Trade group floats cyber national guard plan
A new report from the Intelligence and National Security Alliance recommends public-private partnerships and new cybersecurity teams on the frontlines of the digital battlefield.
The Intelligence and National Security Alliance has proposed the establishment of a Cyber National Guard to help protect U.S. critical infrastructure, along with a series of recommendations to expand public-private cybersecurity partnerships.
The proposed guard would operate as a stand-alone entity within the Department of Homeland Security, similar to the U.S. Coast Guard operating structure, with authorities to assist in domestic cyber incidents, including "bringing critical infrastructure back online after a cyberattack," according to INSA's recommendations.
The report from INSA's Cyber Council published last week noted how public-private collaborations and assistance from the commercial sector have aided Ukraine in combating Russian cyber operations throughout the current war. Those partnerships should serve as a blueprint to protect U.S. critical infrastructure, the INSA paper said, with other recommendations including a whole-of-nation "Cyber Manhattan Project'' to leverage technological innovations and maintain U.S. cyber competitiveness.
"While no legal framework exists to allow private corporations or individual citizens to engage in offensive cyber operations on their own, contributions made under the rubric of new policies, legislation, and organizational frameworks could help enhance the nation’s offensive cyber capabilities," the report said.
The report expressed support for bipartisan legislation introduced earlier this year to form a National Digital Reserve Corps, whose members could work alongside the military and federal agencies in offensive cyber operations and to bolster governmentwide cybersecurity services.
Under the proposed bill, reservists would enlist for a three-year period to assist in digital and cybersecurity projects across the federal government. The General Services Administration would assign reservists to certain federal agencies depending on cybersecurity and digital needs for 30 days per calendar year.
"As we have seen from previous cyberattacks, our government currently lacks the workforce capacity needed to combat ransomware and bad actors,” Rep. Tony Gonzales (R-Texas) said in a statement after introducing the legislation in January.
The council also proposed establishing a corporate cyber reserve that would further allow companies – including those within the Defense Industrial Base – to assist in government-led cyber incident response efforts. The report noted how many DIB organizations maintain "extensive in-house cyber expertise" that can be leveraged by the government to help execute offensive cyber operations and to promote information-sharing initiatives.
Other recommendations included expanding critical infrastructure vulnerability assessments and forming a private sector advisory committee to assist the U.S. Cyber Command in understanding foreign network targets.