U.S. potentially looking to establish a cyber “army” national reserve

<My fist slams down on the desk in a satisfied act of self-congratulations>

I knew it!

A couple of weeks ago on my blog, I wrote a blog post entitled Will cyberwar create new rules of engagement? In it, I mused about the possibility of whether or not the government would ever draft people from the civilian space into the military if they have skills in cyber security and hacking. As technology evolves, and the military requires skillsets that are in short supply, they might need a new class of soldier. Rather than drafting people for the military to do fighting with conventional weapons, they may draft people to do fighting with cyber weapons. But to do that, you need to start with people who already have some skills.

That was just my random speculation.

Well, today Reuters published the following article: US seeks patriotic computer geeks for help in cyber crisis. It’s not about the military (or DHS) setting up a draft, but instead is about setting up a “Cyber Reserve.” I was wrong about a draft, but not too far off (I should have mused about the setting up of a Reserve; why didn’t I? I could have claimed 100% foresight!).

Anyhow, from the article:

The Department of Homeland Security is considering setting up a "Cyber Reserve" of computer security experts who could be called upon in the event of a crippling cyber attack.

The idea came from a task force the agency set up to address what has long been a weak spot - recruiting and retaining skilled cyber professionals who feel they can get better jobs and earn higher salaries, in the private sector.

[The DHS] said they hope to have a working model for a Cyber Reserve within a year, with the first members drawn from retired government employees now working for private companies. The reserve corps might later look to experts outside of government.

Experts outside the government? That’s regular people who work in the industry who have backgrounds in hacking or cyber security.

The article continues that computer geeks want cool jobs (which is true). It’s not about the money:

The Department of Homeland Security has had trouble attracting and retaining top cyber talent since it was created after 9/11 in a massive merger of 22 agencies in 2002. In its early days, the DHS farmed out cyber work to contractors so it could quickly get systems running to improve national security.

As a result, the agency tends to award the most coveted cyber jobs to outside contractors. Those positions include forensics investigators, posts on "flyaway teams" that probe suspected cyber attacks and intelligence liaisons.

"It's not the money that makes people go to the contractors. It's the cool jobs," said Alan Paller, co-chair of the DHS task force. "People want the excitement."

I decided to look up how the National Guard Reserve works, and its exact obligations on Yahoo! Answers:

The Army National Guard is part of the United States Army, comprising approximately one half of its available combat forces and approximately one third of its support organization.

Army National Guard units are trained and equipped as part of the U.S. Army and are expected to adhere to the same moral and physical standards as their "full-time" Federal counterparts.

National Guard units can be mobilized at any time by presidential order to supplement regular armed forces, and upon declaration of a state of emergency by the governor of the state or territory in which they serve (in the case of Washington DC, the Commanding General).

Traditionally, most National Guard personnel serve "One weekend a month, two weeks a year", although a significant number serve in a full-time capacity, in a role called Active Guard and Reserve, or AGR. AGR's basically take care of things during the week while the "One weekend a month, two weeks a year" personnel are working at their civilian jobs.

I expect that this Cyber Reserve would work the same way. People would receive training and expected to adhere to the standards set up by the military.

However, rather than only physical requirements, I think that they’d be expected to maintain their skills in cyber security and keep up their education in addition to staying physically healthy. But what would this mean? Would the military provide this training? Or would it come from private industry since that’s where the expertise is? If it comes from industry, are the reserve members expected to maintain it themselves? Or would the military pay for this training?

What would the “two-weeks a year” look like? Training exercises? Basic familiarity with important infrastructure like the electrical or water grid? How to create cyber weapons?

Interesting stuff.

Comments (1)

  1. Felix Uribe says:

    We must understand the malsubjects are not going away anytime soon! hence, having an army of cybersecurity soldiers is not a bad idea after all!

Skip to main content