The House Armed Services Committee is concerned about the apparent lack of utilization of National Guard and Reserve forces for cyber operations.
Under an “item of special interest” in the panel’s Cyber, Information Technologies and Innovation subcommittee mark for the fiscal 2024 National Defense Authorization Act, lawmakers note that the Pentagon has not made any substantial change to how it uses expertise among Guard and Reserve forces.
“Over the last 10 years, Congress has expressed its position that the Department of Defense can bolster its operational capacity in cyberspace through improved utilization of the National Guard. This has resulted in 10 legislative provisions over a decade’s worth of National Defense Authorization Acts,” the legislation states. “Despite these calls for change, the Department of Defense and the military services appear not to have made any meaningful change in how the expertise resident within the National Guard and the Reserve Component can be better leveraged.”
Items of special interest are ways the committee can express concern regarding an issue that could result in future legislation, but typically still require action on the part of the DOD, usually in the way of submitting a report.
Officials over the past decade have referred to Guard and Reserve cyber forces as a critical enabler and untapped potential in terms of additional capacity to augment active-duty forces and high-level expertise given many of these individuals work in the cybersecurity field as part of their jobs in the civilian world.
For example, the Air Force, when initially building out its contribution to the cyber mission force — the cyber operators each service is responsible for providing to U.S. Cyber Command — took a total force model, meaning its 39 teams were a mix of active duty and Guard personnel.
However, confusion regarding authorities and uses for Guard and Reserve forces has sometimes stymied their use at both the federal and state levels.
The provision in the CITI subcommittee mark directs the Assistant Secretary of Defense for Cyber Policy — a position which DOD still hasn’t filled — along with the commander of Cybercom to submit a report to congressional defense committees by the end of May 2024 on specific actions and institutional obstacles that have prevented change from being instantiated after requirements directed in three prior acts of law.
Those include a provision in the fiscal 2017 defense policy bill on a strategy to incorporate Army Reserve component cyber protection teams into the cyber mission force, a provision in the 2019 NDAA to study and report on Reserve component cyber civil support teams, and a pair of provisions from the 2021 NDAA regarding cyber capabilities and interoperability of the National Guard and the evaluation of non-traditional cyber support to DOD.
The subcommittee is scheduled to mark up the policy bill for fiscal 2024 on Tuesday.