Chinese and Russian hackers have everybody running scared. So whatever else happens with the president’s budget request for fiscal year 2015, we know it will include more money for things cyber, from purely defensive network security to black-budget “offensive cyber weapons” such as the Stuxnet worm. But one big thing remains in doubt: the role of the National Guard.

Cyber Command wants the Guard to help. Guard leaders want to help CYBERCOM. And the Army has at least considered a proposal to fund 390 positions in 10 new “Cyber Protection Teams” to be created in the Army National Guard. Whether this idea will get funded  is being wrestled over behind locked doors and in the context of increasingly bitter fights between active-duty and reserve forces.

The budgetary question marks loom so large that one senior official at the National Guard Bureau emailed a warning to the Adjutants General, the Guard commanders of every state, territory, and the District of Columbia: Don’t get out in front of what the federal budget will support.

“We have entered a new normal called sequestration,” read the senior official’s email. “To fund ‘excess’ or ill-defined requirements out of hide is impossible. I continue to be concerned with further investments in Cyber and ISR [intelligence, surveillance, and reconnaissance] without definitive requirements documentation from COCOM/MAJCOMs [Combatant Commands and Major Commands]. In my opinion this posture could put [Guard] force structure at risk depending on strategic choices being made by DoD leaders.” (We agreed not to identify the official.)

So what are they choosing? “The Department continues to conduct analysis to determine the appropriate force structure for cyber in the Guard and Reserve components,” was all a DoD official would tell me, after I’d been harassing people for an answer for weeks. “At this time, the Department’s senior leadership has not made any decisions,” he said — which is one of the reasons we’re writing this story.

The outside experts we spoke to agreed that the Guard had a unique role to play. “I think they are the linchpin for being able to effectively defend the nation,” said John Quigg, a retired Army officer and former senior CYBERCOM official, in an interview with my colleague Colin Clark. “The thing that is not obvious and is wonderful about the Guard is that it sits between the federal government and the states, and that makes it very useful.”

Both budgets and bureaucracy, however, are getting in the way.


Gen. Alexander: “The Guard Can Play A Huge Role”

Despite all the obstacles, there’s certainly four-star support for giving the Guard a share of the cyber mission.

“The Guard can play a huge role,” Gen. Keith Alexander, the (outgoing) chief of both CYBERCOM and the embattled National Security Agency, told Congress last year. “There’s two key things that they can do. First… it gives us additional capacity that we may need in a cyber conflict. The second part is, it also provides us an ability to work with the states.”

For their part, state governments “are clamoring” for Guard help on cybersecurity, Gen. Frank Grass, the chief of the National Guard Bureau, told reporters in November when he outlined the proposal for the 10 Cyber Protection Teams.

“Gen. Alexander and our chief Gen. Grass believe the Guard has a key role to play in cybersecurity,” said Col. David Collins, the National Guard Bureau’s chief cyber staffer (the “J-6”), in an interview. “So there is resounding agreement on that — [but] we’re waiting for missions and force structure from the Army and the Air [Force]. We are still in the embryonic stages.”

“It’s not so much money,” Collins told me. “The fundamental first step in all of this is, what is the Guard’s place in the federal and DoD cyber response?”

The original Department of Defense (DoD) directives setting up the current cyber strategy “essentially took the reserve components out of consideration,” Collins said. Why? “The presumption was all those forces needed to be on active duty 24-7, 365,” he said. “[But] why can’t you surge us as you do for other things?”

In fact, the Guard is arguably better suited for cyberwar than for physical war. It takes weeks to months to mobilize, train, and prepare Guard forces for deployment overseas, potentially up to 110 days for the largest and most complex units. A Guard cybersecurity expert could (almost) roll out of bed, log on and start defending networks around the planet before his coffee gets cold.

But this subjective assessment needs to get encoded into the formal military requirements process before anything can happen in the budget. “The National Guard has to have forces that are built primarily for a federal purpose,” Collins said. Whenever state governors call out the Guard to control wildfires, floods, or rioters, the troops, trucks, and helicopters that respond are almost entirely paid for by the federal government for military missions.

On paper, the Department of Homeland Security would be in charge of defending the nation’s non-military networks, but against high-tech or large-scale threats DHS would have to ask the Pentagon to help. The Guard could be part of that homeland defense response, but “the government doesn’t have a plan that clearly indicates how that would be done,” Collins said bluntly. “The National Cyber Incident Response Plan, in my opinion, is not very thorough….I don’t mind going on record as the J-6 of the National Guard Bureau saying that the nation has a lot of progress that it needs to make.”

He’s hardly alone in that opinion, Not only is cybersecurity legislation chronically stalled on Capitol Hill, said Quigg, the former CYBERCOM official, “Cyber Command is increasingly attack-focused and the defensive mission has stalled….We’re actually in worse shape now in some ways than we were five years ago.”


What The Guard Can’t Do

If the Guard were allowed to help out in homeland defense, Collins argues it would have three advantages over the active-duty force:

  • First and most important, he said, Guard troops are physically present in armories, communities, and indeed civilian workplaces across the country, not concentrated in a few large bases. That puts them in constant contact with civilian networks and their operators.
  • Second, the Guard can operate either on federal orders (so-called Title 10 status) or on the orders of the state governor (Title 32). Guard troops under the governor’s command aren’t bound by the Posse Comitatus Act or other restrictions on using federal troops for law enforcement.
  • Third and last, as part-time troops, Guard cyber warriors would have full-time jobs in the civilian information technology world, giving them a different and often deeper expertise than the active-duty force, which tends to be younger.

Those are in order of importance: “A lot of people want to jump to No. 3 when they talk about the Guard,” Collins emphasized. “That’s out of sequence.”

The Guard already has limited cybersecurity capability, but it’s “very ad hoc,” Collins said. Every state is authorized to have an eight-soldier Army National Guard network security team, though some Adjutants General didn’t even know this option even existed until recently, and they have to find the funding themselves without federal help. The Air National Guard has a range of “network warfare” and “information warfare” squadrons of varying sizes, structures, and skill levels.

Some of these Air Guard units are impressive, said Atlantic Council cyber expert Jason Healey: “[There’s] the 262nd Network Warfare Squadron in Seattle (which includes lots of people from Microsoft), [and] the 175th Network Warfare Squadron at Fort Meade is deeply embedded in NSA work.”

“But states are increasingly trying to grab cyber mission for more budget, especially as more traditional missions are pared back,” Healey went on. “This threatens to poison the whole effort as so many state piranha are trying to feed from the same mission.”


  • AdrienneHB

    Very interesting article, especially in light of Secretary Gates’ book, “Duty” in which he talks about how the active Air Force basically yawned in his face every time he pushed the cyber security issue, and wouldn’t fund more than a very limited number of cyber security groups until he pushed them hard. He also comments that the Air Force tells young pilots that if they opt to go into cyber-piloting, they won’t make rank. Instead, our Air Force leaders continue to push for weapons and planning that
    have nothing to do with the types of wars in which we are now engaging – since
    Viet Nam. They seem to think that the concept of guerrilla warfare and
    counterinsurgency will go away, instead of planning and strategizing for them and making sure the support is developed for our ground troops who are fighting guerrilla warfare, thereby leaving troops on the ground to fend for themselves. While the Air Force leadership pushes for more F-series jets and other expensive weaponry that are not particularly usable in the context of the types of war in which we now engage. For example: active Air force seem to be determined to mothball the A-10’s; these jets are the best we have in our arsenal that are actually quite effective in supporting ground troops. But they’re getting older – and more to the point – they demonstrate the direction the Air Force SHOULD be going with weapons systems – instead of the way they ARE going.
    Mothballing of the A-10 has been argued over and fought against by all who have seen first-hand how incredibly effective the A-10’s are at close-cover support for troops on the ground – just ask them. But the Air Force apparently isn’t listening – except to the lobbyists and corporations that want to keep draining tax dollars to pay for weapon systems that are effectively obsolete. It’s too bad; historically, the Air Force has a reputation of being very “corporate” and run effectively with a keen look to the future on many levels. Apparently, they’ve now painted themselves into a corner by pushing for money-draining weapons systems that are just not forward-looking in terms of strategy – all the while completely ignoring the prosecution of the wars in Iraq and Afghanistan – as well as Vietnam. Vietnam should have paved the way to understanding and strategizing for Iraq and Afghanistan. Instead, they ignored it completely, going for “historical strategizing” that’s long been obsolete – thereby leaving themselves flat-footed when faced with prosecuting these two wars. –And with the example of Syria and other countries that continue to demonstrate that this type of warfare is the way wars are being fought – and will be for the foreseeable future. Incredible short-sightedness and plain stupid – the Air Force is making itself obsolete.

  • paulrevere01

    Having some experience at the corporate management levels of American industry, I’m concerned that this big push to incorporate the Guard into the cyberwars strategy has ‘consultant/outsourcing motivations aka ‘profit driven’ motive and is no more than what Gen Alexander seems to casually phrase,

    ““There’s two key things that they can do. First… it gives us additional
    capacity that we may need in a cyber conflict. The second part is, it
    also provides us an ability to work with the states.”

    Neither of these points make much sense in the face of ending almost a decade and a half of uncontrolled military and intelligence community expenditure that has been surely dovetailed with DHS and all of it’s implementations of ferreting out the supposed plethora of ‘terrorists’ infesting the planet.

    I again point out, as I have in a few previous comments to various articles, that there is an irrational and almost giddy mentality in the services, fueled by nothing less than fear coming from the strategists and leadership of this country.

    It is an established fact that ANY decisions by humans, made under the emotion of fear, can never be rational and measured until that fear is assuaged.

    I must also point out that the obvious career paths available to birds on up through stars and civilian department heads can do no less than be a temptation to rational and measured decision making…feathered nests and the temptation and motivation to pad same unequivocally prevail in the entire system.

    Gen Alexander is far too casual in expressing ‘needs’ which are obviously much more ‘wants’ and consequently deserving of close scrutiny.

  • ycplum

    I have a somewhat radical idea and to be fair, I haven’t thought it completely through.
    Have the National Guard, under State authority be responsible for all domestic cyberdefense. They will have fulltime guardsmen, but will be capable of “surging” with parttime NG. Only in times of war or a concerted attack will they be transfered to Federal authority.

    The Federal component will focus more on the origination of the attacks and the path of attack. Naturally, there will have to be a strong cooperation between the Federal and NG components and I would expect to see large numbers of Federal personnel at NG cyberdefense centers.