard and Traditional Guard Members, leveraging Members' private sector IT experience. The use of the Guard would also support the goal of retaining the cyber trained military personnel who would otherwise leave the service.
As with any Guard unit, the legislation would allow governors to call up their Cyber Guard to address a local cyber emergency, boosting the capacity to protect computer networks in the homeland where the military may not play a role. The bill would also allow governors to get the Guard to help train state and local law enforcement and other cyber responders in cyber security, and help them develop sound best practices that allow more cohesive interaction with federal-level responders.
Finally, the legislation would require the secretary of defense to report on the following ways to attract and retain more cyber warriors:
-A description and assessment of various mechanisms to recruit and retain members of the regular and reserve components of the Armed Forces;
-An assessment of the use of virtual and/or short term deployments in case of cyber incident responses; and
-A description of the training requirements and physical demands in the cyber specialties.