Thursday, June 23, 2016

Experts Ponder National Guard's Role in Protecting Utilities (E&E Publishing)

Blake Sobczak, E&E reporter
Published: Wednesday, June 22, 2016

(EVERETT, WA) -- Not long after friendly hackers broke into his water and power utility in early 2015, Benjamin Beberness had a real danger on his hands.

An "insider threat event" at the Snohomish County Public Utility District in Washington State, where Beberness serves as chief information officer, prompted him to scramble his cybersecurity team and design a response plan.

He also turned to the good-guy hackers who once bypassed his network defenses in mere minutes via a well-crafted malicious email (EnergyWire, Oct. 6, 2015).

"Because they knew our environment so well, they were able to give me some good feedback on how to better mitigate that insider threat," Beberness said at an event in Washington, D.C., yesterday hosted by the Lexington Institute, a right-leaning think tank that focuses on national security and technology policy.

The helpful neighborhood hackers were members of the Washington National Guard, who stand ready in the event a cyberattack ever causes widespread physical damage in the state.

The extent to which Guard troops get involved in cybersecurity depends largely on the resources available and the level of interest from each governor's office. National Guard units are jointly managed at the state and federal level, giving their commanders a degree of autonomy compared to other Defense Department components.

The Department of Homeland Security remains the go-to agency for helping guard critical infrastructure networks such as the power grid from cyberthreats. Besieged utilities can also turn to the Department of Energy for sector-specific advice and expertise.

But these three-letter agencies may not be the first places state governors turn to during an actual cyber event, according to Col. Shawn Bratton, cyber operations group commander for the Maryland Air National Guard.

"In my almost 30 years in the National Guard, I've found that the crisis usually starts smaller: locally and at the state level," he said. "The governor almost always looks inside the state for solutions before requesting assistance from outside."

Support from the National Guard doesn't mean letting soldiers take over private networks, a scenario Bratton described as "difficult to imagine" given that they'd be unlikely to be invited, let alone be useful on such unfamiliar turf.

"A far more likely and valuable contribution could be in the advise-and-assist role" during a cyberattack, he said, such as by offering a "breakdown of how to recognize malware's presence and advice on how to mitigate it."

Rep. Sheila Jackson Lee (D-Texas) introduced a bill last year that would require the Director of National Intelligence to assess the possibility of creating a Cyber Defense National Guard for protecting critical infrastructure from online assaults or accidental man-made incidents.

Given the jumble of government agencies that already have a hand in grid cybersecurity, it's unclear whether the idea of boosting the National Guard's role will gain traction.


"The Guard, like the military, is being really stretched," said Daniel Goure, vice president with the Lexington Institute and a former Department of Defense official. "If [cybersecurity] is something that the Guard is uniquely capable of doing -- and that it can play a role that I don't think another institution in this country can play -- how far do we want to take it?"