A successful cyberattack on computer systems that control the U.S. electric grid could cause a long-term blackout and disrupt critical services in the government and private sector, such as the water operations and food supply. Not to mention the local economy would likely shut down, causing people to evacuate in large numbers. Federal and state governments must work together to prevent and respond if a successful cyber attack were to occur, and they must communicate, share information and be aware of the cyber capabilities of each level of government to do so.
In 2016, a Government Accountability Office report found that National Guard units have the capabilities to support civil authorities in a cyber incident. However, the Department of Defense is not aware of units’ capabilities for support. In a letter written this year to Senator Joni Ernst of Iowa, who chairs the Emerging Threats and Capabilities Subcommittee, Admiral Mike Rogers confirmed that the National Guard is boosting its capabilities to protect against cyber threats and that the National Guard Bureau is responsible for tracking these abilities.
Currently, the cyber expertise of the National Guard is not monitored by the Department of Defense (DoD). To better understand cyber support available in the Guard, Senator Ernst introduced the DOD Emergency Response Capabilities Database Enhancement Act of 2017 which would require DoD to track the National Guard’s cyber expertise in an already existing database. At this time, only the Guard’s abilities to respond to natural disasters and traditional terrorist attacks are kept on file.
According to Senator Ernst, “Cyber warfare is an emerging and ever-evolving battlefield, and we must use all available tools to protect our nation’s security, including those that already exist in our National Guard units.” The Department of Defense needs to track the Guard’s cyber capabilities so that all options are easily identified in the event of a successful cyber-attack on the grid. If a state’s Guard defeats a particular cyber threat or attack, information could be shared with various agencies and industry to protect against that threat. Information could be provided about malware (such as viruses and worms), malicious or compromised hardware, and code injection causing a website to do something it is not meant to do.
Michigan Governor Rick Snyder and Colorado Governor John Hickenlooper have warned that the next battlefront is likely a computer network that supports critical infrastructure such as the electric grid, and have noted that the Guard should be mobilized to support federal and state efforts aimed at countering cyber incursions.
The National Guard has cyber units in each of the Federal Emergency Management Agency’s 10 response regions. There are about 40 cyber units in 29 states, and they serve as an asset for governors to activate in case of a large-scale emergency or disaster such as a cyber attack on the electric grid. The National Governor’s Association has highlighted the Guard as a resource that leaders should capitalize on in the event of a cyber-attack against the grid. The Guard aims to have teams in 34 states with thousands of cyber fighters, according to a Cyberspace Division Chief of the National Guard Bureau.
Maryland’s National Guard provides cyber command readiness inspections, critical infrastructure and vulnerability assessments, and supports interagency partners to protect critical infrastructure against cyberattacks. The 135th Intelligence Squadron located nearby analyzes and distributes actionable intelligence to support key coalition partners.
California has a Joint Computer Network Defense Team that performs vulnerability assessments, risk identification, incident response and other services for state agencies. and the 261st Network Warfare Squadron of the Air Guard can be called on to respond to cyber incidents. The squadron has worked with the University of Southern California to develop a cyberspace and cyber warfare training environment by modeling warfare principles and doctrine.
Michigan is home to cyber ranges that include computing infrastructure, cybersecurity training exercises and product testing. One training center in particular works with the National Guard and the Michigan Economic Development Corporation to provide cyber security courses and training exercises to educate the future workforce and protect the grid and the economy from cyber threats.
The state of Wisconsin works with the private sector to address risks associated with cyber-attacks on the electric grid. According to Major General Don Dunbar, Wisconsin Adjutant General and Homeland Security Advisor, state government has a clear responsibility to protect networks and respond to cyber incidents, and information sharing between industry and federal and state governments is necessary to secure the grid.
Many other National Guard units focus on protecting against cyber threats. The Missouri Guard has a Computer Network Defense Team to respond to cyber threats and attacks at the state level and has conducted exercises with the government and owners of critical infrastructure. Delaware’s National Guard trains and advises state and local authorities on cyber incident activities and efforts to increase security. Utah’s Air National Guard enables cyber infrastructure and information operations and defends and responds to national and state emergencies.
Washington utilizes its Joint Forces Defense Assessment Team to conduct cyber emergency planning and to search for vulnerabilities within state networks. Texas’ 273rd Information Operations Squadron is the state’s Air National Guard Cyber Protection Team. Texas has been able to recruit and retain cyber talent at maximum capacity, often having to turn away qualified talent. One way it has done this is by transitioning Air Force active duty troops to join the cyber fight.
Several National Guard units are actively working to prevent a successful cyber-attack from causing a black out that could shut down the local economy, and boost response if such an event were to occur. It is necessary for federal and state governments to work together by to prevent and respond to such an attack on the electric grid. A first step to enhance such cooperation is for the Department of Defense to track the cyber expertise of the Guard and facilitate the sharing of information across military organization that bears upon their ability to counter cyber aggressors.
Constance Douris is Vice President of the Lexington Institute. Her current research interests include energy, the electric grid, ballistic-missile defense, nuclear strategy, European security, and the Greek financial crisis. You can follow Constance at @CVDouris and the Lexington Institute @LextNextDC.
Image: U.S. Air Force