National Guard

As our military has become more focused on cyber as the “fifth domain” of warfare after land, sea, air and space, every state’s National Guard (the Guard) has also developed and now maintains expertise in cybersecurity. These men and women have specialized skills that can be used in limited capacities, and it may be more cost-effective for them to perform the activities than it would for a third-party or full-time employee.

Why is the National Guard Integral to State Cybersecurity?
  1. The Guard answers to the Governor in most cases, offering flexibility;
  2. Many Guard members work full-time in technology companies, providing the state with access to worldclass talent often out of reach for state agencies;
  3. The relationship between Guard personnel, their employers, and their communities can build trust in the state’s cybersecurity functions;
  4. The Defense Department (DoD) is increasingly supporting Guard cyber capabilities; and
  1. The Guard can assist routine, steady-state cybersecurity activities to defend state and local computer systems by:
    • Conducting risk assessments for state information systems;
    • Designing secure network configurations for state agencies;
    • Planning and leading cyber response simulations, exercises and drills; and
    • Training local government officials.
What Can Governors do to Enhance the National Guard’s Role in Cybersecurity?
  • Map Guard cyber unit capabilities. National Guard cyber units vary across states, and the DoD lacks a complete picture. Therefore, the first step to fully utilizing the Guard is to identify each instate Guard member with a talent for technology.

    Incorporate procedures for using Guard cyber capabilities into cyber response plans. Assemble a team including the TAG, CIO, CISO, Homeland Security Advisory and chief cyber advisor (if not already listed) to integrate National Guard cyber units into statewide cyber emergency response procedures. The TAG should coordinate with the Chief of the National Guard Bureau to clarify and document procedures for requesting and accessing Title 32 funding for response activities

  • Consider expanding the circumstances under which Guard members can be activated. State law often restricts the activation of State Active Duty forces to governor-declared “emergency” situations. Governors should work with their respective legislatures to ensure they have express authority to declare a cyber-related emergency, and to allow activation of Guard cyber units in non-emergency scenarios.
  • Lobby the Council of Governors to push for clarifications to DoD guidance. As stated above, federal law authorizes federal funding for Guard cyber activities that achieve a state purpose, but DoD policy that implements the policy is unclear, contributing to uncertainty that inhibits state innovation in this area. DoD policy also prohibits Guard members in State Active Duty from relying on classified equipment or techniques.
  • Identify dual-purpose Guard cyber training exercises that achieve federal objectives while fulfilling state needs. Most federallyfunded training activities focus on preparations for conventional war, including cybersecurity exercises. Working in concert with state CIOs, CISOs, HSAs and other policy advisors, TAGs can identify and implement training activities that hone Guard cyber skills while helping to support state cybersecurity objectives. To this end, they should take advantage of congressionallymandated biennial national cyber exercises, such as Cyber Guard.

State Examples New Mexico and North Dakota go to the Legislature

New Mexico Governor Susan Martinez recently signed legislation that clarified when the Guard could be called upon to respond to a cyber event, as did North Dakota Governor Doug Burgum.

Council of Governors (COG)

The Council of Governors (COG) is a statutory body of ten governors appointed by the President and supported by the National Governors Association. It meets on a regular basis with the Secretary of Defense, the Secretary of Homeland Security, the National Guard Bureau, the White House, and other federal agencies.

Council of Governors

  • Gov. Mary Fallin, Oklahoma
  • Gov. Dannel Malloy, Connecticut
  • Gov. Charlie Baker, Massachusetts
  • Gov. Steve Bullock, Montana
  • Gov. Mark Dayton, Minnesota
  • Gov. John Bel Edwards, Louisiana
  • Gov. Eric Greitens, Missouri
  • Gov. Bill Haslam, Tennessee
  • Gov. Rick Scott, Florida
  • Gov. Bill Walker, Alaska