The Role of the National Guard in Cyber Security Operations

Yesterday the House Armed Services Subcommittee on Emerging Threats and Capabilities held a hearing on the “Digital Warrior: Improving Military Capabilities for Cyber Operations." Chairman Mac Thornberry (R-Tex.) and Ranking Member Jim Langevin (D-RI) questioned at length on the recruiting, training, development and retention of “Cyber Warriors” within each service. The witnesses included the following: 

1. Vice Adm. Michael S. Rogers, commander, U.S. Fleet Cyber Command and commander, U.S. Tenth Fleet, Department of the Navy

2. Lt. Gen. Rhett A. Hernandez, commander, U.S. Army Cyber Command, Department of the Army

3. Lt. Gen. Richard P. Mills, deputy commandant, Combat Development and Integration and commanding general, Marine Corps Combat Development Command

4. Maj. Gen. Suzanne M. Vautrinot, commander, 24th Air Force and commander, Air Force Network Operations, Department of the Air Force

Background

U.S.Cyber Command (USCYBERCOM) currently works under the Operational Directive set forth by its commander, Gen. Keith Alexander. USCYBERCOM is charged with the planning, coordination, integration and synchronization of activities in directing operations and defenses of specified DOD information networks as well as conduct full spectrum military cyberspace operations to ensure U.S. cyberspace is safe. Back in March, Gen. Alexander testified before the Senate Armed Services Committee (SASC) saying: 

  • “In framing my comments on our progress at Cyber Command, I have to begin by noting a worrisome fact: cyberspace is becoming more dangerous.”

Sequestration

During yesterday's hearing, Chairman Thornberry asked the panel their thoughts on what the impact of sequestration would be in terms of further developing our cyber defenses. The services shared the belief that if sequestration were to go into effect, the readiness, personnel and training would be greatly impacted. The Air Force stated that the effects would be devastating. The current vision for cyber rests on future procurement and development which currently lacks a sustainment framework.

Role of the National Guard

Gen. Alexander, also in his March SASC hearing, stated the following when asked about the Guard’s role in cyber: 

  • “I do think this is an opportunity where the National Guard has some technical expertise as civilians working in this area, especially when you look in the high- tech areas. So this is something that we can leverage and we are working on that.”

When asked by Ranking Member Langevin what the future of the Guard would be in yesterday’s hearing, Maj. Gen. Vautrinot echoed much of Gen. Alexander’s earlier sentiments. The role of the Guard truly speaks to the Total Force. The Guard’s unique ability to transfer back and forth into the civilian workforce is a great platform to promote information sharing between Defense Department and industry. The skills and techniques that a Guardsman learns through Defense Department training can be carried over and transitioned into the civilian realm, thus being able to protect our private industry – an area right now lacks great protections. In fact, the number one most sought after element for good an effective cyber legislation, is information sharing between industry and the Defense Department.

  • “In the Airman language, you need to gain a little altitude in order to be able to maneuver. The use of the Total Force gains us that altitude because these are citizen soldiers and they go back to their communities…they are using the same very high end capabilities…in their day to day mission, it is an operational mission, and it serving the Air Force and USCYBERCOM. But it also serves in bringing their level of training, the exact same training, and same equipage and capabilities, they can take that back and to community, to their corporate entities that they serve on a day to day basis and apply same knowledge in the same way that citizen airmen do when there is any crisis... it is a very technical application…As we expand that…then we have a team."

Feel free to watch the whole hearing here.

Tell us what you think - Is the Guard the perfect match for defending our cyber networks?

Comments

To the gentlemen/ladies of the National Guard Association and to the CyberCom Command Staff, the idea of the Guard defending our Nation’s borders has been a long standing tradition since 1636. Let us not forget the origin of our fighting men and women who was born from farmer’s fields with a common bond. What is about to be read in the following paragraphs has been silent objective truth since advent of the National Guard.
The National Guard soldier is a force multiplier. His or her civilian job in many cases becomes their primary MOS for those deployed, not because of the military training, but due to the civilian training and education. In one example, I met a Master Electrician in the civilian world and his MOS was that in the communication field. His unit during a deployment to Afghanistan utilized his electrician skills to the fullest. Having this solider create and supervise the electrical wiring in remote FOB’s and Safehouse’s. This is but one example of thousands that can be sighted. Civilian acquired skills such as those in high-tech areas is a massive force multiplier for cyber-defense, except for the fact in the above article there are many misstatements. I will try to clarify these statements.
“In framing my comments on our progress at Cyber Command, I have to begin by noting a worrisome fact: cyberspace is becoming more dangerous.” Gen Alexander
Here in lies the first issue, not that cyberspace is becoming more dangerous, but we are not preparing our Cyber Warriors to fight this kind of warfare. Every military operation trains to the mission, except for Computer Network Defense. There are training schools that teach all kinds of network defensive operations in due diligence. Information Systems Security is not a 10 level MOS skill level; honestly it is not a 40 level either. This is a chosen career path, with the ability to understand attack structure, vectors, the reason why, looking for the who, and stop it from happening. All too often even in the civilian world, the security focus is on the inside and not what attacks vectors are on the outside. From firsthand accounts the Military is sending our Cyber Warriors into a fight without the proper ethos to sustain the force, or even win the fight.
What is missing is the overall ability to think and problem solve. Our Cyber Warriors are facing a highly motivated, incredible educated, and a very determined enemy. The only thing one is to expect is what is not expected. Cyber Warriors need to be armed with the ability to close with the enemy, provide actionable intelligence to higher echelons all on the digital battlefield.

The second issue is with Maj. Gen. Vautrinot ‘s comment: “The role of the Guard truly speaks to the Total Force. The Guard’s unique ability to transfer back and forth into the civilian workforce is a great platform to promote information sharing between Defense Department and industry. The skills and techniques that a Guardsman learns through Defense Department training can be carried over and transitioned into the civilian realm, thus being able to protect our private industry – an area right now lacks great protections.”
Pardon me for sounding curt on this subject. Then why is it that the federal government is asking for A: Public/Private partnership and B: the number of contractors working on base in CND operations now. “In fact, the number one most sought after element for good an effective cyber legislation, is information sharing between industry and the Defense Department.´ With this last part of her comment, my remark is that dog don’t hunt, as we would say back home. If the civilian sector is lacking great protections, why then is good cyber legislation combining these two?
8570.1 gives the soldiers A+, NetPlus+,Sec+, CISSP and others certifications such as SANS. The first three certifications prove the soldier is certified to work on the network. These certifications are help desk level certifications in the civilian world. Yet I hear NCO’s/government contractors talking about them as if it was the coveted Combat Infantryman Badge. SANS technical certifications are no laughing matter, but how many of the contractor world has SANS training that match the network needs of military network? How many soldiers? I am not in any way removing certification process, this only proves one can take a test.
Maj. Gen. Vautrinot’s comment about the “training the guardsman receives he takes to the civilian world”, in reality the military cyber defense operations would be better served if her comments were reversed.
In reality a combination of the military required skillset with civilian acquired skills in the right mix. Then for the defensive operation to be successful those skills have to be utilized, true analysis work, not just to be reactive what happens but to be proactive, staying one step in front of the enemy on the digital battleground. The enemy is trying to do the same thing to US Government networks.

This We’ll Defend

Add new comment