National Guard Cyber Strengths Need More Visibility

National Guard Cyber Strengths Need More Visibility

Photo by: U.S. Army

The Army National Guard has developed some significant capabilities that could be quite useful to civil authorities in a regional or national cyberattack, a new Government Accountability Office report says. There’s just one small problem: Defense Department officials don’t have a complete and coherent picture of those capabilities, according to the congressional watchdog agency.

“The department has not maintained a database that identifies the National Guard units’ cyber-related emergency response capabilities, as required by law,” the report says. Without such a database, DoD “may not have timely access to these capabilities when requested by civil authorities during a cyber incident.”

Every state, three territories and the District of Columbia have National Guard computer network defense teams, ranging in size from one person to 23, the report says. Additionally, the Army National Guard has one full-time cyber protection team and is developing 10 part-time teams.

The report cited three particular Guard cyber capabilities that should be more closely tracked and identified: communications directorates that operate and maintain the Guard’s information network; computer network defense teams that protect those systems and could respond to cyber emergencies; and cyber units that conduct cyberspace operations.

On a related issue, the report says while the Pentagon has conducted nine cyber exercises of varying breadth and depth in recent years, to date it has not conducted a top-level “tier 1” cyber exercise involving all “national-level organizations and combatant commanders and staff in highly complex environments.”

The report recommends that DoD build and maintain a database with full details of National Guard cyber capabilities, and conduct a tier 1 exercise “to prepare its forces in the event of a disaster with cyber effects.”

In response, defense officials only partially concurred with the GAO’s two recommendations, saying they believe “current mechanisms and exercises are sufficient to address the issues highlighted in the report.” GAO officials stood by their conclusions.

The report can be found online at http://www.gao.gov/assets/680/679510.pdf.