A House Armed Services Committee draft of the annual defense policy bill calls for the National Guard and Reserve components to assist in defending the nation in cyberspace.
A provision in the bill’s markup from the Subcommittee on Intelligence and Emerging Threats and Capabilities, which passed the committee June 22, requires a review of statues and rules that pertain to the use of the National Guard for response and recovery from significant cyberattacks.
The bill defines a cyber incident as significant if the event results in demonstrable harm to the national security interests or economy of the United States and the public confidence, civil liberties, or public health and safety of the American people.
A separate provision in the bill requires an evaluation of nontraditional cyber support to the Department of Defense. The assessment will include an evaluation of Reserve and Guard support to cyber operations forces; an evaluation of various Reserve, Guard, auxiliary and nontraditional support models to include those that can be utilized domestically and internationally; and an evaluation of dedicated reserve components specific to U.S. Cyber Command.
Another piece of the bill listed under items of special interest — which means HASC is directing a briefing to just the House — requires a report on the National Guard’s cyber mission assurance teams. Those teams are part of a pilot program to harness the cyber talent resident within the Guard to protect critical infrastructure connected to military installations, the bill read.
“Efforts such as the nascent CMAT program are important as the military services seek to better understand the operational risks, to include cybersecurity, of domestic installations,” the bill language stated. “[T]he committee seeks greater fidelity on how the CMAT program will align to the Federal Emergency Management Agency’s regional construct, as well as work with the Cybersecurity and Infrastructure Security Agency’s Critical Infrastructure Vulnerability Assessments program and the Protective Security Advisors program.”
As both public and private entities struggle to find top cyber talent, the Guard and Reserve forces can provide a bevy of resources to help protect the nation from cyber incidents, so the argument goes.
The Senate’s version of the bill requires the DoD conduct a review of National Guard responses to cyberattacks and an evaluation of cyber reserve force options to provide a surge capability. It also authorizes a pilot program to prepare the Guard to provide cyber assistance remotely in the event of a cyberattack.
Additional cyber items
The House subcommittee’s markup also requires the DoD provide monthly reports on “cross-domain compromises” within the department; or more simply put, unauthorized connections. These briefings would begin October 2020.
Another item in the bill authorizes the service secretaries and Special Operations Command to establish similar or counterpart “tailored cyberspace operations organizations of comparable size to” the Navy’s Cyber Warfare Development Group.
This group, activated in January 2019, provides technical research and development to create, test and deliver cyber and electronic warfare capabilities for Fleet Cyber and Cyber Command, serving as the Navy’s center for cyberwarfare innovation.
Despite targeting the DoD’s information operations enterprise with big cuts last year, this year’s bill does not include any directive language on the subject.
Last year’s bill directed the DoD to create a new position to advise the defense secretary on information operations.
Additionally, last year’s House portion of the bill required a report from the Government Accountability Office on the DoD’s information operations. The report, titled “Information Operations: DOD Should Improve Leadership and Integration Efforts,” was published October 2019, but was classified.
Committee aides told reporters that since the previous National Defense Authorization Act was signed into law so recently, they want to allow the DoD enough time to implement what the law required. Issuing new guidance so soon, they said, could add confusion to efforts already underway.
The full House Armed Services Committee will mark up its version of the NDAA on July 1.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.