The proposed new legislation would train former military or federal government personnel as an additional resource to strengthen U.S. defenses against attacks on critical infrastructure and other facilities.
The bipartisan Cyber Civil Security Reserve Act would pilot a civil reserve program similar to the operation of the National Guard or Army Reserve, available to the Departments of Defense (DOD) and the Department of Homeland Security (DHS) as in reserve of secondary talents in cyber emergencies. .
The bill is sponsored in the Senate by Jacky Rosen (D-NV) and Marsha Blackburn (R-TN) and in the House by Jimmy Panetta (D-CA) and Ken Calvert (R-CA).
Under the bill, agency heads would appoint cyber reservists for six-month positions as employees of the federal civil service to supplement existing cybersecurity staff. All members of the Civil Cybersecurity Reserve should have an active security clearance. Participation in the corps would be voluntary and by invitation only and would not include members of the selected military reserve. The proposed legislation is based on the recommendation of a report from the National Military, National and Public Service Information Commission. In addition, the National Defense Authorization Act of 2021 directed DOD officials to explore possibilities for building a cyber reserve force, including a civilian unit.
The intent of the measure is to ensure that the United States has qualified and qualified personnel to deal with cyber vulnerabilities and keep our nation safe, Rosen said. “As cybersecurity threats continue to grow in scale, frequency, and sophistication, it is critical to find innovative solutions to address this shortcoming,” he said. “I am proud to introduce this bipartisan legislation to ensure that the federal government has the cyber experts needed to respond quickly to threats, especially when our nation is being attacked.”
The bill addresses the need for staff capable of conducting missions to meet cyber challenges, Blackburn said. It gives agencies “access to qualified, capable, service-oriented American talent needed to respond when an attack occurs,” he said.
Recent cyber attacks by large-scale nation-states have sparked a barrage of emergency response activities. For example, two separate emergency response teams, called unified coordination groups (UCGs), made up of members of the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Office of the Director of National Intelligence and the Cyber Security and Infrastructure Agency (CISA) teamed up to respond immediately to the SolarWinds Orion and Microsoft Exchange Server incidents. Only after private industry and the federal government were able to correct both attacks did the groups reduce their coordinated efforts.
In the event that the bill ends up becoming law, there will be some priors. In late October 2020, Delaware Governor John Carney activated the 166th Special Operations Squadron of the National Guard’s cyberspace operations to help protect the state’s voting infrastructure for 2020 elections. At least ten states have pledged to use their Army or Air Force National Cybersecurity units to help protect the integrity of the electoral process.