Newly proposed legislation would train former military or federal government personnel as an additional resource to bolster U.S. defenses against attacks on critical infrastructure and other facilities.
The bipartisan Civilian Cyber Security Reserve Act would pilot a civilian reserve program similar to how the National Guard or Army Reserve operate, available to the Departments of Defense (DOD) and the Department of Homeland Security (DHS) as a side talent pool in cyber emergencies.
The bill is sponsored in the Senate by Jacky Rosen (D-NV) and Marsha Blackburn (R-TN) and in the House by Jimmy Panetta (D-CA) and Ken Calvert (R-CA).
Under the bill, agency heads would appoint cyber reservists to six-month long positions as federal civil service employees to supplement existing cybersecurity personnel. All members of the Civilian Cybersecurity Reserve would have to have an active security clearance. Participation in the corps would be voluntary and by invitation only and would not include members of the military Selected Reserve. The proposed legislation is modeled on a recommendation in a National Commission on Military, National, and Public Service report. In addition, the 2021 National Defense Authorization Act directed DOD officials to explore possibilities for building a cyber reserve force, including a civilian unit.
Ensuring that the U.S. has the trained, skilled personnel to address cyber vulnerabilities and keep our nation safe is the measure’s intent, Rosen said. “As cybersecurity threats continue to grow in scale, frequency, and sophistication, it’s critical that we find innovative solutions to address this deficiency,” she said. “I’m proud to introduce this bipartisan legislation to ensure the Federal Government has the cyber experts needed to quickly respond to threats, especially when our nation is under attack.”
The bill addresses the need for mission-capable personnel to confront cyber challenges, Blackburn said. It gives agencies “access to the qualified, capable, and service-oriented American talent necessary to respond when an attack occurs,” she said.
Recent nation-state cyber attacks of large proportion have sparked a flurry of emergency response activity. For example, two separate emergency response teams, termed unified coordination groups (UCGs), each comprised of members of the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Office of the Director of National Intelligence, and the Cybersecurity and Infrastructure Security Agency (CISA), were put together to immediately respond to the SolarWinds Orion and Microsoft Exchange Server incidents. Only after private industry and the federal government were able to corral both attacks did the groups scale back their coordinated efforts.
Should the bill eventually become law, it will have some priors attached to it. In late October 2020, Delaware governor John Carney activated the state's National Guard 166th special Cyberspace Operations Squadron to help protect the state’s voting infrastructure for the 2020 elections. At least 10 states have committed to using their Army or Air Force National Guard cybersecurity units to help protect the integrity of the election process.