Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:32 PM
Dark Reading
Dark Reading
Products and Releases

Gillibrand, Vitter, Coons, Blunt, Landrieu, Leahy, Warner, Murray Introduce Bipartisan Legislation To Expand Cyber National Guard

Legislation would, for the first time, establish Cyber and Computer Network Incident Response Teams

Washington, D.C. – U.S. Senators Kirsten Gillibrand, a member of the Senate Armed Services Committee, David Vitter, Chris Coons, Roy Blunt, Mary Landrieu, Patrick Leahy, Mark Warner and Patty Murray today introduced the Cyber Warriors Act of 2013. This legislation would, for the first time, establish Cyber and Computer Network Incident Response Teams (CCNIRT), known as Cyber Guards, as part of the National Guard, significantly expanding the limited cyber mission being performed by the National Guard.

"Cyber attacks are at the top of the threats that could affect every aspect of our national and economic security," Senator Gillibrand said. "Terrorists could shut down electric grids in the middle of winter, zero-out bank accounts, or take down a stock exchange causing an unimaginable amount of disruption and harm. Meanwhile, our military and homeland cyber defense forces are thousands short of the need identified by our leaders. We must ensure that we can recruit and retain talented individuals who can protect our nation's cybersecurity at home and abroad."

"Cyber-attacks remain one of the highest threats to the United States, and there is no excuse for us to not be completely prepared with resources and personnel," Senator Vitter said. "Our legislation will help ensure that many of our states, including Louisiana, can continue developing capabilities and cyber response effectiveness."

"The National Guard is always ready when natural or manmade disasters strike at home," Senator Coons said. "The Cyber Warrior Act allows them to respond to cyber disasters, too, an increasingly common threat to our country from organized crime, terrorists, and even nation-states. The Cyber Warrior Act will ensure that in the first hours and days after a devastating cyber attack, our local responders will have the same support of the National Guard for response and recovery that they do when a hurricane strikes. Delaware's 166th Network Warfare Squadron is a model for what can be achieved when the Guard leverages the unique private-sector skills and experiences of its members, and this bill will help other states build similar capacity."

"I'm glad to co-sponsor this bipartisan legislation, which will establish Cyber Guard Civil Support Teams in all 50 states and four territories. As cyber-attacks are something we're increasingly more and more concerned about, having people in the Guard who are also out there every day in the IT community would be an incredible way to increase access to skilled employees that the uniform forces may not be able to afford," said Senator Blunt. "I believe Missouri could certainly be a prototype for what these units should look like nationwide."

"Attacks no longer come just by land, air or sea. As we continually rely more on technology in our infrastructure, government, businesses and daily lives, we must ensure that we are protected from malicious attacks and harm in these new landscapes," Senator Landrieu said. "We need talented individuals on the frontlines of this evolving threat, and I am proud that this bill would make cyber security professionals a permanent part of our armed forces. Louisiana will continue to be out in front of this effort as we train homegrown cyber warriors to meet the current and future needs of our nation."

Senator Patrick Leahy (D-Vt.), co-chair of the Senate National Guard Caucus, said, "The National Guard is a superb defensive asset that has grown and adapted to meet an widening array of national security and homeland defense challenges. I have long felt that the National Guard can and should play a key role in cyber defense. In Vermont our Guard's 229th Information Operations Squadron has been training cyber security experts for several years. I am glad to support this bill which would expand their efforts to provide a local cyber security capability that is available not just to federal authorities, but also to state and local entities, under command of the Governor."

"Many Virginia Guard personnel and reservists already have high-level cyber expertise, and this will allow us to leverage these skillsets while expanding the overall capabilities of our Guard and Reserve," Senator Warner said. "Virginia already has a significant footprint in terms of public and private sector capabilities, and this initiative will serve to strengthen those partnerships."

"The Cyber Warriors Act is a good first step in capitalizing on the good work National Guard units are doing everyday across America," said Senator Murray. "But there is certainly more work to be done. Servicemembers, like the Airmen in the 262nd Network Warfare Squadron of the 194th Regional Air Support Wing in the Washington Air National Guard, are already conducting network security operations and recognized as Cyber Warfare leaders. We must continue to provide cyber guards the tools and resources necessary to carry out their mission of safeguarding our economy, critical infrastructure, and citizens in this new era of security at home and abroad."

The 2013 World Threat Assessment of the U.S. Intelligence Community, which listed cyber attacks and espionage as the first among the risks facing the U.S., states that, "We judge that there is a remote chance of a major cyber attack against U.S. critical infrastructure systems during the next two years that would result in long-term, wide-scale disruption of services, such as a regional power outage."

Yet our government lacks enough cyber experts. According to Alan Paller of the SANS Institute, the Pentagon alone is short by about 10,000 cyber experts with only 2,000 currently in place. There is also a shortfall of both capability and capacity at the federal, state, and local levels to prepare, respond, and mitigate the effects of cyber events. In today's economic environment, many of the top computer network operations and information technology (CNO/IT) specialists are choosing to work in the private sector, attracted by financial incentives, entrepreneurship trainings and flexibility.

To remain competitive, the Department of Defense acknowledges that it must develop new and innovative ways and receive the tools needed to recruit and retain cyber warriors. The Department of Defense Strategy for Operating in Cyberspace states that "the demand for new cyber personnel is high, commensurate with the severity of cyber threats. DoD must make itself competitive if it is to attract technically skilled personnel to join government service for the long-term. Paradigm-shifting approaches such as the development of Reserve and National Guard cyber capabilities can build greater capacity, expertise, and flexibility across DoD, federal, state, and private sector activities."

The Cyber Warrior Act of 2013 would place Cyber Guards in each state and territory, which could provide a scalable response. This National Guard unit can be activated by the Governor or Secretary of Defense depending on the response needed. These cyber teams would combine Active Guard and Traditional Guard Members, leveraging Members' private sector IT experience. The use of the Guard would also support the goal of retaining the cyber trained military personnel who would otherwise leave the service.

As with any Guard unit, the legislation would allow Governors to call up their Cyber Guard to address a local cyber emergency, boosting the capacity to protect computer networks in the homeland where the military may not play a role. The bill would also allow Governors to get the Guard to help train State and Local Law Enforcement and other Cyber Responders in cyber security, and help them develop sound best practices that allow more cohesive interaction with Federal-level responders.

Finally, the legislation would require the Secretary of Defense to report on the following ways to attract and retain more cyber warriors:

· A description and assessment of various mechanisms to recruit and retain members of the regular and reserve components of the Armed Forces;

· An assessment of the use of virtual and/or short term deployments in case of cyber incident responses; and

· A description of the training requirements and physical demands in the cyber specialties.


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, Gigamon,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...