As the Defense Department’s overall budget continues to decline, most of the military’s mission areas are seeing proportional cuts, with a few exceptions. For one, DoD has made clear it intends to put a premium on cyberspace operations. The National Guard is looking to capitalize on that area of budget growth and thinks it has a good case. From the point of view of the guard’s leadership, its citizen-soldiers and airmen have a lot to...
As the Defense Department’s overall budget continues to decline, most of the military’s mission areas are seeing proportional cuts, with a few exceptions.
For one, DoD has made clear it intends to put a premium on cyberspace operations. The National Guard is looking to capitalize on that area of budget growth and thinks it has a good case.
From the point of view of the guard’s leadership, its citizen-soldiers and airmen have a lot to offer toward DoD’s still-evolving aims.
Both the Army and Air National Guard are building units that are made up of a significant number of people who have been working on cyber in their civilian careers every day for years. They offer the military a way to hang on to its best talent when they leave active duty, instead of losing those people to the private sector, and their units are spread across the country.
Gen. Frank Grass, the chief of the National Guard Bureau, said he told the chiefs of the Army and Air Guard to create at least one National Guard cyber unit in all 54 states and territories, plus the District of Columbia.
“The governors have come in loud and clear about this as well, so I think we’re on a good path. We’re building it together, and building this in line with our federal mission in a way that will allow us to do our state missions as well,” Grass told the National Guard Association’s annual conference in Chicago last week.
Value of cyber expertise growing
Congress also is interested in the issue. It’s rare for an oversight hearing dealing with DoD cyber issues to wrap up without at least one question about the guard’s role in cyber.
But Lt. Gen. Stanley Clarke, the director of the Air National Guard, said other key stakeholders in the Pentagon and elsewhere are beginning to see the guard’s role in cyberspace as just as valuable as the guard’s traditional advocates already do.
“It’s hard to explain how we do this with a largely part-time force to people who are not as familiar with the National Guard, but we’re slowly working this in,” he said. “We just have to prove how we do this as effectively and efficiently with a different force structure than what people are used to seeing.”
The guard, Clarke said, is offering that proof through its teams’ participation in events like July’s Cyber Guard exercise, a two-week event designed to test how well DoD can work with domestic agencies like DHS and the FBI in the event of a major attack on domestic critical infrastructure.
“We bring in people from the Joint Staff, the Office of the Secretary of Defense, and when they meet members of the National Guard who are doing this based largely on their civilian experience, they do get it,” he said. “It’s a slow process, and our desire has outpaced the ability of an institution like DoD to accept us in these mission sets, but we’re getting there. They’re starting to see more and more that we can do this mission. How much of it we’re going to get, we don’t know. We’re going to keep working on that.”
The guard is pitching its workforce as particularly well-suited to DoD’s new Cyber Protection Teams — the up-and-coming U.S. Cyber Command formations, which are charged with defending U.S. critical infrastructure against cyber attacks — since the goals fit nicely with the National Guard’s traditional first responder and homeland defense missions.
‘Big cyber, not little cyber’
But Gen. Mark Welsh, the Air Force’s chief of staff, said he also sees the Air National Guard potentially taking on new missions that no one is spending much time thinking about right now, and that are more Air Force-centric as opposed to supporting Cyber Command or the states.
“I’m very interested in ‘big cyber,’ not ‘little cyber,'” Welsh said. “Little cyber is very focused, it’s very directed at a particular target or server or individual you’re trying to track through the virtual world, and there are a lot of organizations in our government who are very good at that. We don’t need to do that. What we need to figure out is how the air component commander, during some future war, can hit a button on his desk and make every enemy remotely piloted vehicle fall out of the sky. How can I hit the big red cyber button and make every missile launched at Guam turn 20 degrees right and fall in the middle of the ocean? Nobody is working those problems, and the first thing we have to do is clearly organize ourselves, so we have people worried about that and not just worried about providing support under Title 10 or Title 50 authorities to Cyber Command or NSA. Once we figure out who we need to be doing that, I think it is a total force effort.”
On the Army side of the guard structure, officials say they’ve already taken a couple of significant steps toward institutionalizing the National Guard’s role in DoD’s overall cyber force structure.
The Army National Guard has contributed one cyber protection team of 39 soldiers to the federal mission, and in April, the National Guard and Army Cyber Command signed a memorandum of understanding that formalizes that team’s set of missions.
That same agreement lets the Army Guard explore the possibility of using its centralized training facility in North Little Rock, Arkansas, as one additional site to train the overall Army’s teams for “advanced” cyber protection missions, said Maj. Gen. Judd Lyons, the acting director of the Army National Guard.
The guard’s existing team is already pursuing its advanced certification and has also agreed with Army leaders at the Pentagon to build 10 more “traditional” teams from National Guard forces. The precise operational concept for those 10 teams is working its way through the Army headquarters approval process.
“They will be structured exactly like the Army’s cyber protection teams in terms of [occupational specialties] and capabilities and mission sets,” Lyons said. “That will codify those 10 teams, and something we continually stress is that those 390 positions are already captured within our end strength, so this is not additional growth. That removes an argument against those teams. Once we get the approval for that concept plan, we’ll solicit nomination plans and go through a process to determine stationing of those 10 teams. That’s the next step.”