Last month Sen Hassan (D,NH) introduced S 70, the
National Guard Cybersecurity Support Act. The bill would specifically allow
members of the Army and Air Force National Guard to conduct ‘cybersecurity operations’
to protect critical infrastructure.

The Authority

The bill would amend 32
USC 502
(f)(1) to add the following language at the end of the paragraph:

“Such training or other duty may
include cybersecurity operations or missions undertaken by the member’s unit at
the request of the Governor of the State concerned to protect critical
infrastructure (as that term is defined in the Critical Infrastructures
Protection Act of 2001 (42 U.S.C. 5195c)).” {§2}.

Sub-section 502(f) provides authorization for DOD to prescribe
regulations for requiring National Guard members to perform duties in addition
to monthly and annual drills required by §502(a).

Moving Forward

Neither Hassan, nor her cosponsor {Rep Cornyn (R,TX)} are members
of the Senate Armed Services Committee to which this bill was assigned for
consideration. This means that they are unlikely to have sufficient influence
to have the Committee consider the bill.

I see nothing in this bill that would draw specific
opposition if it were considered in Committee or brought to the floor of the
Senate. I suspect that the bill would receive strong bipartisan support.

Commentary

The first odd thing about this bill is that it looks like it
amends the wrong paragraph in §502(f). Paragraph (1) provides the general
authorization and paragraph (2) provides a listing of the types of training or
duty that could be included under (f).

The second odd thing about the language in this bill is that
§502 applies to regulations for federal service {“operations or missions
undertaken by the member’s unit at the request of the President or Secretary of
Defense” §503(f)(2)(A)}, not service under State control. If the language were
added (in either paragraph), it would require DOD to establish regulations
allowing Governors to request to use their National Guard troops under these
provisions.

The only reason that I could see for doing this would be to
require DOD to fund the cybersecurity operations and assume responsibility for
the logistical and administrative support for those units (and/or National
Guard personnel) ordered to perform the duty requested by Governors who already have operational control of NG units withing thier State.

By admin